Thursday, May 2, 2013

When using jruby use Nail Gun!

Nailgun is now included in jruby at least it was in 1.7.3.  It's badass.  Basically you start up a jvm server via

jruby --ng-server

it's a good idea to have the server call load up all your jars in the classpath, this works well

jruby --ng-server -J-cp "<folder>/*"

you have to use the quotes and the * not *.jar either

then just startup your jruby via

jruby --ng 

viola your load time is cut in half, maybe more

Monday, January 28, 2013

Timeout an api call using executors




import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;

public class ApiTimeout {

public static void main(String[] args) {
Library library = new Library();
for (;;) {
String value = library.servicesMethod();
System.out.println("Got the value [" + value + "]");
}
}
}

class Library {
// create executor pool of timing threads

Api2 nApi = new Api2();
Api1 gApi = new Api1();

private static final ExecutorService exService = Executors.newCachedThreadPool();

public String servicesMethod() {
// get thread from pool
Callable<String> task = new Callable<String>() {
public String call() {
return gApi.method();
}
};

// make timed api call
Future<String> future = exService.submit(task);

String result = null;
try {
result = future.get(50, TimeUnit.MILLISECONDS);
} catch (TimeoutException ex) {
// if the call takes to long fall back
result = nApi.method();
} catch (InterruptedException e) {
// handle the interrupts
} catch (ExecutionException e) {
// handle other exceptions
} finally {
future.cancel(true); // may or may not desire this
}
return result;
}

}
class Api1 {
public String method() {
try {
Thread.sleep(50);
} catch (InterruptedException ignore) {

}
return "Api1 called()";
}
}

class Api2 {
public String method() {
return "Failed over to Api2 call()";
}
}

Wednesday, November 14, 2012

Example Shiro setup w/o database backing in grails


When we decided to implement Shiro for our roles based authentication and authorization in our grails app we were initially excited but it turned into a real beast to get into our system. The biggest problem was getting it to work on a system that uses api calls and doesn't directly access the database to auth users.  There was no good example or documentation for this approach out there so it was difficult.  Here are the basics to how we solved it.

First we added some beans to the applicationContext.xml


<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
   <property name="securityManager" ref="securityManager"/>
   <!-- override these for application-specific URLs if you like:-->
   <property name="loginUrl" value="/"/>
   <property name="successUrl" value="/search/newSearch"/>
   <property name="unauthorizedUrl" value="/unauthorized.jsp"/>
   <!-- The 'filters' property is not necessary since any declared javax.servlet.Filter bean  -->
   <!-- defined will be automatically acquired and available via its beanName in chain        -->
   <!-- definitions, but you can perform instance overrides or name aliases here if you like: -->
        <property name="filters">
            <map>
                <entry key="authc">
                    <bean class="org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter"/>
                </entry>
            </map>
        </property>
   <property name="filterChainDefinitions">
       <value>
           # some example chain definitions:
           /search/** = authc
           /session/** = anon
           /internal/** = anon
           /** = anon
           # more URL-to-FilterChain definitions here
       </value>
   </property>
</bean>

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
   <!-- Single realm app.  If you have multiple realms, use the 'realms' property instead. -->
   <property name="realm" ref="exampleRealm"/>
   <property name="cacheManager" ref="shiroCacheManager"/>
   <!-- By default the servlet container sessions will be used.  Uncomment this line
        to use shiro's native sessions (see the JavaDoc for more): -->
   <!-- <property name="sessionMode" value="native"/> -->
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

<bean id="allCredentialsMatcher" class="org.apache.shiro.authc.credential.AllowAllCredentialsMatcher" />

<!-- Define the Shiro Realm implementation you want to use to connect to your back-end -->
<!-- security datasource: -->
<bean id="exampleRealm" class="com.ourcompany.otherstuff.ExampleRealm" >
<property name="accountDomain" >
<ref bean="accountDomain" />
</property>
<property name="credentialsMatcher">
<ref local="allCredentialsMatcher" />
</property>
<property name="authorizationCacheName">
<value>shiroAuthCache</value>
</property>
</bean>

<bean id="ehCacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
<property name="configLocation">
            <value>/WEB-INF/ehcache.xml</value>
        </property>
</bean>

<bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManager" ref="ehCacheManager"/>
</bean>

<bean id="permissionLoader" class="com.ourcompany.otherstuff.permission.PermissionLoader" init-method="load">
<constructor-arg ref="shiroCacheManager" />
</bean>


In the web.xml we added the following:



<!-- The filter-name matches name of a 'shiroFilter' bean inside applicationContext.xml -->
<filter>
   <filter-name>shiroFilter</filter-name>
   <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
   <init-param>
       <param-name>targetFilterLifecycle</param-name>
       <param-value>true</param-value>
   </init-param>
</filter>

<!-- Shiro mapping should go first so it can function in the next ones -->
<filter-mapping>
   <filter-name>shiroFilter</filter-name>
   <url-pattern>/*</url-pattern>
   <!--dispatcher>REQUEST</dispatcher> 
   <dispatcher>FORWARD</dispatcher> 
   <dispatcher>INCLUDE</dispatcher> 
   <dispatcher>ERROR</dispatcher-->
</filter-mapping>
    <filter-mapping>
        <filter-name>charEncodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>sitemesh</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>ERROR</dispatcher>
    </filter-mapping>



Then we created some classes


The PermissionLoader class basically extended from ApplicationContextAware a springframework class.  It set the cachemanager in the constructor and in the load() method it got the permissions cache and filled it with our permissions listed in a config file.

The heavy hitter here was the ExampleRealm class.  That class is defined as such

class ExampleRealm extends AuthorizingRealm {

public ExampleRealm() {
setName( "ExampleRealm" )
}
@Override
boolean supports( AuthenticationToken token ) {
return true;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authToken ) throws AuthenticationException {
        // this method returns an authorized user as a valid AuthenticationInfo object else it throws an exception
       }

public boolean isPermitted(PrincipalCollection principals, Permission permission) {
             // returns whether the user specified in principals has the passed in permission
        }

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
              // returns a user object as an AuthorizationInfo with their permissions filled in
        }

After that and that was a bunch.  We created a UserService and we defined the auth method something like this:
    def authenticate( email, password ) throws AuthenticationException {
        def authToken = new UsernamePasswordToken(username, password )
        // Perform the actual login. An AuthenticationException
        // will be thrown from ExampleRealm  if the username is unrecognised or the
        // password is incorrect.
        SecurityUtils.subject.login(authToken)
    }


Finally the jsps

After all that we were able to use things like the cool jsp tags like
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>

<shiro:authenticated>
<shiro:hasPermission name="Identity:Update:Module">

Good luck out there and stay strong don't let Shiro beat you!


RVM is the only way to do Ruby development

We use apps that require different versions of Ruby and holy hell it'd be a bitch keeping it all straight without rvm.  I recently setup my rvm environment at that is really the only way to reliably run our stuff.

Start here by going to the rvm install page we need 1.9.3 and 1.8.7 here.  One runs our test cases and the other is for using puppet.  Once you get the latest rvm installed be sure to do an

"rvm install 1.9.3"

and an

"rvm install 1.8.7"

One thing we did here too was setup a separate gemset for our puppet app.  You can do that by typing

"rvm gemset create <gemset-name>"

then when you want to use 1.8.7 with say your puppet gemset just do this

"rvm use 1.8.7@puppet"

This is a great way to keep your gems clean and separate.

Friday, October 19, 2012

Git pulls were taking forever on my new VirtualBox running Ubuntu.  I'm doing git over ssh and it turns out if you edit the /etc/ssh/ssh_config file( save a copy first ) and change GSSAPIAuthentication to no that speeds it right up.

Originally saw this here

Wednesday, October 3, 2012

Performing a screen capture on a linux box remotely

I was having a tough time running some functional tests against Firefox using Xvfb on our Jenkins machine here at work. I couldn't figure out why the tests were dying.  I looked up how to do a screen capture and went to some page that suggested an xvd command well we didn't have that installed on our box but we did have ImageMagick.  Turns out you can run an import command to take captures for you and save them to a file.  Then you can scp them off the machine.

The simple command is:

import -window root screenshot.png

Here's more info if you need it.

http://www.imagemagick.org/script/import.php

Grails 2 sample tomcat security policy file

We've been working on a new project at work.  Using Grails after an exhaustive search for a new platform.  And it was my duty to lock it up with a security policy file. It took some doing.  I ended up using VirtualBox to install Ubuntu on my Win7 box to simulate our deployment environment better.  It took some doing but in the end it was best to start with the default catalina.policy file and add to it. So we created our own security.policy file and started with the defaults then we added below and now it works!  Took forever.  Hope this helps someone.


grant codeBase "file:${example.webapp.root}/WEB-INF/-" {
 permission java.io.FilePermission "${example.webapp.root}${/}-", "read";
 permission java.io.FilePermission "${/}WEB-INF${/}-", "read";
 permission java.io.FilePermission "${example.java.home}${/}..${/}-", "read";
 permission java.io.FilePermission "${example.catalina.home}${/}log${/}-", "read,write,delete";
 permission java.io.FilePermission "velocity.log", "read,write,delete";
 permission java.lang.RuntimePermission "modifyThread";
 permission java.lang.RuntimePermission "accessDeclaredMembers";
 permission java.lang.RuntimePermission "setContextClassLoader";
 permission java.lang.RuntimePermission "accessClassInPackage.*";
 permission java.lang.RuntimePermission "reflectionFactoryAccess";
 
 permission java.util.PropertyPermission "*", "read";
};




grant codeBase "file:${file.separator}groovy${file.separator}script" {
        // grails 1.1 + jdk 1.6.0_13
    permission java.lang.RuntimePermission "defineClassInPackage.java.io";
    permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
    permission java.lang.RuntimePermission "defineClassInPackage.java.net";
    permission java.lang.RuntimePermission "defineClassInPackage.java.util";
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
    permission java.util.PropertyPermission "grails.env", "read";


};


grant {
        // basic grails stuff incl. groovy magic
    permission groovy.security.GroovyCodeSourcePermission "${file.separator}groovy${file.separator}script";
    permission java.io.FilePermission "file:${example.webapp.root}${file.separator}WEB-INF${file.separator}grails-app${file.separator}-", "read";
    permission java.io.FilePermission "${file.separator}groovy${file.separator}script", "read";
    permission java.lang.RuntimePermission "accessClassInPackage.*";
    permission java.lang.RuntimePermission "accessDeclaredMembers.*";
    permission java.lang.RuntimePermission "createClassLoader";
    permission java.lang.RuntimePermission "defineClassInPackage.*";
    permission java.lang.RuntimePermission "getClassLoader";
    permission java.lang.RuntimePermission "getProtectionDomain";
    permission java.lang.RuntimePermission "setContextClassLoader";
    permission java.lang.RuntimePermission "shutdownHooks";
    permission java.lang.RuntimePermission "stopThread";
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
    permission java.util.PropertyPermission "*", "read,write";
    permission java.util.PropertyPermission "ANTLR_DO_NOT_EXIT", "read";
    permission java.util.PropertyPermission "ANTLR_USE_DIRECT_CLASS_LOADING", "read";
    permission java.util.PropertyPermission "groovyjarjarantlr.ast", "read";
    permission java.util.PropertyPermission "groovy.ast", "read";
    permission java.util.PropertyPermission "org.apache.commons.logging.LogFactory.HashtableImpl", "read";
    // grails 1.1
    permission java.io.FilePermission "file:${example.webapp.root}${file.separator}WEB-INF${file.separator}grails-app${file.separator}*", "read";
    permission java.lang.RuntimePermission "setIO";


    // grails 1.1: various jars incl ant use ${file.separator}bin${file.separator}env
    permission java.io.FilePermission "${file.separator}bin${file.separator}env", "read,execute";
};




grant {
 permission java.net.SocketPermission "*", "accept,connect,resolve,listen";
 permission java.util.PropertyPermission "*", "read";
 permission javax.management.MBeanPermission "*", "registerMBean";
 permission javax.management.MBeanPermission "*", "invoke";
 permission javax.management.MBeanPermission "*", "getAttribute";
 permission javax.management.MBeanPermission "*", "queryMBeans";
 permission javax.management.MBeanPermission "*", "queryMBeans";
 permission java.lang.RuntimePermission "accessDeclaredMembers", "";
 permission java.lang.RuntimePermission "getenv.*", "";
};