For security, the server listens only on localhost (127.0.0.1) and requires HTTP Basic Authentication. No outside network traffic is accepted or processed (packets never leave the host). Currently, the server uses a self signed certificate - details below.
Use maven to build and package the microservice into a jar using this command:
mvn clean package
All configuration parameters are entered in a file called application.properties. A version with default values can be found in the top level of this project.
Details about the database are configured in this file. The default entries for the database configuration are shown here:
spring.datasource.url=jdbc:mariadb:failover://{db_host:db_port/{portal_db} spring.datasource.username={username} spring.datasource.password=ENC({encrypted_password})
The HTTP server's username and password are configured in this file. Only one username/password is used to secure the REST endpoint. The default entries for the server are shown here:
security.user.name={basic_auth_username} security.user.password=ENC({encrypted_basic_auth_password})
When you package the application into a jar file and launch the microservice using that jar, the configuration file must be in the current working directory where you launch the service.
Use the following command to generate an encrypted password for the database and the micro service. The entire command must be entered on one line; the command shown below uses backslashes to break lines for readability:
java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar \ org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI \ algorithm=PBEWithMD5AndDES \ input='YourPasswordHere' \ password='EncryptionKey'
Note, 'YourPasswordHere' is the actual database password, as supplied in the 'password' parameter. The value 'EncryptionKey' is used to encrypt the input, and must be supplied at run time in one of two ways:
On the command line with a JVM argument "-Djasypt.encryptor.password". Here's an example of using maven with the Spring-Boot goal:
mvn -Djasypt.encryptor.password=EncryptionKey spring-boot:run
Here's an example of using java and the jar file:
java -jar dbc-microservice.jar -Djasypt.encryptor.password=EncryptionKey
In the application.properties file using the key jasypt.encryptor.password. For example:
jasypt.encryptor.password=EncryptionKey
Check the configuration properties in file src/main/resources/application.properties. Then launch the microservice for development and testing like this:
mvn clean spring-boot:run
Ensure a valid configuration is present in file application.properties in the current working directory. Then launch the microservice for production like this:
widget-service.sh start
Build 1702.3.48, 5 Feb 2017
Build 1.2.175
Build 1.2.145
Build 1.2.140
Build 1702.3.86
Build 1702.3.79, 10 Feb 2017
Build 1702.3.78, 9 Feb 2017
Build 1702.3.75, 07 Feb 2017 DE267061 - Removed a hardcoded intance of loginId used in the query.
Build 1702.3.73, 06 Feb 2017 DE267061 - Fixed - user should only see widgets that were uploaded against app/roles that they have OR if they were uploaded by checking All Users checkbox. Build 1702.3.71, 5 Feb 2017
Ikram Ikramullah
Export certificate from microservice's keystore - default password is 'microservice' keytool -exportcert -keystore widget-keystore.p12 -alias widget-microservice -file widget-cert.cer
Import the exported certificate of microservice from step 1 and import it into Portal JRE's cacerts file. The location of this file is %JRE%/lib/secuirty/cacerts.
keytool -import -trustcacerts -keystore "C:\Program Files\Java\jre1.8.0_91\lib\security\cacerts" -noprompt -alias widget-microservice -file widget-cert.cer
OR ; keytool -import -trustcacerts -keystore /usr/local/add-on/jdk1.8.0_60/jre/lib/security/ -noprompt -alias widget-microservice -file widget-cert.cer
If the intent is to run this microservice without https i.e run on plain http, comment out (put a leading #) infront of all properties in 'Certificate Properties' section of application.properties - these properties are
server.ssl.key-store=classpath:widget-keystore.p12 server.ssl.key-store-password=ENC(DiIYnAMab4u7rEW2yKhF9zBL00uU55q8) server.ssl.keyStoreType=PKCS12 server.ssl.keyAlias=widget-microservice
a). Build docker image: mvn docker:build b). Run the service in docker: docker run -p : -t c). Check running docker containers: docker ps