среда, 26 октября 2016 г.

clojure remote repl

In order to debug remote app we can start it with remote repl, if version of clojure 1.8+

java -Dclojure.server.repl="{:address \"\" :port 5555 :accept clojure.core.server/repl}" -jar mywebapp.jar

вторник, 25 октября 2016 г.

Kerberos SPNEGO Checksum failed problem

I made SPNEGO authentication for my web apps. During development I met a problem authenticating users using keytab file for HTTP services:

Caused by: org.ietf.jgss.GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)

I've found solution how to resolve a problem. I've used RHEL 7 on servers and clients, and FreeIPA as a KDC/LDAP server:

1. Open /etc/krb5.conf on web app server and add into section [libdefaults] one line

default_tkt_​enctypes = arcfour-hmac-md5

This is most important thing. This line resolves "Checksum failed" problem

2. On a client:
kinit username
Password for username@MYSERVICE.COM: 

after successful authentication in Kerberos domain we can access Kerberized web apps using curl:
curl -v -k --negotiate -u :  --cacert /etc/ipa/ca.crt  https://myservice.com:8090/krb

3. In FireFox, print about:config in address bar -> I promise -> then find
network.negotiate-auth.delegation-uris​     value     http://,https://
network.negotiate-auth.trusted-uris           value     .myservice.com​

вторник, 27 сентября 2016 г.

Clojure ClassCastException error

If error occured like this Caused by: java.lang.ClassCastException: bla.bla.bla cannot be cast to [Lbla.bla.bla it means that you need (into-array [bla.bla.bla]) or (into-array BlaClass [])

четверг, 24 марта 2016 г.

import openssl keys to JKS

#convert ca chain from PEM to DER
openssl x509 -outform der -in ca-chain.cert.pem -out ca.cert.der

#convert server cert and server private key to pkcs12 storage
openssl pkcs12 -export -in ./hostname.cert.pem -inkey ./hostname.key.pem -out ./hostname.p12 -name mywebservice -passin pass:Secret13 -passout pass:Secret13

#import server cert and private key from pkcs12 to JKS
keytool -importkeystore -srckeystore ./hostname.p12 -srcstoretype PKCS12 -srcstorepass Secret13 -alias mywebservice -deststorepass Secret13 -destkeypass Secret13 -destkeystore server-keystore.jks

#import ca chain
keytool -import -v -trustcacerts -alias ca-cert -file ca.cert.der -keystore ./server-keystore.jks -keypass Secret13

воскресенье, 17 января 2016 г.

include java sources to clojure project

1. Make src-java dir in a root folder of project.
2. Put usual java classes to src-java/ folder
3. Add following lines to the project.clj in root or in uberjar profile.
:java-source-paths ["src-java/"]
:prep-tasks  ["javac" "compile"]

That's it! 

суббота, 9 января 2016 г.

convert pem to jks (java keystore)

after letsencrypt finish we  must convert our keys to jks.
here is some instructions:

openssl pkcs12 -export -in server-cert.pem -inkey server-private.pem -out server.p12 -name localhost -CAfile ca.pem -caname root 

keytool -importkeystore -deststorepass passw12 -destkeypass passw12 -destkeystore server.jks -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass passw12 -alias localhost

воскресенье, 14 июня 2015 г.

secure rabbitmq server and management console.

CentOS 6.5 x64

1. create file /etc/rabbitmq/rabbitmq.config

{rabbitmq_management, [{listener, [{port, 15672},{ip, ""}]}]},

2. create file /etc/rabbitmq/rabbitmq-env.conf

export RABBITMQ_NODENAME=rabbit@localhost

3. Establish ssh tunnel from your machine to remote rabbitmq server

ssh -L 15672: user@remotehost -p 22

Now, you can connect to admin console using browser http://localhost:15672
This is very useful for hosting machines.