Create Java DTO from Entities
First rename files to Dto
for f in `find . -name *.java`; do mv "$f" "${f/.java/Dto.java}";done
Change the compilation unit name
find . -name "*.java" -exec sed -i -e 's/public class [a-zA-Z]*/&Dto/' {} \;
Awk
Processing delimited sentences in a file
awk -F':' '{ print $1 }' <filename>
Multiple lines into a single line using awk
ps -ef | grep sqlplus | cut -d'' -f2 |awk '{x=x" "$1} END {print x}'
Send commands using expect scripts
We use tomcat as our application server. Our security policy doesnt allow us to install the manager app. The only way I know of deploying without the manager app is to upload the WAR files to the host, shutdown the tomcat instance, remove the WAR from webapps and work folders, copy the WAR file to the webapps folder and restart tomcat.
This is a script that will automate the deployment process from your local machine.
#!/usr/bin/expect -f set timeout -1 set VERSION "1.0.0-SNAPSHOT" set MY_WAR "$WORK_DIR/target/mywar.war" set USER "XYZ" set PASSWORD "XYZ" set SU_USER "XYZ" set SU_PASSWORD "XYZ" set HOST {host1 host2 host3 host4} set MY_WAR_NAME "mywar" set MY_WAR_DEPLOY_NAME "mywar.war" set CMD "" set TOMCAT_PATHS {/servers/tomcat_8020/bin /servers/tomcat_8030/bin /servers/tomcat_8040/bin} foreach TOMCAT_PATH $TOMCAT_PATHS { append CMD "cd $TOMCAT_PATH;sh +x shutdown.sh;sleep 3;rm -rf ../webapps/$MY_WAR_NAME*;rm -rf ../work/*;cp /tmp/$MY_WAR_DEPLOY_NAME ../webapps/;sh +x startup.sh ;sleep 3;" } foreach SERVER_PATH $HOST { spawn ssh -l $USER -o PubkeyAuthentication=no $SERVER_PATH expect { "password" { send "$PASSWORD\r"; } } expect { "bash" { send "su - $SU_USER\r";} "denied" { exit; } } expect { "assword" { send "$SU_PASSWORD\r"; } "$SU_USER" { send "ls -lart;sleep 3\r"; } } expect { "$SU_USER" { send "$CMD\r"; } } interact timeout 30 return; }
SSH using expect scripts
#!/usr/bin/expect -f set timeout 30 spawn ssh -l USERNAME -o PubkeyAuthentication=no HOSTNAME expect { "password" { send "PASSWORD\r"; }} expect { "bash" { send "sudo su - SU_USER\r"; } "denied" { exit; }} expect { "password" { send "PASSWORD\r"; }} interact;
SQL Format of all columns
Get all the columns in a file
Use awk to print out the Format statements
awk ‘{print “COLUMN ” $1 ” FORMAT A20 WORD_WRAPPED”}’ sql_columns.txt
Adding CSRF security in Spring based Web application
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (pronounced sea-surf) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser.
CSRF protection is intended to prevent state-altering requests that do not originate from the application itself. All non-idempotent actions should require a nonce generated by the server to accompany the request. This is to ensure the user intended to perform the action by requiring the source of the action to be provided by the server.
An easy way to implement this fix is to have every page rendered with a hidden variables.
On the backend, you take the variable and validate it. If valid, you can allow the request to continue. This allows you to set expiration on pages and authenticate their creation so cross site request forgery attacks are mitigated. It should not be possible to use the same valid token twice.
I had a Spring @Controller(s) exposing the non-idempotent PUT/POST methods.
1. When a new session is created, server sends a CSRF token to the UI. It will be unique per session. Check the postHandle method.
package com.mypkg.web.security; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; public class MySecurityHandlerInterceptor implements HandlerInterceptor { private static final Logger LOG = LoggerFactory.getLogger(MySecurityHandlerInterceptor.class); @Autowired MyCSRFTokenManager myCsrfTokenManager; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { if ("POST".equalsIgnoreCase(request.getMethod()) || "PUT".equalsIgnoreCase(request.getMethod()) || "DELETE".equalsIgnoreCase(request.getMethod())) { String sessionToken = myCsrfTokenManager.getTokenForSession(request.getSession()); String requestToken = myCsrfTokenManager.getTokenFromRequest(request); if (sessionToken.equals(requestToken)) { return true; } else { LOG.error("Possible CSRF attack! " + request.getRequestURI()); String requestURI = request.getRequestURI(); if (requestURI.contains("ignoreURL")) { return true; } response.sendError(HttpServletResponse.SC_FORBIDDEN, "Bad Request"); return false; } } else { // idempotent request. Pass through return true; } } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { //Set the CSRF token in the session. if (request.getSession() != null) { request.setAttribute(MyCSRFTokenManager.MY_CSRF_TOKEN, myCsrfTokenManager.getTokenForSession(request.getSession())); } response.addHeader("X-FRAME-OPTIONS", "SAMEORIGIN"); } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {} }
2. With each call UI will send back the CSRF token to the server
If you have a common JSP (which is included in all other JSPs), like header.jsp or title-bar.jsp, set an hidden variable to be passed through
<input type="hidden" id="MY_CSRF_TOKEN" name="MY_CSRF_TOKEN" value="${MY_CSRF_TOKEN}"/>
For all ajax calls,
//Adding a Token to mitigate CSRF attacks $.ajaxPrefilter(function (options, originalOptions) { options.headers = $.extend(originalOptions.headers, { "MY_CSRF_TOKEN": $('#MY_CSRF_TOKEN').val() }); });
3. MySecurityHandlerInterceptor preHandle intercepts the calls and validates the token sent by the UI. If it matches up, the call is allowed to pass through.
Setting up Apache as Forward proxy
My usecase:
I have to talk to a third party server(thirdparty.server.com) , which is accessible only via allowed.server.com. And, my.server.com has access to allowed.server.com.
This calls for Apache forward proxy on allowed.server.com.
These steps pertain to httpd 2.4.4
1. Download Httpd
2. Go to bin folder
./configure --prefix=<FOLDER_TO_INSTALL> --enable-mods-shared="proxy proxy_http proxy_ftp proxy_connect"
The enable-mods-shard option will install the modules needed for setting up a forward proxy. Also refer to this if you need to modify your apache installation (rather than recompiling again)
how-to-install-mod_proxy-module-into-apache-788406/
I ran into these errors while configuring
configure: error: APR not found. Please read the documentation.
download the latest versions of both APR and APR-Util from Apache APR, unpack them into ./srclib/apr and ./srclib/apr-util (be sure the domain names do not have version numbers; for example, the APR distribution must be under ./srclib/apr/). Reference: http://stackoverflow.com/questions/9436860/apache-httpd-setup-and-installation
./configure --with-included-apr
Then the pcre errors
configure: error: pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/
Download PCRE from PCRE.org
Compile it with a prefix and install it:
./configure --prefix=/usr/local/pcre make make install
Go back to where your Apache installation is and compile Apache with PCRE:
--with-pcre=/usr/local/pcre
Once configure is successful, do make and ‘make install’.
Got to conf/httpd.conf
Uncomment these lines
LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule proxy_http_module modules/mod_proxy_http.so
Change your port if needed
Listen 9999
Set the forward proxy
<IfModule mod_proxy.c> ProxyRequests On ProxyVia On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /test http://www.google.com/ </IfModule>
And now, when you do http://my.server.com/test -> it will redirect to http://www.google.com
SSL
All scenarios:
1. Two Keystores, Two self-created CA, Server and client.
Keystores: CentralServer-keystore, Storeserver-keystore.
CentralServer-keystore has ROOTCA as trustedCertEntry, storeserver as a privateKeyEntry and the public key being singed by the CA.
StoreServer-keystore has ROOTCAISS, centralserver as the privateKeyEntry.
Exception thrown:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Storeserver-keystore needs the have ROOTCA. It works.
When Client uses SSLSocketFactory and Server is listening in HTTP.
main, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? main, SEND TLSv1 ALERT: fatal, description = unexpected_message main, WRITE: TLSv1 Alert, length = 2 [Raw write]: length = 7 0000: 15 03 01 00 02 02 0A ....... main, called closeSocket() javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:523) at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355)
UML Tool
An awesome UML tool. No need to draw, worry about the arrows. Just code and have the diagram ready
http://sdedit.sourceforge.net/enter_text/index.html
struts2 download file
Here’s a scenario:
1. User select a directory, and you show him all the files in that directory as ‘downloadable’
2. User select a file to download and gets it.
First, you need to write a Action class, that sends back a list of files in that directory.
public class MyAction extends ActionSupport{ private List FilesList; public List getFilesList() { return FilesList; } public void setFilesList(List FilesList) { this.FilesList = FilesList; } public String files() throws Exception { String dirPath = (String) getGlobal(Constants.DIRPATH); File dir = new File(dirPath); ArrayList filesList = new ArrayList(); String[] children = dir.list(); if (children == null) { // Either dir does not exist or is not a directory } else { for (int i = 0; i < children.length; i++) { // Get filename of file or directory String filename = children[i]; File file = new File(dirPath + File.separator + filename); Files files= new Files(); files.setFileSize(readableFileSize(file.length())); files.setFileName(filename); filesList.add(files); } } setFilesList(filesList); return Constants.SUCCESS; } }
Your JSP needs to have this listing:
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <%@ taglib prefix="s" uri="/struts-tags"%> <s:if test="%{filesList!=null && filesList.size > 0}"> <table border=0 cellspacing=1 cellpadding=1 width=60% align=center class=tablebody> <s:iterator value="filesList" status="rownum"> <tr height=25> <td align=left style='font-family: verdana; font-size: 11pt' nowrap> <s:url id="fileDownload" action="download"> <s:param name="downloadFileName" value="{fileName}" /> </s:url> <s:a href="%{fileDownload}"><s:property value="fileName" /></s:a> <span style="font-family: verdana; font-size: 9pt"><s:property value="fileSize" /></span> </td> </tr> </s:iterator> </table> </s:if> <s:else test="%{filesList!=null && filesList.size == 0}"> No files found </s:else>
Couple of interesting things in the struts tags above:
<s:url id="fileDownload" action="download"> <s:param name="downloadFileName" value="{fileName}" /> </s:url> <s:a href="%{fileDownload}"><s:property value="fileName" /></s:a>
This specifying a URL with the parameter as the selected filename. If you want to see the filename being apprended to the URL,You can specify includeParams="get"
to s:url.
Now, lets map the ‘download’ action in struts.xml
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" "http://struts.apache.org/dtds/struts-2.0.dtd"> <struts> <constant name="struts.devMode" value="true" /> <package name="basicstruts2" extends="struts-default"> <interceptors> <interceptor-stack name="appDefaultStack"> <interceptor-ref name="defaultStack"> <param name="exception.logEnabled">true</param> <param name="exception.logLevel">ERROR</param> </interceptor-ref> </interceptor-stack> </interceptors> <default-interceptor-ref name="appDefaultStack" /> <default-action-ref name="input" /> <global-results> <result name="error">/error.jsp</result> </global-results> <global-exception-mappings> <exception-mapping exception="java.lang.Exception" result="error" /> </global-exception-mappings> <action name="input" class="com......" method="prepare"> <result name="success">/....jsp</result> </action> <action name="*Filter" class="com......" method="{1}"> <result name="success">/.....jsp</result> <result name="error">/error.jsp</result> <result name="input">/mdt_viewer.jsp</result> </action> <action name="download" class="com.action.DownloadAction" method="download"> <result name="success" type="stream"> <param name="contentType">application/zip</param> <param name="inputName">fileInputStream</param> <!--param name="contentDisposition">attachment;filename="fileABC.txt"</param --> <param name="bufferSize">1024</param> </result> </action> </package> </struts>
Lets check out the DownloadAction class,
public class DownloadAction extends ActionSupport{ private InputStream fileInputStream; private String downloadFileName; /** * Will override the default in struts.xml. * * @return */ public String getContentDisposition() { return "attachment;filename=" + getDownloadFileName(); } public InputStream getFileInputStream() { return fileInputStream; } public void setFileInputStream(InputStream fileInputStream) { this.fileInputStream = fileInputStream; } public String getDownloadFileName() { return downloadFileName; } public void setDownloadFileName(String downloadFileName) { this.downloadFileName = downloadFileName; } public String download() throws Exception { log.debug("Fetching for download:" + getDownloadFileName()); String filesPath = (String) getGlobal(Constants.DIR_PATH); try { String file = filesPath + File.separator + getDownloadFileName(); setFileInputStream(new FileInputStream(file)); return Constants.SUCCESS; } catch (Exception e) { log.error(e); throw e; } } }
Thats about it! Happy downloading.