Signing Git Commits
I recently had a discussion with two fellow engineers about secure coding practices. After the discussion I realized that I am neglecting one of the most important practices: signing my commits.
There are tons of articles on the internet explaining why and how. These are my notes on the subject that I decided to publish.
These notes actually use
literate programmingso they are a mix of notes and code you can actually use via org-mode. You can find the actual notes file here.Prologue
Karaf 2.1.0 has been just released! Among other new features, it includes a major revamp in the JAAS module support:
- Encryption support
- Database Login Module
- Role Policies
This post will use all 3 features, in order to create a secured Wicket application on Karaf, using Karaf’s JAAS modules and Wicket’s auth-roles module.
Introduction
The application that we are going to build is a simple wicket application. It will be deployed on Karaf and the user credentials will be stored in a mysql database. For encrypting the password we will use Karaf’s Jasypt encryption service implementation, to encrypt passwords using MD5 algorithm in hexadecimal format.