Thursday, January 22, 2015

Quickly get an audit of your Spring Security mappings

Today I had a junior developer come to me in a panic. He needed to provide a full report of all the security roles required for every endpoint in our services, to verify against requirements. His (valiant) attempts to grep the codebase were producing unreadable results, and we had an unexpected deadline of "now!"

Luckily, I knew that all of our request mappings are configured via annotations, and all the roles were also defined by annotations directly on the request mapping. So I added a random classpath scanning library I found, ( to the classpath of each service in IntelliJ, and fired up a Groovy console using the service's classpath. The following gist shows what I came up with:

Obviously, you'll need to update this if you do any configuration in XML, have Security annotations further down the stack, or use RequestMapping annotations at the class level. But the point is, the Groovy console in IntelliJ is your friend for quick one-off projects.

Saturday, September 20, 2014

Using your grunt project and/or bower components in your Spring application during development

I've been playing around with grunt, bower, and yo lately. It's pretty simple creating a build step to copy the dist/ output into your webjar, or war for production, but I wanted an easy way to bring in my javascript into my Spring app during development. Nothing bugs me more than having to perform a copy or rebuild step just to see my changes in the application during dev.

So I came up with this solution. Assuming your IDE is running your run configuration in your source root, you can create Spring resource handlers relative to that directory. The gist below shows.

Monday, August 12, 2013

IntelliJ Idea, JUnit running, and "non Make" build steps.

IntelliJ Idea provides some really awesome JUnit runners that allow you to right click test methods, classes, and packages, and quickly run/debug them.

The default JUnit configuration runs Idea's "Make" prior to running your test. This however becomes incredibly painful when you have separate build steps, such as generated sources (protobuf), bytecode manipulation (jibx), etc.  Although you are able to change default settings for the JUnit runner, these default settings are stored in the project workspace file, which shouldn't be checked into source control when working with other teams.

IntelliJ will detect default run configurations placed in the ipr, however, it will immediately remove it and place it in the workspace file... again, another conflict for source control.

This is where the Gradle idea plugin can come in.  Since all of the custom build steps should come in after running the "testClasses" target (pending your are running a Java project... it's up to you to figure out other project types), one can add a Run configuration to run testClasses, and then make the default JUnit configuration depend on that run configuration.

Sunday, October 7, 2012

Windows Authentication for service running on Windows Server 2008 connecting to SQL Server running on Windows Server 2003

When running Tomcat on Windows, it is useful to run it as a service using a service account that has permissions to your SQL database so that you do not have to keep your credentials in a config file that can be compromised.

I ran into a problem where my service was unable to authenticate against a SQL instance running on Windows Server 2003 from a system running Windows Server 2008. It didn't seem to matter if I was running jTDS or the Microsoft provided JDBC drivers.

On the client side, I would immediately get I/O errors saying the DB server closed the connection. On the server side, I would see the following errors in the Event Log produced by MSSQL (catagory: Logon):

"Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library."

When running a vanilla installation of Windows Server 2003, the server will not be able to support NTLMv2, where on a vanilla installation of Windows Server 2008, it will not drop down to NTLM.

The best fix I have found was by changing the security policy on the client to drop down in authentication. (There is a forum post here that also references the fix, but the post is specific on another application)

Go to Local Security Policy (or set it on your domain), and under "Security Options", you will find "Network security: LAN Manager authentication level" with a default value of "Not Defined". Change it to "Send LM & NTLM - use NTLMv2 session security if negotiated".

Click apply, and restart your service, and you will have database connectivity via Single Sign On Windows Authentication.

Tuesday, January 10, 2012

Using a MultpartRequestResolver with Spring and using Spring Security concurrently

Update: This will not work with Spring 3.1. This is due to the ServletRequestMethodArgumentResolver being added by default prior to custom argument resolvers in a private method in the RequestMappingHandlerAdapter (getDefaultArgumentResolvers).

When using Spring Security, the CommonsMultipartResolver will not work. Why? Because the MultipartHttpServletRequest will be wrapped in a SecurityContextHolderAwareRequestWrapper, and will not be matched.
Of course, we don't want to fall back to just taking an HttpServletRequest as a parameter in our RequestMapping and parsing it out, we need to work smarter than that!
The best solution I could come up with is registering a custom WebArgumentResolver (below). But any readers out there have a better solution, please share!

Tuesday, November 22, 2011

Hibernate, ElementCollection, and Transactions

Hibernate implemented @ElementCollection in the JPA by binding the persistence of the ElementCollection of a new entity at the end of the transaction, and NOT at the time you tell the EntityManager to persist.  Under most use cases, this should not be a problem, however it does mean that you cannot detach the entity from the EntityManager prior to ending the Transaction.

For example, the following will not persist your ElementCollection.

You will likely not run into situations like this, however I'm posting as I ran into some code that I was refactoring for Spring 3.1.  3.1 did not like nested @Transactions on a particular thread, and in the code's original design, it was detaching the entity on the nested item to avoid conflicts, I removed the nested @Transaction but did not notice the detach, and spent days figuring out why hibernate was not persisting the collection.  The answer is, as stated above, hibernate does not persist the collection at .persist, but on commit.

CIFS share accessed in Linux returning 'cannot allocate memory'?
From the blog post:
Set the following registry key to ’1′:
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\LargeSystemCache
and set the following registry key to ’3′: