Create Java DTO from Entities

February 13, 2015 Leave a comment

First rename files to Dto
for f in `find . -name *.java`; do mv "$f" "${f/.java/Dto.java}";done

Change the compilation unit name
find . -name "*.java" -exec sed -i -e 's/public class [a-zA-Z]*/&Dto/' {} \;

Categories: Tech stuff Tags: , ,

Awk

March 5, 2014 Leave a comment

Processing delimited sentences in a file

awk -F':' '{ print $1 }' <filename>

Multiple lines into a single line using awk

ps -ef | grep sqlplus | cut -d'' -f2 |awk '{x=x" "$1} END {print x}'
Categories: Tech stuff Tags:

Send commands using expect scripts

December 29, 2013 Leave a comment

We use tomcat as our application server. Our security policy doesnt allow us to install the manager app. The only way I know of deploying without the manager app is to upload the WAR files to the host, shutdown the tomcat instance, remove the WAR from webapps and work folders, copy the WAR file to the webapps folder and restart tomcat.

This is a script that will automate the deployment process from your local machine.

#!/usr/bin/expect -f

set timeout -1

set VERSION "1.0.0-SNAPSHOT"

set MY_WAR "$WORK_DIR/target/mywar.war"

set USER "XYZ"
set PASSWORD "XYZ"
set SU_USER "XYZ"
set SU_PASSWORD "XYZ"


set HOST {host1 host2 host3 host4}

set MY_WAR_NAME "mywar"

set MY_WAR_DEPLOY_NAME "mywar.war"
	
set CMD ""
set TOMCAT_PATHS {/servers/tomcat_8020/bin /servers/tomcat_8030/bin /servers/tomcat_8040/bin}
foreach TOMCAT_PATH $TOMCAT_PATHS {
	append CMD "cd $TOMCAT_PATH;sh +x shutdown.sh;sleep 3;rm -rf ../webapps/$MY_WAR_NAME*;rm -rf ../work/*;cp /tmp/$MY_WAR_DEPLOY_NAME ../webapps/;sh +x startup.sh ;sleep 3;"
}

foreach SERVER_PATH $HOST {
	spawn ssh -l $USER -o PubkeyAuthentication=no $SERVER_PATH
	expect {
		"password" { send "$PASSWORD\r"; }
	}
	
	expect {
			"bash" { send "su - $SU_USER\r";}
			"denied" { exit; }
		}
		
		expect {
			"assword" { send "$SU_PASSWORD\r"; }
			"$SU_USER" { send "ls -lart;sleep 3\r"; }
		}
	
		expect {
			"$SU_USER" { send "$CMD\r"; }
		}
	
	
	interact timeout 30 return;
}
Categories: Tech stuff Tags: , , , ,

SSH using expect scripts

December 29, 2013 Leave a comment 
#!/usr/bin/expect -f

set timeout 30

spawn ssh -l USERNAME -o PubkeyAuthentication=no HOSTNAME
expect {
"password" { send "PASSWORD\r"; }}
expect {
"bash" {
send "sudo su - SU_USER\r";
}
"denied" { exit; }}
expect {
"password" { send "PASSWORD\r"; }}
interact;
Categories: Tech stuff Tags: , , , ,

SQL Format of all columns

June 22, 2013 Leave a comment

Get all the columns in a file
Use awk to print out the Format statements

awk ‘{print “COLUMN ” $1 ” FORMAT A20 WORD_WRAPPED”}’ sql_columns.txt

Categories: Uncategorized Tags: , , ,

Adding CSRF security in Spring based Web application

June 7, 2013 Leave a comment

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (pronounced sea-surf) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser.

CSRF protection is intended to prevent state-altering requests that do not originate from the application itself. All non-idempotent actions should require a nonce generated by the server to accompany the request. This is to ensure the user intended to perform the action by requiring the source of the action to be provided by the server.

An easy way to implement this fix is to have every page rendered with a hidden variables.

On the backend, you take the variable and validate it. If valid, you can allow the request to continue. This allows you to set expiration on pages and authenticate their creation so cross site request forgery attacks are mitigated. It should not be possible to use the same valid token twice.

I had a Spring @Controller(s) exposing the non-idempotent PUT/POST methods.

1. When a new session is created, server sends a CSRF token to the UI. It will be unique per session. Check the postHandle method.

package com.mypkg.web.security;


import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

public class MySecurityHandlerInterceptor implements HandlerInterceptor {

  private static final Logger LOG = LoggerFactory.getLogger(MySecurityHandlerInterceptor.class);

  @Autowired
  MyCSRFTokenManager myCsrfTokenManager;

  @Override
  public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

    if ("POST".equalsIgnoreCase(request.getMethod()) || "PUT".equalsIgnoreCase(request.getMethod())
        || "DELETE".equalsIgnoreCase(request.getMethod())) {
      String sessionToken = myCsrfTokenManager.getTokenForSession(request.getSession());
      String requestToken = myCsrfTokenManager.getTokenFromRequest(request);
      if (sessionToken.equals(requestToken)) {
        return true;
      } else {
        LOG.error("Possible CSRF attack! " + request.getRequestURI());
        String requestURI = request.getRequestURI();
        if (requestURI.contains("ignoreURL")) {
          return true;
        }
        response.sendError(HttpServletResponse.SC_FORBIDDEN, "Bad Request");
        return false;
      }
    } else {
      // idempotent request. Pass through
      return true;
    }
  }

  @Override
  public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
      ModelAndView modelAndView) throws Exception {
     //Set the CSRF token in the session.
    if (request.getSession() != null) {
      request.setAttribute(MyCSRFTokenManager.MY_CSRF_TOKEN,
          myCsrfTokenManager.getTokenForSession(request.getSession()));
    }

    response.addHeader("X-FRAME-OPTIONS", "SAMEORIGIN");
  }

  @Override
  public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
      throws Exception {}

}

2. With each call UI will send back the CSRF token to the server
If you have a common JSP (which is included in all other JSPs), like header.jsp or title-bar.jsp, set an hidden variable to be passed through

    <input type="hidden" id="MY_CSRF_TOKEN" name="MY_CSRF_TOKEN" value="${MY_CSRF_TOKEN}"/>

For all ajax calls,

	//Adding a Token to mitigate CSRF attacks
	$.ajaxPrefilter(function (options, originalOptions) {
	    options.headers = $.extend(originalOptions.headers, { "MY_CSRF_TOKEN": $('#MY_CSRF_TOKEN').val() });
	});

3. MySecurityHandlerInterceptor preHandle intercepts the calls and validates the token sent by the UI. If it matches up, the call is allowed to pass through.

Categories: Tech stuff Tags: , , , , , , ,

Setting up Apache as Forward proxy

May 11, 2013 Leave a comment

My usecase:

I have to talk to a third party server(thirdparty.server.com) , which is accessible only via allowed.server.com. And, my.server.com has access to allowed.server.com.

This calls for Apache forward proxy on allowed.server.com.

These steps pertain to httpd 2.4.4
1. Download Httpd
2. Go to bin folder

./configure --prefix=<FOLDER_TO_INSTALL> --enable-mods-shared="proxy proxy_http proxy_ftp proxy_connect"

The enable-mods-shard option will install the modules needed for setting up a forward proxy. Also refer to this if you need to modify your apache installation (rather than recompiling again) 
how-to-install-mod_proxy-module-into-apache-788406/
I ran into these errors while configuring

configure: error: APR not found. Please read the documentation.

download the latest versions of both APR and APR-Util from Apache APR, unpack them into ./srclib/apr and ./srclib/apr-util (be sure the domain names do not have version numbers; for example, the APR distribution must be under ./srclib/apr/). Reference: http://stackoverflow.com/questions/9436860/apache-httpd-setup-and-installation

./configure --with-included-apr

Then the pcre errors

configure: error: pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/

Download PCRE from PCRE.org

Compile it with a prefix and install it:

./configure --prefix=/usr/local/pcre
make
make install

Go back to where your Apache installation is and compile Apache with PCRE:

--with-pcre=/usr/local/pcre

Once configure is successful, do make and ‘make install’.

Got to conf/httpd.conf

Uncomment these lines


LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so

Change your port if needed

Listen 9999

Set the forward proxy 

<IfModule mod_proxy.c>
 ProxyRequests On
 ProxyVia On
 <Proxy *>
 Order deny,allow
 Allow from all
 </Proxy>
 ProxyPass /test http://www.google.com/
</IfModule>

And now, when you do http://my.server.com/test -> it will redirect to http://www.google.com

Categories: Tech stuff Tags: , , , , , , ,

SSL

September 13, 2012 Leave a comment

All scenarios:
1. Two Keystores, Two self-created CA, Server and client.
Keystores: CentralServer-keystore, Storeserver-keystore.
CentralServer-keystore has ROOTCA as trustedCertEntry, storeserver as a privateKeyEntry and the public key being singed by the CA.
StoreServer-keystore has ROOTCAISS, centralserver as the privateKeyEntry.

Exception thrown:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Storeserver-keystore needs the have ROOTCA. It works.

When Client uses SSLSocketFactory and Server is listening in HTTP.

main, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
main, SEND TLSv1 ALERT:  fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 0A                               .......
main, called closeSocket()
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
	at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:523)
	at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355)
Categories: Tech stuff

UML Tool

September 12, 2012 Leave a comment

An awesome UML tool. No need to draw, worry about the arrows. Just code and have the diagram ready
http://sdedit.sourceforge.net/enter_text/index.html

Categories: Tech stuff

struts2 download file

August 18, 2012 Leave a comment

Here’s a scenario:
1. User select a directory, and you show him all the files in that directory as ‘downloadable’
2. User select a file to download and gets it.

First, you need to write a Action class, that sends back a list of files in that directory.

public class MyAction extends ActionSupport{

	private List FilesList;
        public List getFilesList() {
		return FilesList;
	}

	public void setFilesList(List FilesList) {
		this.FilesList = FilesList;
	}
        
        public String files() throws Exception {
		String dirPath = (String) getGlobal(Constants.DIRPATH);
		File dir = new File(dirPath);

		ArrayList filesList = new ArrayList();
		String[] children = dir.list();
		if (children == null) {
			// Either dir does not exist or is not a directory
		} else {
			for (int i = 0; i &lt; children.length; i++) {
				// Get filename of file or directory
				String filename = children[i];
				File file = new File(dirPath + File.separator + filename);
				Files files= new Files();
				files.setFileSize(readableFileSize(file.length()));
				files.setFileName(filename);
				filesList.add(files);
			}
		}

		setFilesList(filesList);
		return Constants.SUCCESS;
	}
}

Your JSP needs to have this listing:

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
	pageEncoding="ISO-8859-1"%>
<%@ taglib prefix="s" uri="/struts-tags"%>

<s:if test="%{filesList!=null && filesList.size > 0}">
    <table border=0 cellspacing=1 cellpadding=1 width=60% align=center	class=tablebody>
	<s:iterator value="filesList" status="rownum">
	    <tr height=25>
		<td align=left style='font-family: verdana; font-size: 11pt' nowrap>
                    <s:url id="fileDownload" action="download">
			<s:param name="downloadFileName" value="{fileName}" />
		    </s:url> 
                    <s:a href="%{fileDownload}"><s:property value="fileName" /></s:a> 
                    <span style="font-family: verdana; font-size: 9pt"><s:property value="fileSize" /></span>
                </td>
	    </tr>
	</s:iterator>
</table>
</s:if>
<s:else test="%{filesList!=null && filesList.size == 0}">
			No files found
</s:else>

Couple of interesting things in the struts tags above:

<s:url id="fileDownload" action="download">
	<s:param name="downloadFileName" value="{fileName}" />
</s:url> 
<s:a href="%{fileDownload}"><s:property value="fileName" /></s:a>

This specifying a URL with the parameter as the selected filename. If you want to see the filename being apprended to the URL,You can specify includeParams="get" to s:url.

Now, lets map the ‘download’ action in struts.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
    "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
    "http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>

	<constant name="struts.devMode" value="true" />

	<package name="basicstruts2" extends="struts-default">

		<interceptors>
			<interceptor-stack name="appDefaultStack">
				<interceptor-ref name="defaultStack">
					<param name="exception.logEnabled">true</param>
					<param name="exception.logLevel">ERROR</param>
				</interceptor-ref>
			</interceptor-stack>
		</interceptors>

		<default-interceptor-ref name="appDefaultStack" />

		<default-action-ref name="input" />

		<global-results>
			<result name="error">/error.jsp</result>
		</global-results>

		<global-exception-mappings>
			<exception-mapping exception="java.lang.Exception"
				result="error" />
		</global-exception-mappings>



		<action name="input"
			class="com......"
			method="prepare">
			<result name="success">/....jsp</result>
		</action>

		<action name="*Filter"
			class="com......"
			method="{1}">
			<result name="success">/.....jsp</result>
			<result name="error">/error.jsp</result>
			<result name="input">/mdt_viewer.jsp</result>
		</action>

		
		<action name="download" class="com.action.DownloadAction"
			method="download">
			<result name="success" type="stream">
				<param name="contentType">application/zip</param>
				<param name="inputName">fileInputStream</param>
				<!--param name="contentDisposition">attachment;filename="fileABC.txt"</param -->
				<param name="bufferSize">1024</param>
			</result>
		</action>
	</package>

</struts>

Lets check out the DownloadAction class,

public class DownloadAction extends ActionSupport{
	private InputStream fileInputStream;
	private String downloadFileName;

        /**
	 * Will override the default in struts.xml. 
	 * 
	 * @return
	 */
	public String getContentDisposition() {
		return "attachment;filename=" + getDownloadFileName();
	}

       
        	public InputStream getFileInputStream() {
		return fileInputStream;
	}

	public void setFileInputStream(InputStream fileInputStream) {
		this.fileInputStream = fileInputStream;
	}

	public String getDownloadFileName() {
		return downloadFileName;
	}

	public void setDownloadFileName(String downloadFileName) {
		this.downloadFileName = downloadFileName;
	}


        public String download() throws Exception {
		log.debug("Fetching for download:" + getDownloadFileName());
		String filesPath = (String) getGlobal(Constants.DIR_PATH);

		try {
			String file = filesPath 
					+ File.separator + getDownloadFileName();
			setFileInputStream(new FileInputStream(file));
			return Constants.SUCCESS;
		} catch (Exception e) {
			log.error(e);
			throw e;
		}
	}
}

Thats about it! Happy downloading.

Categories: Tech stuff Tags: , , , , , , , ,