Java Based Password Hasher and Tester using Random Salt

For security reasons, you would not want to store your passwords in raw format to your database. You would probably want to store it in an encoded form. At the same time, you would not want a malicious users to decode the password that you have encoded and stored, which would be another security flaw.

So, how do you then store the password, at the same time be able to test programmatically that the passwords match during login?

There are multiple ways of doing it. But in this article, I will talk about storing the password hashed with a random string called “salt”. That makes each encoding unique. So even if someone got hold of salt for one password, they can’t decode all the other passwords encoded with different salt.

Here is a simple Password Hasher that I wrote that utilizes the algorithm PBKDF2WithHmacSHA512. What does that mean? Let’s break it down.

  • PBKDF2 is “Password-Based-Key-Derivative-Function” version 2
  • HMAC is Keyed “Hash Message Authentication Code”
  • SHA512 is Secure Hash Algorithm

As you can see, it uses multiple algorithms for password encoding and hashing.

The algorithm can take multiple parameters.

PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, 10, 512);<br>

  • The text password itself
  • Salt – a random string
  • Iteration Count
  • Key Length

Here is source code for Password Hasher.

Here is a unit test to test the same:

How to auto deploy your java WAR file to your hosting server from your Local

I usually used to build the war file and then open the control panel of the hosting site and then upload my war file using either war upload or one one of their tools. Although it didn’t take much to do that, I always wanted to see if it can be done quicker than that by some sort of scripts.

So here is what I finally came up with. I am utilizing the FTP command.

I created a ftp.txt file with all the ftp command input including your user name and password. I will call this a config file. The config file looks something like this

Now you can run your ftp command as (alternately put this in a deploy.bat)

>ftp -s:ftp.txt

This should connect to your FTP and then upload your war file. If you would like to delete the existing WAR file ont he server, you can add the following line to your config just before your put command.

del <YourWARFile.WAR>

Deploy completed with just one line command !!

How to copy React JS build files to Springboot Resources folder.

Unlike angular, where you could specify your build output, reacjs does not seem to have a way to do that (to my knowledge). So I had to write a simple shell script to do the copy after the build is done.

My ReactJS project is located under: src/main/webcontent
So the build files are located under: src/main/webcontent/build

However, the static resources spring boot uses are located under src/main/resources

Here is the resources folder:

So in order for me to copy these files after the build is done, I wrote a very simple shell script. The script changes directory to webapp folder, deletes any pre-existing files by iterarting through sub folders. It then iterates and delets the subfolders themselves. Finally, it changes directory over to the folder where the built ReactJS files are located. It they issues a xCopy command to copy them over to the static folder.

REM COPYING FILES FROM REACJS BUILD FOLDER TO RESOURCES FOLDER
cd src\main\resources\webapp
del /S /F /Q *.*
RMDIR static /Q /S
cd ..\..\webcontent\build
xcopy *.* ..\..\resources\webapp\ /s /i

cd ..\..\..\..

I put this script on a .bat file along side pom.xml. So that I can just quickly issue the command after the maven build is done (which includes auto build of reactjs). So my sequence would be:

>mvn clean package
>publish_ui.bat

Spring Boot Application – View Resolver for Static Angular Pages.

Build Your Angular Project Into resources/static folder. You can specify the folder in angular.json file.

Here is the generated files.

Have your controller return a string “index”

@Controller
@CrossOrigin
public class HomepageController {


@RequestMapping({"/"})
public String index() {
return "index";
}
}

Then enable WebMVC and tweak some configuraitons. This should serve the index.html from the resources/static folder.

@Configuration
@EnableWebMvc
public class MvcConfig implements WebMvcConfigurer {

@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver bean = new InternalResourceViewResolver();
bean.setSuffix(".html");
return bean;
}

@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/**").addResourceLocations("classpath:/static/");
}
}

Checksum Mismatch on Flyway – Spring Boot

I created some test tables via flyway, since they were successful, I deleted the tables, scripts and restarted versioning from V1. However, it appears that Flyway maintains a version of the database migration, which prevented me from running the app with an ugly error that said the checksum mismatch occurred on Flyway.

There is an easy fix for that though. You just need to set the following flag in your application properties.

spring.flyway.validateOnMigrate= false

You might however want to do that on your non-prod profiles, that way you are still validating the production.