I am trying to learn a jdbc connection project according to this site suggested. (https://www.javatpoint.com/spring-mvc-crud-example).
So far I have got the index page running, and my inputed info is POSTed to my MySQL database(so I somehow assume my connection to database is successful).
However, when i try to viewemp(READ) as suggested on this tutorial, my page could not capture the employee info(the jsp file to display employee info shows, but no data). This is the error log I got.
** BEGIN NESTED EXCEPTION **
javax.net.ssl.SSLException
MESSAGE: closing inbound before receiving peer's close_notify
STACKTRACE:
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
Google seems to be suggesting this is an SSL problem and suggested I should create a application.property file to set up SSL.
is it possible to alter my bean setting in my servlet.xml file setting instead?
<bean id="ds" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<!-- 1. Register JDBC Driver class -->
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<!-- 2. establish connection -->
<property name="url" value="jdbc:mysql://localhost:3306/javatpoint" />
<property name="username" value="root" />
<property name="password" value="********" />
</bean>
There are two ways to fixed this error
Turn off use of SSL by passing extra variable ?useSSL=false
<bean class="org.springframework.jdbc.datasource.DriverManagerDataSource" name="dataSource">
<!--<property name="driverClassName" value="com.mysql.jdbc.Driver" />-->
<property name="driverClassName" value="com.mysql.cj.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/javatpoint?useSSL=false" />
<property name="username" value="root" />
<property name="password" value="******" />
</bean>
You can also configure it in your mysql database using my.ini file
[Edit 17-11-2022]
If you only wanted to setup self-signed ssl certificate, then Setting up HTTPS for Spring Boot requires two steps:
Generated Self Signed Certificate
Open Terminal (JDK 11, comes with utility)
// generate JKS keystore:
keytool -genkeypair -alias <project-name> -keyalg RSA -keysize 4096 -storetype JKS -keystore <generatedfilename.jks> -validity 3650 -storepass <password>
// generate PKCS12 keystore
keytool -genkeypair -alias <project-name> -keyalg RSA -keysize 4096 -storetype PKCS12 -keystore <generatedfilename.p12> -validity 3650 -storepass password
Setting up with spring-boot properties file (src/main/resources/application.properties)
server.ssl.key-store: classpath:keystore.p12
server.ssl.key-store-password: <password>
server.ssl.key-store-type: pkcs12
server.ssl.key-alias: <project-name>
server.ssl.key-password: <password>
Related
I'm pretty new to SAML 2.0 but got tasked with integrating it into our existing webapplication using Spring Security 4.2.2 and Spring Security Saml2 1.0.2.
Our initial tests went fine when using Okta as IdP.
One customer however is unable to process the SAMLRequest in the redirect because the signing algorithm defaults to http://www.w3.org/2000/09/xmldsig#dsa-sha1 which they do not support.
So I need to change this to something that they do support (for example RSA-SHA256).
How can I change the signing algorithm that is used when forwarding to the IdP?
All help greatly appreciated!
I already tried changing the signingAlgorithm property of the defaultMetadata in my metadataGeneratorFilter but that didn't change anything to the SAMLRequest:
<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.MetadataGenerator">
<property name="entityBaseURL" value="..." />
<property name="extendedMetadata">
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="signingAlgorithm" value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
</bean>
</property>
</bean>
</constructor-arg>
</bean>
UPDATE 1: I discovered that the keystore we were using had the signing algorithm set to DSA so I generated a new keystore with the correct parameters
keytool -genkeypair -alias saml -keypass <password> -keystore saml.jks -keyalg RSA -sigalg SHA256withRSA
This accomplished that the SigAlg parameter was now set to RSA_SHA1 (even though my keystore uses RSA_SHA256 but more on that in UPDATE2)
UPDATE 2: it appears that OpenSaml, more specifically xmltooling, defaults to RSA_SHA1. I found a workaround here: https://myshittycode.com/2016/02/23/spring-security-saml-replacing-sha-1-with-sha-256-on-signature-and-digest-algorithms/
Now my implementation is happily using RSA_SHA256 (yay)
I'm still going to see if we can accomplish the same thing without a custom bootstrap class but at least everything is working right now.
I have a requirement to encrypt the data in transit between the web server and the database server using Mybatis as the persistence framework.
The database server is Oracle 12c Enterprise Edition Release 12.1.0.2.0 - 64bit. I am using the ojdbc7.jar driver.
I am able to establish an encrypted connection as described here... https://docs.oracle.com/database/121/DBSEG/asojbdc.htm#DBSEG9613. However, I have not been able to do so through MyBatis. I am setting the connection properties in the mybatis-config.xml file. Below are the contents of that file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE configuration PUBLIC '-//mybatis.org//DTD Config 3.0//EN' 'http://mybatis.org/dtd/mybatis-3-config.dtd'>
<configuration>
<settings>
<setting name="lazyLoadingEnabled" value="false" />
<setting name="jdbcTypeForNull" value="NULL"/>
</settings>
<environments default="development">
<environment id="development">
<transactionManager type="JDBC" />
<dataSource type="POOLED">
<property name="driver" value="oracle.jdbc.OracleDriver"/>
<property name="url" value="jdbc:oracle:thin:#//<server>:<port>/<service>"/>
<property name="username" value="<username>"/>
<property name="password" value="<password>"/>
<property name="poolMaximumActiveConnections" value="20"/>
<property name="poolMaximumIdleConnections" value="10"/>
<property name="poolMaximumCheckoutTime" value="180000"/>
<property name="poolPingQuery" value="select 0 from dual"/>
<property name="poolPingEnabled" value="true"/>
<property name="poolPingConnectionsNotUsedFor" value="1800000"/>
<property name="CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_LEVEL" value="REQUIRED"/>
<property name="CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_TYPES" value="AES256"/>
</dataSource>
</environment>
</environments>
</configuration>
The last two property elements are my attempt at configuring an encrypted connection. Without them I am able to connect successfully without encryption. With the last two property elements I just get an error:
Caused by: org.apache.ibatis.exceptions.PersistenceException: ###
Error building SqlSession. ### The error may exist in SQL Mapper
Configuration ### Cause: org.apache.ibatis.builder.BuilderException:
Error parsing SQL Mapper Configuration. Cause:
org.apache.ibatis.datasource.DataSourceException: Unknown DataSource
property: CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_TYPES
Does anybody know how to solve this?
The names of the JDBC properties are not quite right. Note that they can be found in the JavaDoc under oracle.jdbc.OracleConnection. You can try these:
EDIT: as Chris explained in this comments MyBatis requires the driver's property name to be prefixed with "driver".
<property name="driver.oracle.net.encryption_client" value="REQUIRED"/>
<property name="driver.oracle.net.encryption_types_client" value="(AES256)"/>
I have the below spring configuration to connect to ActiveMQ:
<bean id="connectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory">
<property name="brokerURL" value="tcp://10.3.2.3:61616" />
<property name="userName"
value="Platform.user.consumer" />
<property name="password" value="Test123"></property>
<property name="redeliveryPolicy">
<bean class="org.apache.activemq.RedeliveryPolicy">
<property name="maximumRedeliveries" value="7" />
</bean>
</property>
</bean>
I want to configure the properties in the external property file and want to load using JNDI. I have configured the JNDI parameters inside the properties like below:
#Active MQ properties
java.naming.factory.initial=org.apache.activemq.jndi.ActiveMQInitialContextFactory
java.naming.provider.url=tcp://localhost:61616
connectionFactoryNames=connectionFactory
#register the queue in the JNDI using the below form
#queue.[queueName]=
queue.myQueue=com.inputqueue
How can I configure the Platform.user.consumer and password property in the properties file. Please let me know since this is not mentioned in the documentation of Active MQ
If you use jndi InitialContext i think you will loose the power of spring to configure the factory...
But you can load these properties like pwd or user or any property from properties file like this if this what you need
http://docs.spring.io/autorepo/docs/spring-framework/3.2.17.RELEASE/javadoc-api/org/springframework/beans/factory/config/PropertyPlaceholderConfigurer.html
Like this you can use ${password} to be replaced with the value "Test123" of the key "password" from springcontext.properties
Eg :
password=Test123
We have a web application in Java (Spring Framework). For authentication and user management, we are using SSO with LDAP.
The LDAP context is as defined in the bean below:
<bean id="legacyLdapContext" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="ldaps://aaa.bbb.ccc.edu:636"/>
<property name="base" value="cn=Users,dc=bbb,dc=ccc,dc=edu"/>
<property name="userDn" value="user"/>
<property name="password" value="*****"/>
<property name="pooled" value="true"/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
<entry key="java.naming.referral">
<value>ignore</value>
</entry>
</map>
</property>
</bean>
Everything works fine, but the connection/queries are very slow.
If the same configuration is changed to non ssl (`ldap://aaa.bbb.ccc.edu:389') it is lightening fast. A query that takes the non SSL context just a few seconds, takes the SSL context 7 minutes.
Is there any LDAPS related configuration missing? I have installed the certificate to JVM using the steps here http://javacolors.blogspot.in/2012/05/how-to-register-ssl-certificates-in.html .
To force the JVM to pool SSL connections, add the following line to your Apache Tomcat /bin/setenv.sh ({{setenv.bat}} for Windows) file
On Linux:
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.jndi.ldap.connect.pool.protocol='plain ssl' -Dcom.sun.jndi.ldap.connect.pool.authentication='none simple DIGEST-MD5'"
On Windows:
JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.jndi.ldap.connect.pool.protocol="plain ssl" -Dcom.sun.jndi.ldap.connect.pool.authentication="none simple DIGEST-MD5"
https://confluence.atlassian.com/display/CROWDKB/Performance+problem+when+using+LDAPS
I never seen this but I wondering if somebody has come across. Having a web server which access a database. I want to pass the database password encrypted and have spring context decrypting it before setting the datasource. I know the spring security can do some of this like using a salt file in the web server, etc.
The challenge here is that I don't want to give a clear user,password,url to the web server team. Just an encrypted password and have spring decrypted before using it.
Is there something like this already? I know I could code something but is it already done?
Thanks
By using an org.jasypt.properties.EncryptableProperties object, an application would be able to correctly read and use a .properties file like this:
datasource.driver=com.mysql.jdbc.Driver
datasource.url=jdbc:mysql://localhost/reportsdb
datasource.username=reportsUser
datasource.password=ENC(G6N718UuyPE5bHyWKyuLQSm02auQPUtm)
Note that the database password is encrypted (in fact, any other property could also be encrypted, be it related with database configuration or not).
More information :
http://www.jasypt.org/encrypting-configuration.html
I actually found exactly what I was looking for in this thread:
How to use encrypted password in apache BasicDataSource?
Here are the details from jasyp http://www.jasypt.org/spring3.html
This problem and solution to it is explained here..(link)
db.Properties.
#driverClassName=oracle.jdbc.driver.OracleDriver
#url=jdbc:oracle:thin:#localhost:1521:XE
#username=ITEM_INVENTORY
driverClassName=com.mysql.jdbc.Driver
url=jdbc:mysql://localhost:3306/ITEM_INVENTORY?zeroDateTimeBehavior=convertToNull
username=root
Encrypt db.Properties
##password=cGFzc3dvcmQ=
password=cm9vdA==
The spring beans configuration for the datasource would look like this
(here you may use only password part)
spring-beans.xml
<bean id="dataSource" destroy-method="close" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName" value="db#[driverClassName]" />
<property name="url" value="db#[url]" />
<property name="username" value="db#[username]" />
<property name="password" value="encryptedDb#[password]" />
</bean>
<bean id="dbPropertyPlaceholder" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<list>
<value>classpath:db.properties</value>
</list>
</property>
<property name="placeholderPrefix" value="db#[" />
<property name="placeholderSuffix" value="]" />
</bean>
<bean id="encryptedDbPropertyPlaceholder" class="com.inventory.api.util.DecryptPropertyConfigurer">
<property name="locations">
<list>
<value>classpath:encryped_db.properties</value>
</list>
</property>
<property name="placeholderPrefix" value="encryptedDb#[" />
<property name="placeholderSuffix" value="]" />
</bean>
And so on.. please refer given link for more information..