Matt Dalen

Greenhorn
+ Follow
since Aug 22, 2012
Cows and Likes
Cows
Total received
1
In last 30 days
0
Total given
0
Likes
Total received
1
Received in last 30 days
0
Total given
1
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Matt Dalen

Hi,

I’ve been working in Spring Boot for a while, and I consider myself reasonably proficient, but I’ve noticed that a number of the spring modules have started moving towards reactive programming. It’s something I have no experience with, and which does not seem particularly intuitive, so I was hoping to find a good resource to teach myself. Any suggestions for books or tutorials to teach myself the background and principles behind reactive programming in spring?
1 month ago
Hi, Craig,

Thanks for answering questions!  I was wondering: Spring has a lot of different interlocking pieces, which make it easy (relatively) for people to pick and choose what they need. What’s the most underrated module, that people don’t really know about, in your opinion?
3 months ago
Yeah, that’s the solution I was leaning towards, I just wanted to see if anyone else had encountered similar issues. Since we don’t know in advance which services they’ll be logging into or what the username and password will be, the entire login and service selection process has to be dynamic based on their request.
9 months ago
Sorry. In the original post “an external service” meant any one of a number of different services we have to log into, each of which may have a different login mechanism.
9 months ago
Some of the services support bearer tokens like that, but there will be others that don't, so we need to support passwords.
9 months ago
Hi, all,

I have a bit of an unusual situation that I'm trying to get a grip on.  I'm building a REST service for a client.  One of the requirements is that upon a certain REST call, the user must be able to pass credentials (username/password), which will be passed among several microservices and ultimately used to log into an external service.  We don't need to store the credentials, and we can't assume that the credentials will be the same for every call, even for the same user.  I know most of the best practices for storing passwords, but I'm at a loss for how to ensure that the password in this case is secured.  I can't hash it because I need it in plaintext in order to log into the external service.  Are there best practices or any suggestions for such a situation?

Thanks,
-Matt
9 months ago

Dave Tolls wrote:SXSSF.
That's probably the one you're looking for.



yep, that looks like it will do it!  Thanks muchly!
3 years ago
Hi, All,

I'm attempting to write a report generator that will read data from a database and create and write it to an excel file. I have it working at the moment, but the solution I found (Apache POI) requires holding the entire excel document in memory prior to writing it.  This is fine for smaller reports, but the business requirements allow for arbitrary-sized reports (eg, generate list of all records in a given table), and I'm worried about memory usage. I've seen references to an ability to write XLSX files line-by-line, but I can't find any information on how that might be done. Does anyone have any recommendations? (Note: I've tried writing csv files, but since we have large numbers in our database, we've run into the issue that Excel automatically zeroes out any digits beyond the 15th of a long number.)
3 years ago
Hi, all,

I'm wrestling with an issue I hoped someone would be able to assist with.  I have a mail client that currently accepts only File objects as attachments, and I'm trying to modify it so that I can also pass in an Inputstream, so I can retrieve it from a remote server and don't have to store the entire file in memory or persist it to disk.

I've found a couple of solutions on the web, but none of them seem to work. Creating a MimeBodyPart using the new MimeBodyPart(InputStream stream) constructor seemed like the logical choice, but when I do that, I get the email without any attachments (and no errors thrown):



I also tried constructing a custom DataSource (storing the InputStream in the constructor and then returning it on getInputStream(). However, when I do that, I always get an IOException that the stream is already closed:



From my testing, it looks like DataSource is closing the stream and trying to reopen it, which doesn't help if I have one single-use stream that I need to retrieve from.

Does anyone have any suggestions?
3 years ago
Hi,

I'm building a rest service based on the Spark framework, and I'm trying to figure out the best way to run field-level validation on the pojos being passed in. Most of the discussions of various validation frameworks I've found online are either several years old or just basically a list of options, with no discussion of their relative benefits. Does anyone have any recommendations? I'm looking for a (hopefully lightweight and easy-to-configure) framework that will validate fields in the pojos based on an xml config file, testing against requirements such as string length, numerical min/max, and basic regex validation.
4 years ago
Apparently the cert they gave me did not have the URL in the CN field and didn't include a subject alternative names field. For testing purposes, I was able to bypass this by setting a custom Hostname Verifier:

6 years ago
Ok, I figured it out. It's a problem in the cert; the example code bypassed the CN check and my code didn't, so it worked in the example code.
6 years ago
Hi,

I'm currently trying to implement a client to connect to an outside restful service with two-way authentication. Testing using the server company's sample client, which uses Apache CXF, works fine and I can send messages. I'm trying to build a more lightweight client than their sample, however, so I don't want to use CXF. However, without using CXF, I'm getting a CertificateException, "No subject alternative names present," which my research indicates usually means there's an issue with the cert. But I know the client and server certs work, since they work in the sample client. And my code uses the same code to build the keystore and the truststore as theirs.

Any ideas as to why I would be getting this error?

My client code is below:

6 years ago

Deepak Bala wrote:

Thanks! That helped a lot - I *think* it's actually an error in the cert file I was given. If I'm reading the logs right, the issuer on the cert file doesn't match the list of valid cert authorities they accept.



From what I understand, one of the issuers on the cert chain is unavailable for verification on your client side trust store. For example - The root CA for github is DigiCert. If DigiCert is unavailable in the trust store, any communication between you and github will fail with a SSL error saying the CA cannot be verified.

To fix the problem (if that is the problem) import the CA's cert into your trust store. Who is the CA ? Is the certificate self signed ?

[EDIT]

My assumption here is that the error you are talking about came from not trusting the cert presented by the server. Please post the SSL debug logs and we can help you further.



I was able to track down the issue - I was given the wrong cert, which is why the issuer didn't match. Thanks for everyone's help!
7 years ago

Jaikiran Pai wrote:Is there anything in the SSL debug logs (http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html)?



Thanks! That helped a lot - I *think* it's actually an error in the cert file I was given. If I'm reading the logs right, the issuer on the cert file doesn't match the list of valid cert authorities they accept.

Richard Tookey wrote: <edit> On re-reading I may have misunderstand where the PKCS12 file comes from. If it is one you generated for the client side authentication then the above does not apply but of course the certificate contained in the PKCS12 file must be signed by a CA that the server recognises.



Yes, this is the pkcs12 file we generated for client-side authentication. However, I think you're right that it's an issue with the CA not matching.
7 years ago