SpringBoot creating UserDetailsService authentication

Leave a reply

There are plenty of online tutorials showing how to create database-based authentication for Spring. Some of them use SQL query to authenticate user and retrieve its roles, some use DAO… but none of them worked well for me and all of them had some major problems, even like SQL Injection. So, in this post I will explain my approach and present final solution with a database (MySQL), User and Role class and UserDetailsService implementation.

The goal is to create basic webpage with login form and signup form (which includes fields validation) that handles different roles. Then, you and me can use it as a template project.

This tutorial doesn’t include steps how to setup your IDE and build environment. We’re going straight to code, and I will try to avoid as much boilterplate as possible, so the code won’t include getters and setters. If you still write them by hand, time to learn about Lombok project (which I use here) or any other code generator.

Continue reading →

Gradle – up-to-date and secure dependencies

1 Reply

Everyone knows it’s important to keep dependencies up to date. The risks of not updating them are very often high: you risk losing your data or data of your customers, being part of a botnet or simply getting hacked by script kiddies replacing your frontpage with something shameful.
Not everyone knows how easy it is to keep your dependencies up to date with gradle. Both gradle and maven have plugins to check for updates in your list of dependencies.

This post quickly shows how to use one of them in gradle and check if your dependencies have reported vulnerabilities.

Check dependencies for updates

First gradle plugin you want to check out is gradle-versions-plugin. It’s used only to find updates. Installation and usage is very simple. Just add this block to your build.gradle file

plugins {
    id 'com.github.ben-manes.versions' version '0.14.0'
}

Now, when you run:

./gradlew dependencyUpdates

You will get a list of available updates:

Check dependencies for vulnerabilities

The second plugin you should use is dependency-check. It checks if current versions of dependencies you use were reported with a vulnerability to NVD.
Installation is again, really simple, just modify your build.gradle to include the following:

buildscript {
  repositories {
     mavenCentral()
  }
  dependencies {
     classpath 'org.owasp:dependency-check-gradle:1.4.5'
  }
}
 
apply plugin: 'org.owasp.dependencycheck'

and when ready, run:

./gradlew dependencyCheck

Unfortunately, this process is time consuming, the more dependencies you have, the longer break you can take now.

Be safe out there!

Adding user to Tomcat in Docker

Leave a reply

When using official Tomcat server from Docker Hub you will face a problem with opening management UI, because there is no default login or password in that docker image, so the only app management site you can visit is this one:

And because Tomcat doesn’t have user management built-in like other container managers – it loads users and passwords from conf/tomcat-users.xml file, it makes it more complicated to start with Tomcat than with other container managers like Wildfly.

The Tomcat Docker image comes without nano, vi or vim… so you can’t easily edit that file, but hopefully it comes with.. sed. And that’s good enough to add new users and roles to the file! Remember the times when you didn’t see the file you were editing when you when typing, until vi came out of course?

Continue reading →

Spring Boot – multi-database setup

Leave a reply

To be able to access two databases in SpringBoot you must define two data sources. In my case I had one database for identity details of users, like username, name, email, address etc. and second database for everything else.

You have to define one @Configuration class for each database and each class will wired its own datasource to services (like JpaRepository or CrudRepository) to defined packages.

Continue reading →

UNIX-history source codes on GitLab

Leave a reply

I found that there are some people on GitHub that collect source codes from early UNIX ages, like first compilers, first shells, or PDP7-UNIX. Just to made them available in one place (slightly decentralize access to them) – I decided to create gitlab.com account `UNIX-history` for them.

You can find there source codes from 1970, nicely commented and manually formatted, before this all happened.

Also, enjoy this presentation about future of programming:

Insulting sudo mode

Leave a reply

Sudo has an easter-egg that’s disabled by default. It can insult you each time you provide incorrect password. Just like that:

[sudo] password for agilob: 
You can't come in. Our tiger has got flu

[sudo] password for agilob: 
You do that again and see what happens...

[sudo] password for agilob: 
You can't get the wood, you know.

[sudo] password for agilob: 
Speak English you fool --- there are no subtitles in this scene.

[sudo] password for agilob: 
I think ... err ... I think ... I think I'll go home

[sudo] password for agilob: 
Where did you learn to type?

[sudo] password for agilob: 
stty: unknown mode: doofus

[sudo] password for agilob: 
Listen, burrito brains, I don't have time to listen to this trash.

[sudo] password for agilob: 
sudo: 3 incorrect password attempts

Continue reading →

Consequences of running Tor node on your server or home computer

Leave a reply

A lot of people, websites and communities encourage you to run your Tor node – middle node or bridge, not exit node, but none of them tell you about real consequences of keeping a Tor node active for a long time. So, here I’m going to share with you my experience of running middle node on VPS/dedicated server and home router. This post is divided into parts, one shortly describes problems when running Tor on your home IP, and the second section is about running it on your server. It describes my experience, so not all of it applies to you.

This post is meant as a warning for you, because a lot of portals and people will tell you to help Tor by hosting a node, as it doesn’t cost anything… but they don’t tell you what are the costs not in terms of money.
Continue reading →

Omnia Turris – random rainbow colours

Leave a reply

Script for Omnia Turris making your router light with random colour every second.

#!/bin/bash
 
colors=('red' 'blue' 'green' 'white');
leds=('lan0' 'lan1' 'lan2' 'lan3' 'lan4' 'pwr' 'wan' 'pci1' 'pci2' 'pci3' 'usr1' 'usr2');
 
while true; do
    for led in "${leds[@]}"
    do
        rand_color=$[$RANDOM % 5]
        rainbow ${led} ${colors[rand_color]}
    done
    sleep 1;
done

To get this quickly working:

login on your Turris router
wget https://gitlab.com/snippets/34184/raw -O random_rainbow.sh
bash random_rainbow.sh &
you can logout now, script will be working in background

Test coverage on GitLab CI in a rust-cargo project

Leave a reply

This topic presents who to setup kcov with cargo to get a test coverage for a cargo project, so I just assume you got kcov working in your Linux distribution and you have a project with source code and tests that you can run. I also assume you have gitlab-ci-multi-runner installed. So I will just quickly present who to configure it to use with GitLab CI to get test coverage badge in your new project.

I use my own CI runner, I’m not using shared runners or docker for it. So it’s pretty straightforward, your configuration will differ a bit.

Continue reading →

Automated delivery and publication of apps using FDroid and GitLabCI

Leave a reply

In my spare time I develop applications on Android. I also “maintain” F-Droid repository for some of my public projects. I wanted to automatically publish each build after:

Compilation passed
Test on a connected device passed
Signed build completed

So I made a simple setup with help of GitLabCI and own F-Droid repository. This post does not describe how to configure F-Droid repository or configuration of GItLabCI-runner, because official documentation is much better than I could write it. This post just describes how I use both services to automate boring deployment.

GtiLabCI is run on your own hardware, so it can have access to your files, configuration etc. It’s an advantage over Travis, as you can run any custom command, like testing on connected device or on pre-configured emulator, connected to remote hosts where CI slave is on a trusted machine.

Continue reading →

Rust – get user’s home directory

Leave a reply

fn main() {
  let mut path: PathBuf = get_app_dir();
  path.push(".config");
  path.set_file_name("properties");
  path.set_extension("ini");
  let str_path = path.to_str().unwrap();
  if str_path.len() != 0 && path_exists(&path) {
    println!("Path {} exists", str_path);
  }
}
 
fn get_app_dir() -> PathBuf {
    let dir: PathBuf = match env::home_dir() {
        Some(path) => PathBuf::from(path),
        None => PathBuf::from(""),
    };
    dir
}
 
pub fn path_exists(path: &PathBuf) -> bool {
    return Path::new(&path).exists();
}

Automated updates on Debian using Tor and official hidden services

Leave a reply

I like to automate some boring and easy tasks we all have to do often, so I would like to share with you an easy but not too widely known trick in Debian/Ubuntu for automated upgrades, that can be performed without any manual actions.

This post describes the following configurations for a server:

Installation and configuration of unattended upgrades on Debian
Setup of Tor service that will be used for Debian upgrades
Removal of unused dependencies

Unattended upgrades are well described on Debian wiki, but to keep those steps in one place, I’ll copy some parts of it here.

First, you have to install the following packages:

apt-get install unattended-upgrades apt-listchanges

Installation process should create new file /etc/apt/apt.conf.d/50unattended-upgrades where we configure how automated upgrades work and what can be upgraded.

Continue reading →

QFakturat – program do zarządzania fakturami, produktami i danymi klientów na Linux

2 Replies

Kilka lat temu, żeby zdobyć trochę doświadczenia poza Java i Ruby, zabrałem się za naukę Qt4.8 i C++. W ramach tego ćwiczenia zacząłem pracować nad aplikacją, która nie istniała wtedy na Linuxa i pewnie do dziś jest tego typu unikalnym programem na pingwina i diabełka.
Aplikacja była pisana na wymogi prowadzenia firmy taty, gdzie z względu kosztów licencyjnych zrezygnowaliśmy ze środowiska Windowsa. W firmie od 6 lat używane są tylko systemy Linuxowe (KUbuntu i openSUSE).

QFakturat był pisany początkowo w Qt4.8 na Linux, jednak z czasem części kodu zostały przepisane na Qt5 oraz dodana została kompatybilność dla systemów *BSD. Nigdy nie próbowałem portować aplikacji na Windowsa ani OS Xa, więc nie jestem w stanie powiedzieć, czy działa.

Screenshot_20160509_150456

Obecna funkcjonalność programu:

wystawianie faktur w PDF (i tylko PDF)
obsługa kilku sprzedawców
zapisywanie/edytowanie/usuwanie klientów
zarządzanie produktami
automatyczne konwertowanie kwot brutto<->netto<->podatek przy zmianie jednej z wartości
spersonalizowane faktury – pozwalają na ustawienie własnego tekstu w stopce faktury i na lewym boku
3 skórki programu
walidacja i opcjonalne formatowanie NIPu
wysoka elastyczność programu (sam możesz ustawić rodzaje faktu, listę stawek VAT, metody zapłaty, czas na zapłatę czy obsługiwane waluty)
zarządzanie produktami i filtrowanie sprzedanych/dostępnych produktów/usług.

Continue reading →

Timelapse using Raspberry Pi from my sea-front flat

Leave a reply

I made a timelapse video using Raspberry Pi from my sea-front flat in Aberystwyth where I studied for 4 years.

Bash script was called every 30 seconds to take a picture for 4 days. To prevent running out of space on a SD card there was another cron job setup to move all existing images to my laptop using scp. After some selection (removed some first and some last images) I got 17.4GB of pictures which were composed into this timelapse without any scaling.

XXX loves opensource…

Leave a reply

…that’s why we published our product on OSI-compatible license! We <3 open-source!

Well, does Microsoft/Google/Apple/Netflix/XXX really love open-source?

No, they don’t. In fact they do more to extinguish open source by fighting them with patent wars, you don’t hear about, developing DRM, you hear about when it’s too late and dropping support for some key-products on open source platforms. Skype on Linux, anyone? Google Drive client on Linux? DRM enabled by default in browsers, anyone?

Continue reading →