Skip to content

Instantly share code, notes, and snippets.

View serac's full-sized avatar

Marvin S. Addison serac

30 followers · 0 following
View GitHub Profile
@serac
serac / CustomJpaTransactionManager.java
Created June 24, 2021 12:20
Custom Spring JPA transaction manager with support for rollback override
/*
* See LICENSE for licensing and NOTICE for copyright.
*/
package edu.vt.middleware.ed.support.spring.tx;
import java.lang.reflect.Field;
import java.util.concurrent.ConcurrentHashMap;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import edu.vt.middleware.core.annotation.Trivial;
@serac
serac / Major.kt
Created May 23, 2019 19:20
JPA Many-to-Many Unidirectional Ordered List
/*
* See LICENSE for licensing and NOTICE for copyright.
*/
package edu.vt.middleware.ed.model.db
import javax.persistence.*
/**
* Models a Virginia Tech academic major from Banner.
*
@serac
serac / gen-truststore.sh
Last active December 14, 2018 12:29
Generate a PKCS#12 trust store
#!/bin/bash
# Generates a PKCS#12 trust store from a directory of PEM-encoded certificates
# using the Java keytool utility.
if [ $# -lt 2 ]; then
echo "USAGE $(basename $0) path/to/certs/dir path/to/output.p12"
exit
fi
IN="${1%/}"
@serac
serac / idp-process-excerpt-failure.log
Last active September 20, 2018 11:55
Credential Resolver Logs
2018-09-17 11:51:19,659 DEBUG org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:99 1.2.3.4 Decoded RelayState: https://cloudforms02.systems.nis.dit.cas-1.opc.vt.edu/saml_login
2018-09-17 11:51:19,659 DEBUG org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:131 1.2.3.4 Base64 decoding and inflating SAML message
2018-09-17 11:51:19,660 DEBUG org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:114 1.2.3.4 Decoded SAML message
2018-09-17 11:51:19,661 DEBUG net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174 1.2.3.4 Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler' on INBOUND message context
2018-09-17 11:51:19,661 DEBUG net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195 1.2.3.4 Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.
@serac
serac / connect-redis-cli-to-ec.sh
Last active September 4, 2018 12:34
Connect Dockerized redis-cli to ElastiCache via AWS Bastion Host
#!/bin/bash
# Connects a docker image of redis-cli to an ElastiCache Redis instance
# by jumping through an AWS bastion host. Setup of the bastion host is
# an exercise left to the reader, but there are many detailed explanations
# of the AWS components and security controls.
#
# NOTE:
# 1. Script assumes OSX. Tweaking required for other platforms.
# 2. Clustered Redis not supported for practical reasons.
# Theoretically possible to establish tunnels to cluster discovery
@serac
serac / EnvSpringApplicationRunListener.java
Last active April 5, 2018 16:23
Custom Spring Boot Environment Configuration
/* https://www.gnu.org/licenses/gpl-3.0.en.html */
package your.app;
import java.util.Arrays;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.SpringApplicationRunListener;
import org.springframework.context.ConfigurableApplicationContext;
@serac
serac / SanePGP-HOWTO.md
Last active January 29, 2019 20:59
Secure and Sane PGP for the Long Term

Secure and Sane PGP for the Long Term

Use the method described here if you would like most of the following benefits:

  1. Establish provenance of exactly one public key on the Internet over time (years typically).
  2. Use multiple keys daily without exposing the secret key corresponding to your published public key.
  3. Facilitate key creation and revocation.

While provenance isn't necessary for many folks, it's useful if not essential if you publish software artifacts

@serac
serac / groups.json
Created October 27, 2017 11:22
Sample Group Data
[
{
"id": "alpha",
"name": "Alpha Group",
"created": 1500100000,
"members": [
{
"id": "alice",
"kind": "person",
"added": 1508102082
@serac
serac / attribute-filter.xml
Created April 12, 2017 19:13
VT LOA Attribute Definition for Shibboleth IdP
<resolver:AttributeDefinition id="loa" xsi:type="ad:Script">
<resolver:Dependency ref="personType" />
<resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:vt.edu:ed:attribute-def:loa" />
<resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:mace:vt.edu:ed:attribute-def:loa" friendlyName="loa" />
<ad:Script>
<![CDATA[
sc = resolutionContext.getParent().getSubcontext("net.shibboleth.idp.session.context.SessionContext");
if (sc != null && sc.getIdPSession() != null) {
it = sc.getIdPSession().getAuthenticationResults().iterator();
while (it.hasNext() && loa.getValues().size() == 0) {
@serac
serac / Application.java
Last active March 25, 2021 16:32
Configuring RestTemplate for Client TLS in a Spring Boot Application
/*
* See LICENSE for licensing and NOTICE for copyright.
*/
package edu.vt.middleware.app;
import java.io.File;
import java.security.*;
import java.util.ArrayList;
import java.util.List;
import java.util.function.Predicate;