Java setting tracking mode for session

If you avoid using xml for you configuration files like I do, but don’t want to pass the jsessionid around through the URL you can create a @Bean and use a lambda to set the tracking mode as follows

public class AuthProvidersSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public ServletContextInitializer servletContextInitializer() {
      return servletContext -> {
        servletContext.setSessionTrackingModes(EnumSet.of(SessionTrackingMode.COOKIE));
      };
    }
}

read more

Java settting domain on a session cookie

If you need to override the domain on a session cookie you can add the following method to your AuthProvidersSecurityConfig class to do so. It’s not common you’d need to do this, but our domain wasn’t setting correctly in our cookie and this cleared the issue up.

public class AuthProvidersSecurityConfig extends WebSecurityConfigurerAdapter {

  @Bean
  public ServletContextInitializer servletContextInitializer() {
    return servletContext -> {
      servletContext.getSessionCookieConfig().setDomain("matthewbusche.com");
    };
  }
}

read more

I'm speaking at Iowa Technology Summit

I’m proud to announce I’ll be speaking at Iowa Technology Summit on October 2nd! The conference will be held at the Community Choice Credit Union Convention Center in down Des Moines.

I’ll be speaking on Secure by Design and how you can ensure security throughout development of your application. I’ll cover some of the OWASP top 10, best practices, and things I’ve implemented at work. I gave a similar talk at DevOpsDays Des Moines, but I have a lot of takeaways from that talk and my team at work has made a lot of progress that I’m excited to be able to share.

Registration is open now, so don’t delay in getting your tickets!

Iowa Tech Summit

read more

User added in Jenkins doesn't have access

I was helping a team at work recently and we needed to add a few users to Jenkins. We added the users and then asked them to login and make sure they could run jobs. 2 out of 3 people were able to run jobs, but the 3rd person was not. We had added them the same as everyone else, but it wasn’t working. I had them logout and back in and that’s when I realized the issue - Jenkins is case sensitive If you add a user as mrbusche but they login as MRBUSCHE they’re not recognized in Jenkins.

Long story short

Jenkins is case sensitive

read more

Spring JPA add default timestamp to column

Spring JPA is awesome, but I ran into some issues adding a default timestamp to the column. The database should be set to have a default value, but that wasn’t an option here. I found the annotation pretty quickly, but instead of checking the database to see if it worked I was debugging in IntelliJ and that’s where the hiccup occurred. The value isn’t set on the object at object creation it’s only set once the entity has been saved. The following is what I ended up using

@Column(name = "creationDate")
@CreationTimestamp //this adds the default timestamp on save
private Timestamp createDate;

read more