Powered by Blogger.

Cross-Origin Resource Sharing

, No comments :
CROSS is a system that allows client web applications (such as JavaScript code) loaded on one domain to interact with resources located on a different domain.
Origin: An "Origin" (or source) URL consists of three parts: Protocol (scheme): Such as http or https. Domain (host): Such as a143mk.blogspot.com or localhost. Port (port number): Such as 8080 or 3000. If any of these three parts are different in a request, it is called a Cross-Origin request.
Example:
If your frontend (endpoints.com) sends a request to a backend API (api.com), it is Cross-Origin and will be intercepted by the browser. CORS is a way to relax this security restriction in a controlled manner, allowing legitimate cross-origin communication.
 

Configuring CORS globally in Spring Boot is the preferred approach, as it saves you from having to apply the @CrossOrigin annotation to every controller or method and keeps the configuration centralized.
Example: This method defines global CORS settings 
  1.  addMapping("/**"): This indicates that the CORS mapping will apply to all paths. 
  2.  allowedOrigins: Defines the client origins that are allowed to access your API. 
  3.  allowedMethods: The HTTP methods that are allowed. 
  4.  allowedHeaders: Allows all headers sent by the client. 
  5.  allowedCredentials: Set this to 'true' if the client is using cookies or HTTP authentication. 
  6.  maxAge: The time (in seconds) to cache the results of a pre-flight request.

Inversion of Control (IoC) in Spring Frameworks

, , 1 comment :
IoC stands for "Inversion of Control", a principle in software engineering where the control of objects or portions of a program is transferred to a framework or container. This concept is fundamental to achieving loose coupling in object-oriented design, which makes applications more modular, flexible, and easier to maintain.
Key Concepts of Inversion of Control : 
  • Dependency Injection (DI)
  1. The most common implementation of IoC. 
  2. Dependencies (objects that a class requires to function) are injected into the class rather than the class creating them itself. 
  3.  Can be implemented in three main ways: constructor injection, setter injection, and interface injection.
  • Service Locator
  1.  An alternative to dependency injection. 
  2.  A central registry (the service locator) provides dependencies upon request. 
  3.  Can lead to less transparency in dependency management compared to DI.
How IoC Works:
  •   Without IoC.

  •  With IoC (Dependency Injection).


In the example above, with IoC, the `Car` class does not create the `Engine` instance itself. Instead, it receives it from an external source (typically an IoC container).
Benefits of IoC:
Decoupling: Reduces the dependency between components, making the system more modular. Testability: Easier to test components in isolation since dependencies can be easily mocked or stubbed. Flexibility: Easier to swap out implementations of dependencies without modifying the dependent class. 
 Maintainability: Simplifies code management and maintenance by following the single responsibility principle. 
IoC Containers: IoC containers are frameworks that manage the creation and injection of dependencies. Some popular IoC containers are:
Spring (Java): Provides comprehensive support for dependency injection and IoC. 
PicoContainer (Java): Lightweight and simple to use. 
Unity (C#): A dependency injection container from Microsoft. 
Autofac (C#): A popular IoC container for .NET applications.
 
Example in Spring Framework:

 Spring Framework is a well-known example of an IoC container. Here’s how dependency injection is typically configured in a Spring application:
 
XML Configuration:

Java Configuration:

Annotation-Based Configuration:
In these examples, the Spring container manages the lifecycle and injection of the `Engine` dependency into the `Car` class. In summary, IoC is a design principle that helps to create flexible, maintainable, and testable software systems by inverting the control of dependency management. Dependency injection is the most common pattern used to implement IoC, and it is supported by various frameworks and containers across different programming languages.

How to PACKAGE Spring Boot application to JAR and WAR

, , No comments :
Maven is a popular build tool, that takes your project’s Java source code, compiles it, tests it and converts it into an executable Java program: either a .jar or a .war file.  
Package Spring Boot application to JAR OR WAR file:
The default packaging type of a Spring Boot project is jar if the attribute is not present in the pom.xml file. It’s better to check your project’s pom.xml file to make sure that the packaging type is jar or War:

If you use an IDE such as Eclipse or Spring Tool Suite, right-click on the project, then select Run As > Maven Configuration Like:
  • CLEAN
  • BUILD
  • INSTALL
  • PACKAGE.................etc.







Simple LDAP sign-on Authentication Using Ldap-a143mkJar

, , 1 comment :
LDAP sign-on is an authentication scheme that allows a user to log in with a single ID to any of several related, independent, software systems or web applications. In this post user will login through Outlook Mail. Ldap-a143mkJar.jar
Process of Ldap sign-On (LSO) Authentication:



Download the jar file and implement some methods / functions have been used, the names of the methods are as follows:

Call Class object LdapClient ldapClientClass=new LdapClient();
  1. A143mkLdapConnection(ldapUrl, ldapDnConn, userEmailId, password);
There are some parameters in methods, which we initialize by creating configuration object like this.

String ldapUrl= "ldap://172.0.0.0:389/"; 
String lDapDnConn="dc=domainName,dc=com"; 
String userEmailId="EmailMail@mailDomen.com"; 
String password="mailPassword"; 

How to create a project/main class/other class to follow us.




while creating the controller/main class Ldapconn.java.


Output :


LDAP Authentication with Spring Boots

, , 3 comments :
LDAP is a lightweight version of the Directory Access Protocol (DAP).LDAP’s primary function is enabling users to find data about organizations, persons, and more. It accomplishes this goal by storing data in the LDAP directory and authenticating users to access the directory. It also provides the communication language that applications require to send and receive information from directory services.
Step-by-step authentication process with Some Ldap properties.
The client (an LDAP-ready system or application) sends a request to access information stored within an LDAP database. The client provides their LDAP server user credentials (username and password). The LDAP server cross-checks the user’s submitted credentials against the core user identity data stored in its LDAP database. If the provided credentials match the stored core user identity, the client can access the requested information. Incorrect credentials will lead to denied access to the LDAP database.
Some Ldap properties.

ldap.enable=true

Enable / disable LDAP support.

ldap.ldapUrl=ldap://HostIP:389

The URL/IP to your LDAP server, including port

ldap.ldapSystemDN=cn=Administrator,dc=olattest,dc=org

System user: used for getting all users and connection testing

ldap.ldapSystemPW=mySuperPassword

The LDAP password of the system user

ldap.ldapBases= ou=person,dc=olattest,dc=org

List of bases where to find users. To use multiple bases you must edit the config file manually

ldap.sslEnabled = false

Enable SSL connection

ldap.trustStoreLocation=/usr/lib/j2sdk1.5-sun/jre/lib/security/cacerts

Location of the Java trust store

ldap.trustStorePwd=changeit

The Java trust store password

ldap.trustStoreType=JKS

The Java trust store type

ldap.cacheLDAPPwdAsOLATPwdOnLogin=true

When users log in via LDAP, the system can keep a copy of the password as encrypted hash in the database. This makes OLAT more independent from an offline LDAP server and users can use their LDAP password to use the WebDAV functionality. When setting to true (recommended), make sure you configured password.change.allowed=false

ldap.convertExistingLocalUsersToLDAPUsers=true

When the system detects an LDAP user that does already exist in OLAT but is not marked as LDAP user, the OLAT user can be converted to an LDAP managed user. When enabling this feature you should make sure that you don't have a user 'administrator' in your ldapBases (not a problem but not recommended)

ldap.deleteRemovedLDAPUsersOnSync=false

Users that have been created vial LDAP sync but now can't be found on the LDAP anymore can be deleted automatically. If unsure, set to false and delete those users manually in the LDAP administration panel.

ldap.deleteRemovedLDAPUsersPercentage=50

Sanity check when deleteRemovedLDAPUsersOnSync is set to 'true': if more than the defined percentages of user accounts are not found on the LDAP server and thus recognized as to be deleted, the LDAP sync will not happen and require a manual triggering of the delete job from the admin interface. This should prevent accidential deletion of OLAT user because of temporary LDAP problems or user relocation on the LDAP side. Value= 0 (never delete) to 100 (always delete).

ldap.ldapSyncOnStartup=true

Should users be created and synchronized automatically on startup? If you set this and the cron configuration to false, the users will be generated on-the-fly when they log in the first time.

ldap.ldapSyncCronSync=true

Should users be created and synchronized periodically, not just during startup? If you set this and the startup configuration to false, the users will be generated on-the-fly when they log in the first time.

ldap.ldapSyncCronSyncExpression=0 0 * * * ?

Set the rule how often the LDAP synchronization should take place. Default is every hour. For the cron syntax see quartz cron syntax documentation

ldap.ldapUserObjectClass=person

Configuration for syncing user attributes during login or cron and batch sync. The user object class to use.

ldap.ldapUserCreatedTimestampAttribute=createdTimestamp

The LDAP attribute that tells the creation date of the LDAP user. In active Directory this is typically "whenCreated", in OpenLDAP "createdTimestamp". If not available, use the same as for the last modified date.

ldap.ldapUserLastModifiedTimestampAttribute=modifyTimestamp

The LDAP attribute that tells the creation date of the LDAP user. In active Directory this is typically "whenChanged", in OpenLDAP "modifiedTimestamp"

ldap.attributename.useridentifyer=uid

Mapping of the LDAP user identifyer to an OLAT user. In Active Directory this is typically "sAMAccountName", in OpenLDAP "uid".

ldap.attributename.email=mail

Mapping of the mandatory OLAT user properties. In this example the LDAP attribute "mail" will be mapped to the OLAT user property "email"

ldap.attributename.firstName=givenName

Mapping of the mandatory OLAT user properties. In this example the LDAP attribute "givenName" will be mapped to the OLAT user property "firstname"

ldap.attributename.lastName=sn

Mapping of the mandatory OLAT user properties. In this example the LDAP attribute "sn" will be mapped to the OLAT user property "lastName"

olatprovider.enable=false

Disable the normal OLAT login screen. When you set ldap.cacheLDAPPwdAsOLATPwdOnLogin=true, a fallback to the normal OLAT login is made in case the LDAP server can not be reached. You can set this variable also to true to have the OLAT and the LDAP login screen available

default.auth.provider=LDAP

Use the LDAP login screen as the default login screen.
  1. Create Spring Boot Java (Microservices) Project Example
      Create Spring Boot Java (Microservices).
  1. Project Name: LdapAuthenticationConfigSpringBoots.
  2. Group:Ldap-Auth-a143mk.
  3. Artifactid:Ldap-Auth-a143mk.
  4. Description:Learn-Configure LDAP Authentication.
  5. Package:LDAPAutha143mk.



Select the technologies and library(Maven Dependency ) to be.
  1. Spring Web
  2. Spring ldap
  3. ldapsdk
  4. ldap security

while creating the project pom.xml file and some maven dependency, main class is automatically created when web add any dependency like.

pom.xml



Configure application.properties


Create ldap-data.ldif :
Directory Server uses LDAP Data Interchange Format is a standard text format for representing LDAP objects and LDAP updates (add, modify, delete, modify DN) in a textual form.

WebSecurityConfig ClassCreate new package, named LDAPAutha143mk.config. In this package, create Configuration class name is WebSecurityConfig.java as below:

Create Controllers
Create new package named LDAPAutha143mk.controller. In this package, create new java class named LoginWelcomeController.java


Run Project
 

Digital Steganography With Single Sign-On (SSO) Authentication Project For Students

, , , 3 comments :
The project here can be a minor and major project for final year students, and given in school and college by learning the project itself through videos.
INTRODUCTION:
Maintaining secrecy is very important in a large corporation and because of the intelligent of the hackers it becomes tedious. Already we have encryption for transmitting secret information. Even though encryption successfully transmitting secret information, it will give a suspicion to the hackers and it affects unintended users. Our project, DIGITAL STEGANOGRAPHY WITH Single Sign-On (SSO) Authentication overcomes this factor and it gives a solution for transmitting secret formation with out affecting 
 Unintended users. Steganography uses multimedia data as a covering medium (Covering secret information). By using steganography data (secret information) can hided with in 
Data (multimedia data, here multimedia data is an image) and it can be sent anywhere to transfer the message easily without giving any suspicion to others.



Follow Steps by Steps 


Encryption and Decryption implement using EncryptDecryptA143mk jar

, 2 comments :
In this post, we will learn how we can implement String/Password Base64 Encrypt and Base64 Decrypt as well as Hexadecimal (Base 16) Encrypt and Hexadecimal (Base 16) Decrypt with the help of a jar which is EncryptDecryptA143mk.jar Consists of 4 functions/methods understand its working as follows.

Base64EEncryptDecrypt: 
EncryptA143MK() 
DecryptA143MK() 

HexadecimalEncryptDecrypt: 
HexDecryptA143MK() 
HexEncryptA143MK()

Create this Main Method, you can use this code in function/methods as per You wish.
Output:
Important Information: we do this type of development/implement to provide security to the online user in the web application or other user application like online platform, your personal information like password is neither in the database of the online platform nor with anyone else.

How to Implement SMTP (Simple Mail Transfer Protocol: To, Cc and Bcc Mails) Using Java

, , , 1 comment :
In this post we will learn how To, Cc and Bcc mails are sent and also how the file is attached to the mail. Some jar files are available in java for the development of mails, which is javax.mail jar file, as well as a jar named SendMailA143mk, download both the jar file and the names of the jar SendMailA143mk in which two methods / functions have been used, the names of the methods are as follows:    
1. SendMaleWPathFile();
2. SendMaleWBody();
There are some parameters in both the methods, which we initialize by creating and object like this.

String noReplayEmailID="noreplyMail@mailDomen.com";
String noReplayEmailPass="mailPassword"; 
String host="smtp.office365.com"; 
String port="587";
String sentTomail="toMail@mailDomen.com"; 
String sentToCCmail="ccMail@mailDomen.com"; 
String sentToBCCmail="bccMail@mailDomen.com"; 
String Subject="SMTP Implementation Using Java"; 
String bodyText=" Hi A143mk blogs Test Mail. Thanks. "; 
String PathFile="D:\\logo.png"; 
Create this Main Method, you can use this code in functions/methods as per you wish.
 

Output is:

















Important Information: We develop/implement this type of web application or other user application in online platform like How to send To, Cc and Bcc mails to online user providing security and also we are able to send email to user through OTP in this development Whether or not your personal information such as password/email OTP is neither in the database of the online platform nor in the possession of anyone else. By this we identify the authenticity of the user.

How to upload password Protected Excel Using java

, No comments :
In the previous post, we saw how some columns were made password protected, now we will see how to upload the created file.
First of all we make brows form.



Uploading Excel


















NPOIFSFileSystem class is inside the "org.apache.poi.poifs.filesystem.NPOIFSFileSystem" package Biff8EncryptionKey class is inside the "org.apache.poi.hssf.record.crypto.Biff8EncryptionKey" package


Import Jar Name is poi-3.17.jar and call Some class

import org.apache.poi.hssf.record.crypto.Biff8EncryptionKey; 
import org.apache.poi.hssf.usermodel.HSSFWorkbook; 
import org.apache.poi.poifs.filesystem.NPOIFSFileSystem; 
import org.apache.poi.ss.usermodel.DataFormatter;
import org.apache.poi.ss.usermodel.Row; 
import org.apache.poi.ss.usermodel.Sheet; 
import org.apache.poi.ss.usermodel.Workbook; 
import org.apache.poi.xssf.usermodel.XSSFWorkbook;

Java controlling Method is uploadFile:
 

Output:




How to create password Protected Excel for some Column Label in java

, , 1 comment :
Introduction
How to password protect some columns of Excel using java and editable some columns inside an excel sheet.
Spring MVC comes with AbstractJExcelView class to export data to Excel file via JExcelAPI library. In this tutorial, it show the use of AbstractJExcelView class in Spring MVC application to export data to Excel file for download
Write the jasper-view.xml configuration.

Import Jar Name jxl-2.6.12.jar and spring-webmvc-4.3.7.RELEASE.jar and call Some classes


   


  

Social Client Login with OAuth2 Spring Boot Application

, , , 2 comments :
First of all you have to take auth2 access to the social web site, we see it in the video, then we will create a services and test it and see some services we learned in the previous post, we will give their link below which includes Eureka (client-1, client-2)ApiGetway, services.



Add client and secret Id in ApiGetway application.properties  file:

spring.security.oauth2.client.registration.Oauth2_Security.client-id = Write your Client ID spring.security.oauth2.client.registration.Oauth2_Security.client-secret = Write your Secret ID

Add use Dependency in ApiGetway pom.xml  file:

Add New Package in ApiGetway-> com.javatechie.spring.zulu.api.cofig and create SecurityConfiguration.java file.


See the video step by step to run/learn past post video and current configuration post.




How to Develop Some Other Rest API How to Develop Eureka Server and Eureka Client Configuration How to Develop GateWayAPI How to get Google Token

OAuth2 Security with Spring Boot

, , , 1 comment :
Introduction
OAuth2 is a token-based security authentication and authorization framework that breaks security down into four components. These four components are 
  1.  A protected resource—This is the resource (in our case, a microservice) you want to protect and ensure that only authenticated users who have the proper authorization can access 
  2.  A resource owner—A resource owner defines what applications can call their service, which users are allowed to access the service, and what they can do with the service. Each application registered by the resource owner will be given an application name that identifies the application along with an application secret key. The combination of the application name and the secret key are part of the credentials that are passed when authenticating an OAuth2 token. 
  3.  An application—This is the application that’s going to call the service on a behalf of a user. After all, users rarely invoke a service directly. Instead, they rely on an application to do the work for them. 
  4.  OAuth2 authentication server—The OAuth2 authentication server is the intermediary between the application and the services being consumed. The OAuth2 server allows the user to authenticate themselves without having to pass their user credentials down to every service the application is going to call on behalf of the user. 


OAuth2 is a token-based security framework. A user authenticates against the OAuth2 server by providing their credentials along with the application that they’re using to access the resource. If the user’s credentials are valid, the OAuth2 server provides a token that can be presented every time a service being used by the user’s application tries to access a protected resource (the microservice). The OAuth2 specification has four types of grants: 
  •  Password 
  • Client credential 
  • Authorization code 
  • Implicit

To set up an OAuth2 authentication server, you need the following Spring Cloud dependencies in the authentication-service/pom.xml file


 For Example: You have to Create Project Node Name is: "a143mk-Oauth2-Security" on STS4 Tools.

 

Pom.xml file.

Create AuthServer.java class for use Authorization Server Configuration.



The first thing to note in this listing is the @EnableAuthorizationServer annotation. This annotation tells Spring Cloud that this service will be used as an OAuth2 service and to add several REST-based endpoints that will be used in the OAuth2 authentication and authorization processes.

Like other pieces of the Spring Security framework, to set up users (and their roles), start by extending the WebSecurityConfigurerAdapter class and mark it with the @Configuration annotation.
As such, you need to provide the OAuth2 server a mechanism to authenticate users and return the user information about the authenticating user. This is done by defining two beans in your Spring WebSecurityConfigurerAdapter implementation: authenticationManagerBean() and userDetailsServiceBean(). These two beans are exposed by using the default authentication authenticationManagerBean() and userDetailsServiceBean() methods from the parent WebSecurityConfigurerAdapter class.
you have to Create ConfigWeb.java class.

Run As-> Spring Boot App for Output:


For step by step development working watch the video and learn yourself.
Subscribe to: Comments ( Atom )