Configuring Spring Boot WebserviceTemplate to sign WSS SOAP Requests

Sometimes when accessing SOAP APIs, our SOAP client needs to sign the request. How this can be achieved using Spring Boot’s WebserviceTemplate within a few steps is the scope of this short article. This snippet only deals with the client side not with the security configuration on the server side. Also it assumes, that you have already set up your keystore/truststore and that you’re loading these with your Spring Boot application’s startup without errors. ...

March 30, 2022 · 2 min · 329 words · Micha Kops

Whitesource Snippets

Whitesource Configuration for GitLab Pipeline The following configuration derives values from predefined GitLab Variables whitesource.conf # Providing project information from GitLab CI wss_project_name="$CI_PROJECT_NAME" wss_project_version="$CI_JOB_ID" wss_project_tag="$CI_COMMIT_TAG" # Providing product information wss_product_name="The Product Name" wss_product_version="$POM_VERSION" # Analyze the Maven POM and its transitive dependencies only, no file-system check # Use this only if you don't have any extra checked in jar-files or stuff like that! fileSystemScan=false includes=pom.xml # Only scanning the Maven project resolveAllDependencies=false maven.resolveDependencies=true ...

November 11, 2018 · 1 min · 89 words · Micha Kops

AWS Snippets

Install AWS CLI v2 $ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.0.30.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install AWS Documentation Generate Signed URLs with Linux Tools e.g. for accessing a website behind a CloudFront distribution using a canned policy. Write the policy file policy { "Statement": [ { "Resource": "https://xxxxxxxxxxxx.cloudfront.net/", "Condition": { "DateLessThan": { "AWS:EpochTime": 1648293147 } } } ] } Then apply the following commands[1] - you need to have OpenSSL installed. cat policy | tr -d "\n" | (1) tr -d " \t\n\r" | (2) openssl sha1 -sign private_key.pem | (3) openssl base64 -A | (4) tr -- '+=/' '-_~' (5) ...

March 1, 2018 · 2 min · 371 words · Micha Kops

Identity Management, One-Time-Passwords and Two-Factor-Auth with Spring Boot and Keycloak

Communicating with identity and access management systems is a common task for many web-applications exposing secured resources. Keycloak is an open source software that provides not also such authorization services but also offers a lot of features from Single-Sign-On, Identity-Brokering, Social-Login, User-Federation, multiple client-adapters up to the administration console or support for protocols like OpenID, SAML, OAuth2, Kerberos and more. I will demonstrate how to integrate a Spring Boot web application with Keycloak and configure an authentication flow that requires a two-factor-authentication with user credentials and also one-time-passwords. ...

November 26, 2017 · 10 min · 1918 words · Micha Kops

Detecting Vulnerable Dependencies with Maven and the OWASP Dependency Check Plugin

On the one hand adding dependencies to a project is easy, on the other hand securing a project and checking for vulnerable dependencies is way harder. The OWASP dependency check plugin for Maven allows us to scan our project’s dependencies for know vulnerabilities. I will demonstrate its usage in the following short example. Figure 1. OWASP Vulnerability Report Dependencies We just need to add one plugin-dependency to our Mavenized project’s pom.xml. ...

October 3, 2017 · 3 min · 593 words · Micha Kops

Setting up an OAuth2 Authorization Server and Resource Provider with Spring Boot

OAuth2 is a frequently used standard for authorization and with Spring Boot it is easy to set up authorization and resource server in no time. In the following short tutorial I’d like to demonstrate how to set up an OAuth2 authorization server as well as a connected and secured resource server within a few minutes using Java, Maven and Spring Boot. Figure 1. OAuth2 Flow with Spring Boot in Action...

March 13, 2016 · 6 min · 1125 words · Micha Kops

Snippet: Creating secure Password Hashes in Java with Heimdall

These days where a cheap GPU for about 100 € is capable to create 3 billion of MD5 Hashes per second, we need not only need to use salts the right way but we also need to choose a strong, non-reversible and slow hashing schemes when storing passwords in our application. Heimdall is a library that implements a secure and upgradable password hashing mechanism and uses at the time of writing this article PBKDF2 SHA-1 HMAC with 20000 iterations and a 192 bit (24 byte) salt per default. ...

July 12, 2015 · 3 min · 588 words · Micha Kops

Java EE: Setting up and Testing Form-Based JDBC Authentication with Arquillian and Maven

Especially when it comes to testing, setting up a decent environment for a secured Java EE web application isn’t always an easy thing to do. In the following tutorial I’d like to demonstrate how to create a secured web application using form-based authentication and a JDBC realm to fetch users and roles and how to run the application in an embedded container for testing and development. Additionally I’d like to show how to write and run integration tests to verify the security setup using a setup of Maven, Embedded GlassFish, Arquillian, jUnit and rest-assured. ...

December 21, 2014 · 14 min · 2822 words · Micha Kops

Java Snippets

Remote Debug a Pod’s Java Process Simple steps for remote debugging a Java process running on a k8 pod: Edit deployment and add the following parameters to the Java start line: -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=127.0.0.1:5005 Also add the following port mapping at the section container → ports in the deployment: - containerPort: 5005 protocol: TCP Safe, wait for the new pods and then add a port forward for port 5005 for this pod: kubectl port-forward podname 5005 ...

March 1, 2010 · 13 min · 2583 words · Micha Kops

Spring Boot Snippets

Define and Configure Log Groups This allows to configure a group of loggers at the same time Define a log group named myaspect with two packages application.properties logging.group.myaspect=com.hascode.package1,com.hascode.package2 Configure the log group and set all loggers to level TRACE application.properties logging.level.myaspect=TRACE This is also possible as parameter on startup java -Dlogging.level.myaspect=TRACE myapp.jar Use JUnit 5 with Spring Boot Use newer versions of Surefire and Failsafe plugins: <properties> [..] <maven-failsafe-plugin.version>2.22.0</maven-failsafe-plugin.version> <maven-surefire-plugin.version>2.22.0</maven-surefire-plugin.version> </properties> ...

March 1, 2010 · 6 min · 1082 words · Micha Kops