Sunday, July 22, 2018

Spring Boot Security 5 and Oauth2




https://github.com/jgrandja/springone2017-demo


Ultimate guide and examples:

https://docs.spring.io/spring-security/site/docs/5.1.0.M1/reference/htmlsingle/

https://github.com/spring-projects/spring-security/blob/5.1.0.M1/samples/boot/oauth2login/README.adoc



Here a very rich presentation on Oauth2:

https://ordina-jworks.github.io/microservices/2017/09/26/Secure-your-architecture-part1.html

https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2


Spring boot Oauth2 https://spring.io/guides/tutorials/spring-boot-oauth2/



A simple application: https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_simple
Code is here https://github.com/spring-guides/tut-spring-boot-oauth2.git or also https://github.com/vernetto/springboottests/tree/master/ui

Here the OAuth2 specs https://tools.ietf.org/html/rfc6749#section-4

Nice simplified and compact presentation https://aaronparecki.com/oauth-2-simplified/


Baeldung example for Oauth2 here https://github.com/eugenp/tutorials/tree/master/spring-5 with explanation here http://www.baeldung.com/spring-security-5-oauth2-login








Saturday, July 14, 2018

Thursday, July 12, 2018

Spring Boot and Netflix: Eureka Server

https://spring.io/blog/2015/01/20/microservice-registration-and-discovery-with-spring-cloud-and-netflix-s-eureka


let's start with an empty Eureka Server:

https://start.spring.io/starter.zip?name=eurekatest&groupId=org.pierre&artifactId=eurekatest&version=1.0&description=mavenfilter&packageName=org.pierre.eurekatest&type=maven-project&packaging=jar&javaVersion=1.8&language=java&bootVersion=2.0.2.RELEASE

run it, and hit:

http://localhost:8761


We have some basic working examples here at https://github.com/netflix-spring-one

first we run the Eureka Server:

git clone https://github.com/netflix-spring-one/sample-eureka
cd sample-eureka
gradle build
java -jar ./build/libs/sample-eureka.jar


then a sample service

git clone https://github.com/netflix-spring-one/sample-recommendations.git
cd sample-recommendations
gradle build
java -jar build/libs/sample-recommendations.jar

download latest gradle from https://gradle.org/releases/, unzip it to E:/apps and make sure /e/apps/gradle-4.8/bin/gradle can be executed (I use gitBash shell)

in build.gradle, change apply plugin: 'spring-boot' into apply plugin: 'org.springframework.boot'

to build, simply run "gradle build"

all the dowloaded jars are in %HOME%\.gradle\caches\modules-2\files-2.1 (the equivalent of %HOME%/.m2/repository )

Recommendations runs at

curl http://localhost:8001/api/recommendations/jschneider

and Eureka Server at http://localhost:9000/











Wednesday, July 11, 2018

ELK docker

http://elk-docker.readthedocs.io/

you have to adjust permanently the max_map_count parameter:

sysctl -w vm.max_map_count=262144

(sysctl - configure kernel parameters at runtime)

ls /proc/sys/vm to get list of available parameters

sudo vi /etc/sysctl.conf
vm.max_map_count=262144

try starting the container like this:

sudo docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --name elk sebp/elk

if it fails with this error:

waiting for Elasticsearch to be up (30/30)
Couln't start Elasticsearch. Exiting.

try allowing more time:

sudo docker run -e ES_CONNECT_RETRY=300 -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --name elk sebp/elk

(see https://docs.docker.com/engine/reference/commandline/run/#set-environment-variables--e---env---env-file )

then

http://127.0.0.1:5601/app/kibana KIBANA (you have to wait 1 minute for Kibana to come up)

http://127.0.0.1:9200/ Elasticsearch JSON

to create dummy entry:

docker exec -it elk /bin/bash
/opt/logstash/bin/logstash --path.data /tmp/logstash/data -e 'input { stdin { } } output { elasticsearch { hosts => ["localhost"] } }'
this is a dummy entry
this is a dummy entry2
CTRL-C


Kibana logs : less /var/log/kibana/kibana5.log
Elasticsearch logs : less /var/log/elasticsearch/elasticsearch.log
Logstash logs: less /var/log/logstash/logstash-plain.log

tail -f /var/log/elasticsearch/elasticsearch.log /var/log/logstash/logstash-plain.log /var/log/kibana/kibana5.log



docker network create -d bridge elknet


good practical presentation of ELK:





Sunday, July 8, 2018

rsync in action

https://www.digitalocean.com/community/tutorials/how-to-use-rsync-to-sync-local-and-remote-directories-on-a-vps

To play in full safety, let's run tests in a docker container!

docker run -dit --privileged --name centos centos
docker attach centos
yum install rsync
yum install openssh openssh-server openssh-clients openssl-libs
groupadd centos
useradd -g centos centos
su - centos
cd ~
mkdir dir1
mkdir dir2
touch dir1/file{1..100}

#the "n" flag is "try-run" only, "v" is verbose, "a" is copy also links and preserve times ownership etc
rsync -anv dir1/ dir2


see also https://www.rosehosting.com/blog/how-to-configure-and-use-openssh-on-centos-7/ to configure sshd

if you get "Failed to get D-Bus connection: Operation not permitted" when starting sshd, probably you are not running the container in privileged mode




remotely:

rsync -a dir1/ centos@localhost:/home/centos/dir2

to syncronize 2 folders upon deletion:

rm dir1/file99
#this will delete file99 also on dir2
rsync -anv --delete dir1/ centos@localhost:/home/centos/dir2




more flags: -z adds compression, -P adds progress report,