MANAGMENT

In this blog i will show how to configure Quality Gates in SonarQube server. What is Quality Gate?    Quality Gate is combination of various conditions, against which SonarQube server measures project quality thresholds. There are different categories/severity of issue which sonar reports, like Critical, Blocker, Major, Code Coverage, blocker issues since last build and many others. Before I explain further, let me explain when need arises to create custom quality gates.    Sonarqube works with many technologies, all these technologies will have different standard and process. And measuring criteria can't be same for all these applications, in such scenarios different Quality Gates will be needed for each of these projects/application.    Now moving on with the Quality Gate creation process.    Login to SonarQube server, for me it is hosted at " http://localhost:9000/ ", incase it defers then access the url on which sonarqube server is hosted. ...

   Jenkins provides easy integration with different kinds of plugins which are helpful in overall improvement and management of development life cycle and code quality. One of such plugin is SonarQube.     SonarQube is code quality analysis software. It runs through the code and identifies code quality issues. It has got web portal where you can generate different kinds of reports like Technical Debt Code Issue, with actual code linkage. Different types of reports. Maintains the history of issue details. Can check increase and decrease. Rules configuration. Quality Gates Code duplication and Many others.     There is provision in Jenkins to integrate this plugin, which can be executed during the building of applications. Also there is option of failing the build process if the code quality does not match the defined quality gate in Sonar.   Now i will show how to integrate this plugin with Jenkins. Assumption is that Jenkins is installed in your system...

Here i am going to show how to change the log level in logback logging api at runtime. Following are the possible log level available in logback. TRACE DEBUG INFO WARN ERROR Below is the set of code if it gets executed will changes the level to the one it is being set. First retrieve the LoggerContext using LoggerFactory, then retrieve the root logger or you can retrieve any specific logger as well. After getting the rootLogger then call setLevel method to specify the new log level. LoggerContext loggerContext = (LoggerContext)LoggerFactory.getILoggerFactory(); Logger rootLogger = loggerContext.getLogger(Logger.ROOT_LOGGER_NAME); ((ch.qos.logback.classic.Logger) rootLogger).setLevel(Level.DEBUG);

Use following setting in your web application to enable SSL for certain pages. For example: Certain page in the application should be accessible on https, like SSL: https:// www.dummy.com / app/login https:// www.dummy.com / app/payment Non SSL: http:// www.dummy.com / app/help http://www.dummy.com/app/contact This setting can be enabled at application level by specifying appropriate configuration in deployment descriptor file i.e. web.xml. Open web.xml located inside WEB-INF folder in application. Add following code <security-constraint> <web-resource-collection> <web-resource-name>Non SSL</web-resource-name> <url-pattern>/help</url-pattern> <url-pattern>/contact</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint...

This blog will explain how to enable SSL on Tomcat7.x server on Linux. Step1: Generation of Key file. How to generate the key file using OpenSSL. Prerequisites: OpenSSL Run following command to generate the key file. openssl genrsa -out myapp.key 2048 output of this command will be "myapp.key" file on current directory, if you want to create this file in different directory, you can specify the file name with the path. Last parameter is for size of the key to generate. I have used 2048 which is considered to be secure. But you can use 4096 or lesser values based on your need. openssl genrsa -out /app/key/myapp.key 2048 Step2: Generation of CSRfile. Once you get the key file you need to generate the CSR file for getting the signed public certificate. For generating the CSR use following command. openssl req -new -key app.key -out myapp.csr Step3: Generation of public certifcate   After generating the CSR file, get the certificate generated. And once you receive the public cert...

In this short blog I will show a small change in configuration which will persist password in spring org.springframework.security.core.Authentication object. It is not best practice to keep password in object after authenticating the user, but in case if you want to persist the password then following is the code which needs to be added in spring application configuration. For the " authentication-manager " tag you need to add " erase-credentials " attribute and set the value to false. Below is code snippet: <security:authentication-manager erase-credentials="false"> <security:authentication-provider ref="AuthenticationProvider"/> </security:authentication-manager> Hope this will be useful.

In this blog i am going to show how to implement role based method permission with Spring Security. Here i am showing "@PreAuthorize"  and its integration,  To start with let me show you the dependencies which needs to be there in your project to start. I am using spring Spring 4.x. Apart from basic spring jars you need to have following jar which is specific to spring security in your project. spring-security-config jar spring-security-core jar spring-security-web jar Once these jar files are added to the project, following changes needs to be done in step wise manner to better understand their purpose and understanding. Step1:   Add following code to applicationContext.xml or configuration file which you are using. Add namespace details in xml file. xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd...