Saturday, November 5, 2011

JBOSS AS 7 authentication under Openshift

There are many implementations for the authentication (for example LDAP, Database, Property-File, etc...):
https://docs.jboss.org/author/display/AS7/Security+subsystem+configuration

One of the simplest methods is using a property file for the users and an other for the roles;
Code: UsersRoles
Classname: org.jboss.security.auth.spi.UsersRolesLoginModule

File users.properties:
username0=password0
username1=password1

File roles.properties:
username0=role0,role1
username1=role1,role2

In your Jboss's config/standalone.xml look for this configuration:
<subsystem xmlns="urn:jboss:domain:security:1.0">
  <security-domains>
    <security-domain name="other" cache-type="default">
      <authentication>
        <login-module code="UsersRoles" flag="required">
          <module-option name="usersProperties" value="${OPENSHIFT_APP_DIR}/runtime/repo/users.properties" />
          <module-option name="rolesProperties" value="${OPENSHIFT_APP_DIR}/runtime/repo/roles.properties" />
        </login-module>
      </authentication>
   </security-domain>
 </security-domains>
</subsystem>

JBoss is now ready, remember to protect your web app adding this configuration in WEB-INF/web.xml:
<security-constraint>
 <web-resource-collection>
  <web-resource-name>Finance</web-resource-name>
  <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <auth-constraint>
  <role-name>user</role-name>
  <role-name>admin</role-name>
 </auth-constraint>
</security-constraint>

<login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>Megaris Finance</realm-name>
</login-config>
 
<security-role>
 <description>Role for simple users</description>
 <role-name>user</role-name>
</security-role>
<security-role>
 <description>Role for administrators</description>
 <role-name>admin</role-name>
</security-role>
Posted by at 1 comment:

Friday, July 22, 2011

Automatically create a fixed symbolic link when a device is attached

My laptop had two USB devices that was mapped everytime to differents /dev/ttyUSB paths.
For example sometime:
[9.019817] usb 2-1.4: Qualcomm USB modem converter now attached to ttyUSB0
[9.053636] usb 2-1.6: pl2303 converter now attached to ttyUSB1
or sometime so:
[9.053636] usb 2-1.6: pl2303 converter now attached to ttyUSB0
[9.019817] usb 2-1.4: Qualcomm USB modem converter now attached to ttyUSB1

The "pl2303 converter" is a USB-serial adapter that I need for some special hardware.
Because of this inconsistent mapping I needed to change quite often the settings in my software.

To solve the problem I created a symbolic device link for the USB-serial adapter, as described below:

1 step: detect the "idVendor" and "idProduct" of your hardware
$ lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 003: ID 147e:2016 Upek Biometric Touchchip/Touchstrip Fingerprint Sensor
Bus 001 Device 004: ID 0a5c:217f Broadcom Corp. Bluetooth Controller
Bus 001 Device 005: ID 17ef:1009 Lenovo 
Bus 001 Device 006: ID 17ef:480f Lenovo Integrated Webcam [R5U877]
Bus 002 Device 003: ID 05c6:9204 Qualcomm, Inc. 
Bus 002 Device 004: ID 067b:2303 Prolific Technology, Inc. PL2303 Serial Port
Bus 001 Device 007: ID 046d:c018 Logitech, Inc. Optical Wheel Mouse
Bus 001 Device 008: ID 046a:0023 Cherry GmbH CyMotion Master Linux Keyboard
Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub

In my case was the "Prolific Technology, Inc. PL2303 Serial Port". The "idVendor" is 067b while the "idProduct" is 2303

2 step: add an udev rule to create a symbolic device link everytime that the hardware is attached.
go to '/etc/udev/rules.d/' and create a file named for example '97-local.rules' with this content:
kernel=="ttyUSB*", SYSFS{idVendor}=="067b", SYSFS{idProduct}=="2303", SYMLINK="SerialUSB"

3 step: restart you system... you've done!
Give a look to your /dev directory. You shoud now see a device named /dev/SerialUSB

You can create udev rules also for other purposes, for example run a script when a new hardware is detected.
Posted by at No comments:

Thursday, June 30, 2011

Compare binary two jar files

Compare two jar files, included the binary content (it will be created an hex dump).

Third-party dependency: jar (openJdk), hexdump, meld
#!/bin/sh

export TEMP="/tmp"

print_usage() {
  echo "$0  " 
}

# Validate the args. Two arguments are expected.
validate_args() {
  if [[ $1 == "" ]]; then
    print_usage
    exit -1
  fi
  
  if [[ $2 == "" ]]; then
    print_usage
    exit -1
  fi
}

# Extract the jar to the $TEMP dir and do a hex dump for 
# the binary files (the original file is deleted).
#
# arg1: the path to the jar file
extract_jar() {
  basename1=`basename $1`
  dir1="$TEMP/$basename1.d"
  rm -fR $dir1
  mkdir -p $dir1
  cp $1 $dir1
  cd $dir1 && jar -xf "$dir1/$basename1" && cd -
  rm -f "$dir1/$basename1"
  
  find "$dir1" -type f | while read filename
   do
     # retrieve the mime type
     mime=`file -bi "$filename"`
     encoding=`echo $mime | cut -d "=" -f2`
     
     # hex dump for binary files
     if [[ $encoding == "binary" ]]; then
       hexdump -C "$filename" > "$filename.hex"
       rm -f "$filename"
     fi
   done
}
validate_args $1 $2
echo "Compare '$1' with '$2'"
extract_jar $1
extract_jar $2

#Compare with MELD
basename1=`basename $1`
dir1="$TEMP/$basename1.d"
basename2=`basename $2`
dir2="$TEMP/$basename2.d"

meld "$dir1" "$dir2"
Posted by at No comments:
Subscribe to: Posts (Atom)