Spring Boot: Logging Failed Logins

Posted on April 18, 2017 by

In many applications it’s important to react to failed logins and other security-critical events, for example to log the failed login attempt to a file or to display a captcha after repeated failures. Spring-based applications come with a simple mechanism to access this kind of information using Application Events.

Continue reading

Posted in java | Tagged , | 2 Comments

The Curse of Convenience Methods

Posted on February 5, 2017 by

In the old days, many Java APIs were fairly low level and pretty generic. You often had to explicitly select a concrete implementation, provide lots of parameters, and generally needed to know how things worked. This has changed in recent years – modern APIs provide lots of convenience functionality that raises the level of abstraction and increases productivity. I like this as much as anybody else, but unfortunately it can also lead to subtle bugs.

Continue reading

Posted in best practices, java | Tagged , , | Leave a comment

Empty InputStream with Spring MVC

Posted on January 6, 2017 by

The other day, I was trying to build a simple batch upload interface for a Java web application running Spring Boot with Spring MVC on Apache Tomcat. But when I tried reading the InputStream in my controller, it was always empty. Fortunately, this turned out to be quite easy to fix.

Continue reading

Posted in java | Tagged , , | Leave a comment

Checking Whether a Process Exists

Posted on December 31, 2016 by

On Linux/Unix systems, there’s occasionally the need to check whether a process is running. Some people use it for simple status checks or when building their own lifecycle scripts for startup and shutdown. I don’t think it’s a particularly good practice these days because all of this can be achieved with tools like systemd, supervisord, JavaServiceWrapper, or even Docker. But if you can’t use these for some reason, read on.

Continue reading

Posted in linux | Tagged , | Leave a comment

Detecting Security Upgrades on Ubuntu

Posted on October 22, 2016 by

In my article on unattended upgrades I described how to set up an Ubuntu system to install security upgrades automatically. This is convenient for small setups, but in an enterprise environment you typically want to perform some QA before applying the change. A better solution is to have your monitoring system generate an alert if security upgrades are available. In this article,  we’re going to build an Icinga plugin to hook into your monitoring/alerting system.

Continue reading

Posted in linux | Tagged , , , | Leave a comment

Detecting HTTP/2 Support

Posted on August 27, 2016 by

Thanks to Ubuntu 16.04 which includes a fairly recent Nginx version, I have now enabled HTTP/2 on my private server. Of course, I also wanted to verify whether my configuration change had any effect – after all, there is no visible change (except for a little speed-up). One option that works really well is the HTTP/2 and SPDY indicator Chrome extension. But after some playing around with Python, I also found an easy way to detect HTTP/2 support using just Python’s standard library.

 

Continue reading

Posted in python | Tagged , , | 1 Comment

Migrating to HTTPS

Posted on June 5, 2016 by

There’s more to migrating a complex site to HTTPS than just enabling TLS in your web server or reverse proxy. All links to embedded resources like style sheets, images, or scripts need to be served via HTTPS and potentially have to be rewritten. In a well-designed site that’s not an issue, but in most peoples’ organically grown setups it can be a huge effort.

Continue reading

Posted in misc | Tagged , , | Leave a comment

Let’s Encrypt on WordPress.com

Posted on April 10, 2016 by

A couple of days ago, WordPress.com announced that they are now supporting TLS for custom domains (which is how this blog is hosted). There are many reasons for not hosting a blog yourself even if you have the necessary skills, like not having to deal with security updates and scalability issues for starters. Flexibility isn’t one of them, unfortunately, so I’m very pleased TLS has finally arrived. But let’s have a look at their setup.

Continue reading

Posted in meta | Tagged , , | 1 Comment