Grails / CORS / Spring Security Plugin

Posted 04/11/2018 7:05 AM by Corey Klass

It used to be that when using the Spring Security Plugin with Grails, you needed to include in your build.gradle file a separate plugin for handling CORS requests. In more recent versions of Grails, the functionality is built-in, so you only need to add a configuration item in the application.yml file.

In the first grails section, you need to add the following setting:

grails:
    profile: web
    ... (Other Stuff Here)
    cors:
        enabled: true

Set a Timeout on a Block of Code

Posted 04/09/2018 5:51 PM by Corey Klass

Sometimes you have a segment of code that you want to kill if it runs any longer than a specified time period, for example a database query, external API call, or other type of long-running request.

To do this, you want to wrap the block of code to time out in a Callable, and use the ExecutorService to execute the code with a time limit. It will return an array of Future objects, which you can then reference with the .get() method to retrieve the Callable return value.

In your build.gradle file, you will need to include the Grails Executor plug-in if you want to have any GORM/Hibernate functionality in your Callable statement.

    compile "org.grails.plugins:grails-executor:0.4"

You can then use the following code to put a timeout on your executing code. When the timeout is reached, the thread that was spawned is terminated.

    class CallableTestService {

        ExecutorService executorService

        Object performAction() {
            def callable = ({
                // do some logic here
                def resultValue = true

                // return the value
                return resultValue
            } as Callable<Object>)

            def callables = [callable]
            def result = null

            try {
                def timeLimitMS = 1000

                def futures = this.executorService.invokeAll(callables, timeLimitMS, TimeUnit.MILLISECONDS)
                def future = futures?.first()

                result = future.get()

            } catch (error) {
              // error handling goes here
            }


            // do something with the result
            return result
        }
    }

Install Clustered SQL Server 2008 R2 on Windows Server 2012 R2

Posted 03/22/2018 11:49 AM by Corey Klass

It turns out that installing a SQL Server 2008 R2 cluster on Windows Server 2012 R2 is a little more involved than point-and-click.

Install Windows Failover Cluster Support Feature

The SQL Server installer check throws an error that there are no shared disks available:

The cluster on this computer does not have a shared disk available. To continue, at least one shared disk must be available.

This is because the SQL Server 2008 R2 installer uses Failover Cluster features that have been deprecated from Windows Server 2012 R2, and which are not installed by default.

Open a Powershell prompt and run:

Get-WindowsFeature RSAT-Cluster*

You should see that the Failover Cluster Automation Server is not installed, but rather has an Install State of Available. To install it, you run the command:

Install-WindowsFeature -Name RSAT-Clustering-AutomationServer

Stage the Cluster Name in Active Directory

The Active Directory computer account that the Windows Cluster (NOT the SQL cluster) run as does not, by default, have access to create the SQL Cluster computer object in Active Directory. You should create the computer object before-hand and assign it appropriate permissions. If not, after installation when you attempt to start the SQL Server instance, you will receive a message that the Network Name is unable to be brought online.

  1. Create a Computer object with the name of the SQL cluster that you are about to install.
  2. Disable the computer object that you just created.
  3. Right-click on it, select Properties.
  4. Click the Security tab.
  5. Click Add.
  6. Change the Object Type to search to include Computers.
  7. Search for the name of the Windows Cluster. Click OK to confirm that you want to add it.
  8. Change the security for the Windows Cluster to have Full control.
  9. Click OK to save the Security changes.

Update Installer Files to Service Pack 1

The SQL Server installer will fail at the very end of the installation configuration process, right before it starts the installation. It complains about FILESTREAM access (regardless of whether you have set it up or not), that:

Windows 2003 hotfix KB937444 is not installed

This is because you need at least Service Pack 1 for SQL 2008 R2 to install it correctly. But how can you install Service Pack 1 if you can't even install the base SQL Server? The answer is: Slipstream Service Pack 1 into the installer

  1. Extract the contents of the regular SQL Server installer to the folder: C:\Installer_SQL2008R2_SP1\

  2. You'll need to download Service Pack 1 from Microsoft. Be sure to download all of the architecture packages.

    SQLServer2008R2SP1-KB2528583-IA64-ENU.exe

    SQLServer2008R2SP1-KB2528583-x64-ENU.exe

    SQLServer2008R2SP1-KB2528583-x86-ENU.exe

  3. Extract each of the packages to a temporary folder:

    SQLServer2008R2SP1-KB2528583-IA64-ENU.exe /x:C:\Installer_SQL2008R2_SP1\SP

    SQLServer2008R2SP1-KB2528583-x64-ENU.exe /x:C:\Installer_SQL2008R2_SP1\SP

    SQLServer2008R2SP1-KB2528583-x86-ENU.exe /x:C:\Installer_SQL2008R2_SP1\SP

  4. Copy only the files (not the folders), except the Microsoft.SQL.Chainer.PackageData.dll, in C:\InstallerSQL2008R2SP1\SP\ to C:\InstallerSQL2008R2SP1\ to update the original files:

    robocopy C:\Installer_SQL2008R2_SP1\SP\x86 C:\Installer_SQL2008R2_SP1\x86 /XF Microsoft.SQL.Chainer.PackageData.dll

    robocopy C:\Installer_SQL2008R2_SP1\SP\x64 C:\Installer_SQL2008R2_SP1\x64 /XF Microsoft.SQL.Chainer.PackageData.dll

    robocopy C:\Installer_SQL2008R2_SP1\SP\ia64 C:\Installer_SQL2008R2_SP1\ia64 /XF Microsoft.SQL.Chainer.PackageData.dll

  5. In each of the following locations, locate the DefaultSetup.INI file:

    C:\Installer_SQL2008R2_SP1\x86

    C:\Installer_SQL2008R2_SP1\x64

    C:\Installer_SQL2008R2_SP1\ia64

  6. Add the following line to the end of the file in each location:

    PCUSOURCE=".\SP"

  7. Run setup.exe in C:\SQLServer2008R2_SP1 and the installation should succeed.

SQL Server Cluster Shared Drive - Unable to Add Disk Storage

Posted 03/22/2018 8:08 AM by Corey Klass

I was recently building a SQL Server failover cluster and had an issue where I had two SAN-connected drives to be connected to two separate nodes, but only one drive would appear as available in the Windows Failover Cluster Manager to add to the Disk Storage.

The solution turns out to be a series of Powershell commands.

First, find the ID number of the disk that you're interested in:

Get-Disk

Then you clear the cluster reservation for that disk number:

Clear-ClusterDiskReservation -Disk 2

Go back into the Failover Cluster Manager, and the disk should be available to add to the cluster.

Allow Execution of all Stored Procedures in a Schema

Posted 03/16/2018 8:06 AM by Corey Klass

Older versions of SQL Server did not have a role that allowed execution of all stored procedures. You can get around this by granting EXECUTE on an entire schema:

GRANT EXECUTE ON SCHEMA :: dbo TO [username]

Remove Private Key Password From PKCS12 File

Posted 01/26/2018 7:49 PM by Corey Klass

Per this question on Serverfault:

If you have a PFX file that contains a certificate and private key with password, and would like to separate the certificate and private key and strip out the password, you can use these steps in OpenSSL:

  • PASSWORD is your current password
  • YourPKCSFile.PFX is the file you want to convert
  • NewPKCSWithoutPassphraseFile is the target file for the PKCS12 without passphrase

Follow the steps below:

  1. Extract the certificate: openssl pkcs12 -clcerts -nokeys -in "YourPKCSFile.PFX" -out certificate.crt -password pass:PASSWORD -passin pass:PASSWORD

  2. Extract the certificate authority key: openssl pkcs12 -cacerts -nokeys -in "YourPKCSFile.PFX" -out ca-cert.ca -password pass:PASSWORD -passin pass:PASSWORD

  3. Extract the private key: openssl pkcs12 -nocerts -in "YourPKCSFile.PFX" -out private.key -password pass:PASSWORD -passin pass:PASSWORD -passout pass:TemporaryPassword

  4. Remove the passphrase: openssl rsa -in private.key -out "NewKeyFile.key" -passin pass:TemporaryPassword

You now have three separate files without a password.

Bypass FileVault 2 Login Screen

Posted 01/05/2018 7:41 PM by Corey Klass

By default, the FileVault 2 Login Screen comes up before the OS boots, preventing you from accessing it remotely via SSL or Screen Sharing.

Apple provides a utility that, when executed, will save your username and password in the system memory and use it one time (then clear it) to proceed past the FileVault 2 Login Screen.

Open Terminal and execute the following command. Be careful though, as it will cause an immediate reboot of the system (as though you used the shutdown command):

sudo fdesetup authrestart

After the reboot, your hard drive will be unlocked and you will be presented with the standard MacOS Login Screen (as though you do not have FileVault 2 enabled).

Not every Mac supports this command though. To find out if yours does, you can execute this command:

fdesetup supportsauthrestart

If the response is "true", then you're ready to reboot.

Encrypt an HFS+ Partition From the Terminal

Posted 01/02/2018 7:21 PM by Corey Klass

Use the following diskutil syntax to encrypt a partition on MacOS from the Terminal:

diskutil cs convert /Volumes/MyDrive -passphrase

You do not enter a passphrase on the command line, but rather you will be prompted for one.

Unsubscribe from Navigation Events

Posted 12/13/2017 8:39 AM by Corey Klass

I recently ran into a problem where an Angular Component was still responding to Navigation Events even after having navigated away from that route.

When subscribing to an Observable, be sure to store the subscription in a global variable and call the .unsubscribe() function when the component is being destroyed.

export class MyComponent implements OnInit, OnDestroy {

    constructor (private router: Router) { }

    // stores the subscription object
    navSubscription: Subscription = null;

    // called when the component is initialized
    ngOnInit() {
        this.navSubscription = this.router.events.subscribe((event: any) => {
            // test if the event is an end navigation
            if (event instanceof NavigationEnd) {
                // do something here
            }
        });
    }

    // called when the component is destroyed
    ngOnDestroy() {
        this.navSubscription.unsubscribe();
    }
}

Angular / Third Party Cookies

Posted 11/08/2017 8:48 AM by Corey Klass

When performing a GET or POST using Angular's HTTP service against a server with a different hostname than where the Angular application was served from, returned cookies are, by default, not accepted by the browser.

To enable this, when calling your this.http.get() or this.http.post(), you need to add the option withCredentials and set it to true. This will allow your browser to accept any third-party cookies.