Archive

Posts Tagged ‘spring profiles’

Creating an online service – don’t start from scratch!

November 5, 2012 4 comments

The previous post discussed setting up our development environment, now that we got that covered, it’s time to move on to the main event.

A word about open source before I begin:  in the past couple of months I’ve been exposed to more open source code than I have been for the past 20 years of being a developer.  This unbelievable amount of freely available software and information has saved and will save me years of development and research, and is the real true enabler to what I am about to do.  All code written by me and presented here is GPL, which means you can copy/modify/improve it at will, with no limitations what-so-ever (and no warrantees, read the GPL agreement please).  Some small parts of the code had been copied from internet sources, and there’s even one case where a different license applies (BSD, another open license), I’ve added that distinction to code which has been copied in whole and needs that different license (actually only one place in the javascript code).  If you believe any parts of the code presented here are under a different license or should not be used, please let me know and I will take actions to resolve the problem, but all in all this should all be GPL free, as most of it has been written by your truly.

To get started, go to basic server google page and clone my repository from there.  Using git, this should be as simple as typing in console:

git clone https://thezuck@code.google.com/p/basic-service/ your_project_name

Note that even though a password may be requested, you are using a read-only pull and can just click enter.

From here on, I’ll assume you are using Eclipse as your IDE, if you’re using Idea things may be a little bit different but the general idea (pun intended) is the same.

Once you get the code to your work environment, use Eclipse->File->Import->Existing maven project, browse and choose the skeleton directory (on my system it’s /Volumes/srcvault/your_project_name/), and import the project to your workspace.

You’ll now have to make some changes to make this project your own.

Let’s take care of the settings and file system changes: 

I use case-sensitive search-replace on the file system starting with the main project directory and including sub-directories.  In my opinion it’s the fastest and safest option (TextWrangler does this perfectly on my Mac OSX). Replace all instances of basicservice and basic-service, with capital letters and without.  After doing that the project won’t compile because the package directories are still basicservice, so remember to rename them manually after you do the search-replace.

At this point, your code should compile, but there’s still a couple of things to do.  Before moving on, go to src/test/java, right click it and run as->JUnit test.  If everything is green, you’ve successfully cloned and migrated the code to your project.

Next go to development.spring.properties, and change the mongo.db.name to yourprojectname_db.  This is the mongo db you will be using locally, so remember it if you want to access it later (you can also see all the db’s available so this is not a big deal).

Open production.spring.properties, login to cloudbees.com and create a new Mongo DB repository in Cloudbees and update the relevant production information which you’ll find in Cloudbees after you create the new Mongo DB repository (you should know how to do that by now if you’ve followed the recommended youtube movie from the previous post).  Don’t forget to add a new mongo-db user and update that information as well.

After everything compiles and all data has been filled in, we have one last thing we must do:

Next we need to make some changes to the keys used by ESAPI for encryption (in ESAPI.properties).

Note: you MUST set these keys or else your site’s security will be compromised!  Do not use Basic Service’s keys as EVERYONE has them.

Generate  (and assign) the following two keys by using Utils.generateESAPIKeys().  To do that, you can create a simple main method in Utils, which looks like this:

public static void main(String[] args) throws Exception {
generateESAPIKeys();
}

Right click Utils, and run as java application.  When you run it, you’ll see an AppSensor exception.

This happens because ESAPI is not configured properly for this project.  Go to Run->Run configurations, click on argument, and in VM arguments, add the following:

-Dorg.owasp.esapi.resources=src/main/webapp/WEB-INF/esapi

* NOTE:  because wordpress changes regular quotes into styled quotes in this post, you can’t simply copy the above line.  After you copy and paste this line in eclipse, you need to manually delete the orange styled quotes and replace them with regular double quotes or this will not work.

Now try running again, and you should see the following output:

Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Found in ‘org.owasp.esapi.resources’ directory: /<the path to your project>/your_project_name/src/main/webapp/WEB-INF/esapi/ESAPI.properties
Loaded ‘ESAPI.properties’ properties file
Generating a new secret master key
#==============================================================
Encryptor.MasterKey=kdP+LK4OIIAdWDc+heyN3E==
Encryptor.MasterSalt=hgR9kW/bQWlGGD4JHESwnUY35a2=
#==============================================================
 
Copy the two keys to ESAPI.properties instead of the existing Basic Service keys.

Last, to run the actual service, you need to create a Maven Build configuration, and add the ESAPI configuration there as well.

Go to Maven Build (click Run->Debug configurations and go to Maven Build) and create a new configuration.  Change the name to your project name, and add the following:

  • In Main:
    • In base directory, enter: ${workspace_loc:/your_project_name}
    • In Goals, enter: install jetty:run
    • In profiles, enter: development
    • In parameters (right above Maven Runtime), click [Add…] and add the following:
      • Name:org.owasp.esapi.resources
      • Value:target/your_project_name/WEB-INF/esapi/
  • In refresh, make sure the “Refresh resources upon completion” checkbox is checked, and the “The entire workspace” radio button is selected.
  • In source, click [Add…]->Project, and add your project (so you can debug your code).  You might also want to add the ESAPI and AppSensor source jars so you can debug those as well if you have to.
  • In environment, add the following:
    • name:SENDGRID_PASSWORD
    • value:na
    • name:SENDGRID_SMTP_HOST
    • value:na
    • name:SENDGRID_USERNAME
    • value:na
    • name:spring.profiles.active
    • value:development

Click the DEBUG button, and if all went well, you should see a lot of debug prints, and eventually: [INFO] Started Jetty Server

Go to localhost:8080 and watch your new service in action.  If you forgot to run MongoDB locally, you will see an exception when trying to login, since your service can’t connect to a database.

Either run mongo locally, or change the development properties to point to your production db (remember to change it later, working in dev on production db is a big NoNo!)

Now that we have everything setup locally, it’s time to get this service to production.

The next post will cover that part in details, although you should have a general idea of what’s needed if you’ve followed the recommended youtube movie.

Advertisements