Sunday, July 22, 2018
Spring Boot Security 5 and Oauth2
https://github.com/jgrandja/springone2017-demo
Ultimate guide and examples:
https://docs.spring.io/spring-security/site/docs/5.1.0.M1/reference/htmlsingle/
https://github.com/spring-projects/spring-security/blob/5.1.0.M1/samples/boot/oauth2login/README.adoc
Here a very rich presentation on Oauth2:
https://ordina-jworks.github.io/microservices/2017/09/26/Secure-your-architecture-part1.html
https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
Spring boot Oauth2 https://spring.io/guides/tutorials/spring-boot-oauth2/
A simple application: https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_simple
Code is here https://github.com/spring-guides/tut-spring-boot-oauth2.git or also https://github.com/vernetto/springboottests/tree/master/ui
Here the OAuth2 specs https://tools.ietf.org/html/rfc6749#section-4
Nice simplified and compact presentation https://aaronparecki.com/oauth-2-simplified/
Baeldung example for Oauth2 here https://github.com/eugenp/tutorials/tree/master/spring-5 with explanation here http://www.baeldung.com/spring-security-5-oauth2-login
Saturday, July 14, 2018
Spring Cloud Config Server
https://spring.io/guides/gs/centralized-configuration/
org.springframework.cloud.config.server.EnableConfigServer
spring.cloud.config.server.git.uri
Spring Guides https://spring.io/guides/ priceless!
org.springframework.cloud.config.server.EnableConfigServer
spring.cloud.config.server.git.uri
Spring Guides https://spring.io/guides/ priceless!
Thursday, July 12, 2018
Spring Boot and Netflix: Eureka Server
https://spring.io/blog/2015/01/20/microservice-registration-and-discovery-with-spring-cloud-and-netflix-s-eureka
let's start with an empty Eureka Server:
https://start.spring.io/starter.zip?name=eurekatest&groupId=org.pierre&artifactId=eurekatest&version=1.0&description=mavenfilter&packageName=org.pierre.eurekatest&type=maven-project&packaging=jar&javaVersion=1.8&language=java&bootVersion=2.0.2.RELEASE
run it, and hit:
http://localhost:8761
We have some basic working examples here at https://github.com/netflix-spring-one
first we run the Eureka Server:
then a sample service
download latest gradle from https://gradle.org/releases/, unzip it to E:/apps and make sure /e/apps/gradle-4.8/bin/gradle can be executed (I use gitBash shell)
in build.gradle, change apply plugin: 'spring-boot' into apply plugin: 'org.springframework.boot'
to build, simply run "gradle build"
all the dowloaded jars are in %HOME%\.gradle\caches\modules-2\files-2.1 (the equivalent of %HOME%/.m2/repository )
Recommendations runs at
curl http://localhost:8001/api/recommendations/jschneider
and Eureka Server at http://localhost:9000/
let's start with an empty Eureka Server:
https://start.spring.io/starter.zip?name=eurekatest&groupId=org.pierre&artifactId=eurekatest&version=1.0&description=mavenfilter&packageName=org.pierre.eurekatest&type=maven-project&packaging=jar&javaVersion=1.8&language=java&bootVersion=2.0.2.RELEASE
run it, and hit:
http://localhost:8761
We have some basic working examples here at https://github.com/netflix-spring-one
first we run the Eureka Server:
git clone https://github.com/netflix-spring-one/sample-eureka cd sample-eureka gradle build java -jar ./build/libs/sample-eureka.jar
then a sample service
git clone https://github.com/netflix-spring-one/sample-recommendations.git cd sample-recommendations gradle build java -jar build/libs/sample-recommendations.jar
download latest gradle from https://gradle.org/releases/, unzip it to E:/apps and make sure /e/apps/gradle-4.8/bin/gradle can be executed (I use gitBash shell)
in build.gradle, change apply plugin: 'spring-boot' into apply plugin: 'org.springframework.boot'
to build, simply run "gradle build"
all the dowloaded jars are in %HOME%\.gradle\caches\modules-2\files-2.1 (the equivalent of %HOME%/.m2/repository )
Recommendations runs at
curl http://localhost:8001/api/recommendations/jschneider
and Eureka Server at http://localhost:9000/
Wednesday, July 11, 2018
ELK docker
http://elk-docker.readthedocs.io/
you have to adjust permanently the max_map_count parameter:
sysctl -w vm.max_map_count=262144
(sysctl - configure kernel parameters at runtime)
ls /proc/sys/vm to get list of available parameters
sudo vi /etc/sysctl.conf
vm.max_map_count=262144
try starting the container like this:
sudo docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --name elk sebp/elk
if it fails with this error:
waiting for Elasticsearch to be up (30/30)
Couln't start Elasticsearch. Exiting.
try allowing more time:
sudo docker run -e ES_CONNECT_RETRY=300 -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --name elk sebp/elk
(see https://docs.docker.com/engine/reference/commandline/run/#set-environment-variables--e---env---env-file )
then
http://127.0.0.1:5601/app/kibana KIBANA (you have to wait 1 minute for Kibana to come up)
http://127.0.0.1:9200/ Elasticsearch JSON
to create dummy entry:
docker exec -it elk /bin/bash
/opt/logstash/bin/logstash --path.data /tmp/logstash/data -e 'input { stdin { } } output { elasticsearch { hosts => ["localhost"] } }'
this is a dummy entry
this is a dummy entry2
CTRL-C
Kibana logs : less /var/log/kibana/kibana5.log
Elasticsearch logs : less /var/log/elasticsearch/elasticsearch.log
Logstash logs: less /var/log/logstash/logstash-plain.log
tail -f /var/log/elasticsearch/elasticsearch.log /var/log/logstash/logstash-plain.log /var/log/kibana/kibana5.log
docker network create -d bridge elknet
good practical presentation of ELK:
you have to adjust permanently the max_map_count parameter:
sysctl -w vm.max_map_count=262144
(sysctl - configure kernel parameters at runtime)
ls /proc/sys/vm to get list of available parameters
sudo vi /etc/sysctl.conf
vm.max_map_count=262144
try starting the container like this:
sudo docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --name elk sebp/elk
if it fails with this error:
waiting for Elasticsearch to be up (30/30)
Couln't start Elasticsearch. Exiting.
try allowing more time:
sudo docker run -e ES_CONNECT_RETRY=300 -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --name elk sebp/elk
(see https://docs.docker.com/engine/reference/commandline/run/#set-environment-variables--e---env---env-file )
then
http://127.0.0.1:5601/app/kibana KIBANA (you have to wait 1 minute for Kibana to come up)
http://127.0.0.1:9200/ Elasticsearch JSON
to create dummy entry:
docker exec -it elk /bin/bash
/opt/logstash/bin/logstash --path.data /tmp/logstash/data -e 'input { stdin { } } output { elasticsearch { hosts => ["localhost"] } }'
this is a dummy entry
this is a dummy entry2
CTRL-C
Kibana logs : less /var/log/kibana/kibana5.log
Elasticsearch logs : less /var/log/elasticsearch/elasticsearch.log
Logstash logs: less /var/log/logstash/logstash-plain.log
tail -f /var/log/elasticsearch/elasticsearch.log /var/log/logstash/logstash-plain.log /var/log/kibana/kibana5.log
docker network create -d bridge elknet
good practical presentation of ELK:
Sunday, July 8, 2018
rsync in action
https://www.digitalocean.com/community/tutorials/how-to-use-rsync-to-sync-local-and-remote-directories-on-a-vps
To play in full safety, let's run tests in a docker container!
docker run -dit --privileged --name centos centos
docker attach centos
yum install rsync
yum install openssh openssh-server openssh-clients openssl-libs
groupadd centos
useradd -g centos centos
su - centos
cd ~
mkdir dir1
mkdir dir2
touch dir1/file{1..100}
#the "n" flag is "try-run" only, "v" is verbose, "a" is copy also links and preserve times ownership etc
rsync -anv dir1/ dir2
see also https://www.rosehosting.com/blog/how-to-configure-and-use-openssh-on-centos-7/ to configure sshd
if you get "Failed to get D-Bus connection: Operation not permitted" when starting sshd, probably you are not running the container in privileged mode
remotely:
rsync -a dir1/ centos@localhost:/home/centos/dir2
to syncronize 2 folders upon deletion:
rm dir1/file99
#this will delete file99 also on dir2
rsync -anv --delete dir1/ centos@localhost:/home/centos/dir2
more flags: -z adds compression, -P adds progress report,
To play in full safety, let's run tests in a docker container!
docker run -dit --privileged --name centos centos
docker attach centos
yum install rsync
yum install openssh openssh-server openssh-clients openssl-libs
groupadd centos
useradd -g centos centos
su - centos
cd ~
mkdir dir1
mkdir dir2
touch dir1/file{1..100}
#the "n" flag is "try-run" only, "v" is verbose, "a" is copy also links and preserve times ownership etc
rsync -anv dir1/ dir2
see also https://www.rosehosting.com/blog/how-to-configure-and-use-openssh-on-centos-7/ to configure sshd
if you get "Failed to get D-Bus connection: Operation not permitted" when starting sshd, probably you are not running the container in privileged mode
remotely:
rsync -a dir1/ centos@localhost:/home/centos/dir2
to syncronize 2 folders upon deletion:
rm dir1/file99
#this will delete file99 also on dir2
rsync -anv --delete dir1/ centos@localhost:/home/centos/dir2
more flags: -z adds compression, -P adds progress report,
Subscribe to:
Posts (Atom)
