Creating a CSRF protection with Spring 3.1

Note: This tutorial is for Spring Security 3.1, an updated version that uses the build-in CSRF protection of Spring Security 3.2 can be found here

CSRF Attacks still seems to be a problem, a pity that there is no standard solution in the Spring 3.1 framework. Although not probably, i wanted to protect my projects by malicious crafted links.

I didn’t want to use an extra library but something which is already available in the Spring framework. Here is what i come up with:

Read the complete article »

Filed in English posts, Java | Comments (17) »

11-Jan-12

Mac OS X Lion loses network connection after sleep

Sleep related problems have never been a problem for me with OS X (at least the sleep of the machine) since Lion.

Sleep works perfectly fine but after wake my machine has no internet connection anymore, at least it looks like this. It’s only domains that aren’t resolved anymore. It also affects wired and wifi networks. There are a lot of threads in the Apple forums that blame USB drives, Optical drives and the like but this sounds a bit like voodoo.

I found the following working solution:

Edit “/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist” like so:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>com.apple.mDNSResponder</string>
	<key>OnDemand</key>
	<false/>
	<key>UserName</key>
	<string>_mdnsresponder</string>
	<key>GroupName</key>
	<string>_mdnsresponder</string>
	<key>ProgramArguments</key>
	<array>
		<string>/usr/sbin/mDNSResponder</string>
		<string>-launchd</string>
		<string>-AlwaysAppendSearchDomains</string>
		<string>-DisableSleepProxyClient</string>		
	</array>
	<key>MachServices</key>
	<dict>
		<key>com.apple.mDNSResponder</key>
		<true/>
	</dict>
	<key>Sockets</key>
	<dict>
		<key>Listeners</key>
		<dict>
			<key>SockFamily</key>
			<string>Unix</string>
			<key>SockPathName</key>
			<string>/var/run/mDNSResponder</string>
			<key>SockPathMode</key>
			<integer>438</integer>
		</dict>
	</dict>
	<key>EnableTransactions</key>
	<true/>
</dict>
</plist>

and relaunch the mDNSResponder like so:

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist 
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

This fixes to things: The domain resolution described here and the 2 hourly automatic wake from sleep described here.

Update:

It seems that fixed the problem just for that one time. To fix it every wake i use “SleepWatcher” by . Installed as said in the read me, save this file somewhere as restart_mDNSResponder

#!/bin/bash
killall -HUP mDNSResponder

and copy this

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>de.bernhard-baehr.sleepwatcher</string>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/local/sbin/sleepwatcher</string>
                <string>-V</string>
                <string>-w /path/to/restart_mDNSResponder</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>KeepAlive</key>
        <true/>
</dict>
</plist>

to /Library/LaunchDaemons/de.bernhard-baehr.sleepwatcher-20compatibility.plist.

and execute

sudo launchctl load -w /Library/LaunchDaemons/de.bernhard-baehr.sleepwatcher-20compatibility.plist

This did the trick for me.

Filed in Apple, English posts | Comments (0) »

05-Jan-12

Git snippets

These are a view things that i had looked up to solve some problems and i plan to update this post regularly…

To push a new branch to remote

git push origin new_branch

To delete a remote branch

git push origin :new_branch

To push new tags

git push --tags origin

To delete a remote tag

git tag -d 12345
git push origin :refs/tags/12345

To reset a local branch to exactly match a remote branch

git fetch origin
git reset --hard origin/master

To abort a rebase

git rebase --abort

Changing the origin of your git repository (relocate the repository)

git config remote.origin.url [new origin url]

How do I make git ignore mode changes (chmod)?

git config core.filemode false

Delete the last commit if it is not pushed yet:

git reset --soft HEAD~1

Remove file from repository but not from filesystem (in case you’ve ignored a file but don’t want to delete it)

git rm --cached Foobar.java

Short log (oneline), including sha and date

git log --pretty=format:"%h %ad%x09%an%x09%s" --date=short

Count commits by author:

git shortlog -s -n

Display the first n commits:

git log --pretty=format:"%h %ad%x09%an%x09%s" --date=short  --reverse | head -20

Merge a branch but don’t commit the merge yet (and avoid fast-forwards):

git merge --no-commit --no-ff theAwesomeFeatureBranch

List all files changed since commit:

git git diff --name-only  COMMIT_ID_OR_WHATEVER_COMMITISH

This one is useful, if you did a lot of amending to an old commit and want to restore it’s date order for your inner monk:

Do an interactive rebase, edit the commit in question with “e” or “edit”, so that you can amend it again and then continue rebase:

git rebase -i <ref>
git commit --amend --reset-author --no-edit
git rebase --continue

Or you could move around the commit during your rebase as well, if it isn’t your last commit.

Group commits by author:

git shortlog -s -n

Reduce the repositories database size:

git reflog expire --all --expire=now
git gc --prune=now --aggressive

(See this answer)

Pushes a subtree onto a different branch (“dist” being the subtree here):

git subtree push --prefix dist origin gh-pages

Create a new branch with all the content from the parent but without commits:

git checkout --orphan public

Last update: 2019/01/06

Filed in English posts, Shortcuts | Comments (0) »

22-Dec-11

oEmbedding twitter updates with Java and WordPress

I’m really a big fan of oEmbed. My project Daily Fratze acts as oEmbed provider and consumer for example.

Now I’m really happy that twitter announced that it now acts as an oembed provider:

(I’d even be happier if twitter would autodiscover providers 😉 )

To use this in a Java based application you can use my java-oembed lib with the following configuration:

Oembed oembed = new OembedBuilder(this.httpClient)
	.withCacheManager(cacheManager)
	.withBaseUri("http://yourproject")
	.withConsumer("yourproject")
	.withProviders(					
			new OembedProviderBuilder()
				.withName("twitter")
				.withFormat("json")
				.withMaxWidth(480)
				.withEndpoint("https://api.twitter.com/1/statuses/oembed.%{format}")
				.withUrlSchemes("https?://twitter.com/#!/[a-z0-9_]{1,20}/status/\\d+")
				.build()
	 )
	.withHandlers(new CommonHandler("twitter"))
	.build();

The handler looks like this:

import org.apache.commons.lang.StringEscapeUtils;
import org.jsoup.nodes.Document;
import org.jsoup.nodes.Element;
 
import ac.simons.oembed.OembedResponse;
import ac.simons.oembed.OembedResponseHandler;
 
 
public class CommonHandler implements OembedResponseHandler {
	private String handlerFor;
 
	public CommonHandler(String handlerFor) {
		this.handlerFor = handlerFor;
	}
 
	@Override
	public String getFor() {
		return handlerFor;
	}
 
	@Override
	public void handle(Document document, Element a, OembedResponse response) {
		final StringBuilder hlp = new StringBuilder();
 
		final String title = StringEscapeUtils.escapeHtml(response.getTitle());
		if(response.getType().equalsIgnoreCase("video") || response.getType().equalsIgnoreCase("rich")) {
			hlp.append("<span style=\"display:block; text-align:center;\">");
			hlp.append(response.getHtml());
			hlp.append("</span>");
		} else if(response.getType().equalsIgnoreCase("photo")) {			
			hlp.append("<span style=\"display:block; text-align:center;\">");			
			hlp.append(String.format("<img src=\"%s\" alt=\"%s\" title=\"%s\" style=\"width: %d; height: %d;\" />", response.getUrl(), title, title, response.getWidth(), response.getHeight()));			
			hlp.append("</span>");
		}
 
		a.before(hlp.toString());
		a.remove();		
	}
}

Be careful to get the latest release, twitter has some real large values for cache ages and i needed to update a member from int to long.

To have WordPress automatically embed statusupdates, add the following line to the “functions.php” of your current theme. Create the file if it isn’t available in the root folder of your theme:

wp_oembed_add_provider('#https?://twitter.com/\#!/[a-z0-9_]{1,20}/status/\d+#i', 'https://api.twitter.com/1/statuses/oembed.json', true);

Whenever you add the plain link (whithout an anchor tag) to a statusupdate on a single line in a post, it will be embedded like the example above.

Update

If you are more into plugins, just download my Enable Twitter oEmbed WordPress plugin, install it and you’re good to go.

An alternative to oEmbed for Twitter was the Twitter Blackbird Pie Plugin for WordPress, but why adding more stuff if everything else is already there? My plugin is much more lightweight.

Embedding me looks like this, by the way:

michael | DailyFratze.de ...täglich frisch!

the picture will always show my latest update on daily fratze.

As this is probably the last post here for this year, i wish every visitor some nice christmas holidays!

Filed in English posts, Java, Wordpress | Comments (0) »

20-Dec-11

Scripted network mounts with Windows

I have some services and scheduled tasks that call a Batch file under windows. The scheduled tasks cannot access network drives that the assigned user has defined, but luckily there is a “mount” pendant within Windows as well.

To mount a network share within the Batch script use:

net use t: \\server\share /persistent:no

The authentication is taken from the user that is assigned to the task.

If this not enough use

net use t: \\server\share /persistent:no /user:user@domain password

To unmount the share use

net use t: /delete

Filed in English posts, Shortcuts | Comments (0) »

12-Dec-11