Monday, March 29, 2010

Adding HTTP Authentication to Tomcat Container

I used the following method to secure the entire application. We use .htaccess based authentication setup in apache. I wanted a same sort of setup in tomcat instance.

Initially I added a user in the $catalina_home/conf/tomcat-users.xml







Then I add the security constraint in the web.xml of the application. In my case it was the default application ROOT. Hence I added the following entries in $catalina_home/webapps/ROOT/WEB-INF/web.xml





Entire Application
/*



agroup





BASIC
Authenticate yourself





The role that is required to log in to the Manager Application

agroup




Hence all the users under the security role "agroup" will be able to access the applicationn.

Hope this helps some one somewhere..

Thursday, March 18, 2010

Bash Script to send email using smtp authentiation and bash file descriptors

Sometimes we require bash script to perform some operation and use a remote mail server to send mails. In this instance we require smtp authentication for the remote server to allow this operation.

The script was copied from the link http://linuxshellaccount.blogspot.com/2008/04/shell-script-to-send-mail-using-bash.html which describes networking with the help of file descriptors.

I just added a smtp authentication part.

Please ensure that others do not have access to your bash history for security reasons.

Usage

sh mail.sh report@yourserver.com youremail@gmail.com yourserver.com yourmailserver.com filecontainingmessage email@yourmailserver.com youremailpassword





SCRIPT CONTENTS:


mail.sh




#!/bin/bash

#
# mail.sh
#
# 2008 - Mike Golvach - eggi@comcast.net
# 2010 - Rayber
#
# Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License
#

if [ $# -ne 7 ]
then
echo "Usage: $0 FromAdress ToAdress Domain MailServer MailTextFile AuthEmail AuthPass"
exit 1
fi

from=$1
to=$2
domain=$3
mailserver=$4
mailtext=$5
authemail=`echo $6|openssl enc -base64|awk 'sub("..$", "")'`
authpass=`echo $7|openssl enc -base64|awk 'sub("..$", "")'`

if [ ! -f $mailtext ]
then
echo "Cannot find your mail text file. Exiting..."
exit 1
fi

exec 9<>/dev/tcp/$mailserver/25
echo "HELO $domain" >&9
read -r temp <&9
echo "$temp"
echo "auth login" >&9
read -r temp <&9
echo "$authemail" >&9
read -r temp <&9
echo "$authpass" >&9
read -r temp <&9
echo "Mail From: $from" >&9
read -r temp <&9
echo "$temp"
echo "Rcpt To: $to" >&9
read -r temp <&9
echo "$temp"
echo "Data" >&9
read -r temp <&9
echo "$temp"
cat $mailtext >&9
echo "." >&9
read -r temp <&9
echo "$temp"
echo "quit" >&9
read -r temp <&9
echo "$temp"
9>&-
9<&-
echo "All Done Sending Email. See above for errors"
exit 0



When you run the script you should get a output similar to the following output.

235 2.7.0 Authentication successful
250 2.1.0 Ok
250 2.1.5 Ok
354 End data with .
250 2.0.0 Ok

Tuesday, March 9, 2010

Remove or Disable svn authentication data

When you issue a svn co statement the authentication gets cached in the home directory of the user.

svn co http://192.168.1.13/repo
Authentication realm: Subversion Repository
Username: test
Password for 'test':

The authentication information gets stored in a cache /root/.subversion/auth/svn.simple directory.


o remove cached data go to “.subversion/auth/svn.simple” folder and delete the particular file.
There will be key (K)-value (V) pairs. “username” and “svn:realmstring” together can identify the user.
So use for example:

grep servername ./*

to find the right file.

Disable caching by opening “config” file in “.subversion” folder and setting the values of “store-passwords” and “store-auth-creds” to “no” or use --no-auth-cache as command line argument.


/root/.subversion/config