Everything you ever wanted to know about SSL (but were afraid to ask)

Or perhaps more accurately, “practical things I’ve learned about SSL”. This post (and the companion Spring Boot application) will demonstrate using SSL certificates to validate and authenticate connections to secure endpoints over HTTPS for some common use cases (web servers, browser authentication, unit and integration testing). It shows how to configure Apache HTTP server for two-way SSL, unit testing SSL authentication with Apache’s HttpClient and HttpServer (Java), and integration testing a REST API within a Spring Boot application running on an embedded Tomcat container.

There are lots of ways for a client to authenticate itself against a server, including basic authentication, form-based authentication, and OAuth.

To prevent exposing user credentials over the wire, the client communicates with the server over HTTPS, and the server’s identify is confirmed by validating its SSL certificate. The server doesn’t necessarily care who the client is, just as long as they have the correct credentials.

An even higher level of security can be gained with using SSL certificates for both the client and the server.

Two-way SSL authentication (also known as “mutual authentication”, and “TLS/SSL with client certificates”) refers to two parties authenticating each other through verifying provided digital certificates, so that both parties are assured of the other’s identity.

Read on →

Spring Social Bootstrap: Create REST API SDKs and CLIs that can Record and Replay HTTP requests

I joined SportsLabs (then still under the Silver Chalice brand) way back in 2011 as one of its earliest employees and the first engineer.

We started work on envisioning and building the Advanced Media Platform - a system to ingest, process, transform, distribute, and stream sports, news, social, and media content to create market leading mobile, web, and social products for clients such as Samsung, the University of Notre Dame, the ACC, the College Football Playoff, IMG College, the Mountain West and Campus Insiders, among others.

Since then, SportsLabs has consumed data from dozens of sources including STATS LLC, Twitter, and Ooyala, but also from proprietary systems that were never foreseen as integration points.

Data providers’ APIs use combinations of JSON, XML and/or CSV. Some are spec-compliant, others are not. Some rely heavily on query parameters, while others favor HTTP headers. Some API providers use OAuth 2.0 plus API rate limits, while others have rolled their own security solutions. Some integrations were with partners willing to work with us on evolving their web services. Others were with competitors who were not motivated to make things easy.

This plethora of ways to configure, consume, learn from, and integrate with APIs led us to create Spring Social Bootstrap, a family of projects intended to aid creating and managing API clients for many of the above scenarios.

Spring Social Bootstrap is comprised of the following:

Read on →

Supporting Multi-Step Commands with Spring Shell

Out of the box, Spring Shell supports printing command results to the terminal in a fairly basic way.

Spring Shell also provides the ExecutionProcessor interface, allowing a “command provider to be called in a generic fashion just before, and right after, executing a command”.

The interface defines three lifecycle events that can be intercepted:

  • before a command has been invoked
  • after an invocation has been returned
  • after an exception was thrown

I was interested in hooking into the afterReturningInvocation to provide “step logic” - potentially allowing user or system input to execute additional logic based on the result of the initial command result (and/or each step result) e.g. paging backwards or forwards on the command line through lists of data.

I was able to achieve this and opened a JIRA ticket and the following pull request on Spring Shell’s GitHub repo: SHL-174: Multi-Step Commands #67

Read on →

Adding Java Config support to Spring Shell

Be it DVCS workflows, JSON transformations, or blogging frameworks, I always favor tools that allow me to use the terminal.

I’ve recently started using Spring Shell for rapidly experimenting with consuming data from a series of APIs I had created.

I have become allergic to XML configuration for Spring applications in recent times, so I was disappointed to see a lack of support for Java configuration within Spring Shell.

However, I did find a JIRA issue tracking the feature request. The ticket creator had even submitted a pull request with a potential solution. However, Spring Shell lead Mark Pollack responded that the feature could be provided in a simpler manner and even provided guidance to the solution.

Implementing this solution seemed quite straightforward, so I gave it a go and it turned out well.

I’ve submitted the following pull request to the Spring Shell GitHub repository: SHL-106: Java Configuration support #66

Read on →