Tuesday, January 24, 2012

Single Sign On with CAS

There are a lot of different solutions in the market to solve this problem under which KErberos, OpenID, OAuth and of course JA-SIG CAS (Central Authentication Service)

The latter is used mainly in University environments, however it can be used in a lot of different environments as there exist integration for Java, PHP, ...

The following picture in my opinion shows best how the transitions between the three actors are defined

It all starts with a request from a user that wants to access a page on an application server (black arrow). As it is not yet known by the application the browser gets redirected to the CAS-server where the App.Server adds its service-id (usually the url of the web application). (red arrows)

this results in an URL like https://www.cas-server.xyz/cas/login?service=http://www.application-server.xyz/webapp

On this site the login screen of the CAS-server is shown and the user has to enter its credentials. The CAS-server generates the Ticket-Granting-Ticket (and a Cookie). The TGT is then sent back to the application (blue arrows).

Using this TGT the application cas contact the CAS-server to obtain a Service Ticket, which contains attributes and ids which are needed to authorise the user within the application (green arrows).

Ususally the ST is valid only for a single request but using the TGT the Application server can create multiple STs as long as the TGT is valid

Once authenticated at the CAS server the step of entering the credentials will be omitted (otherwise it wouldn't be SSO

Wednesday, January 18, 2012

Wireless Client (Bridge)

If you go into a TV-store these days you'll recognize that most of the newer models are equipped with some sort of "Smart-TV" facility. To use this feature you'll need to connect it to the internet which is possible via LAN or WLAN. The latter in my case was only possible by buying an original WLAN-adapter costing more than 50€.

Unfortunately at my home there is no possibility to use the LAN without restructuring the whole house and the adapter despite the high price is not really an option because it would be the third device (TV, Receiver, Apple-TV) in that furniture that would be wireless connected.

The possible solutions that came in my mind where two (three if opening the walls for new cables would be an option ;-)
Despite that powerline would be a very simple option without polluting the air with more electromagnetic waves it has some drawbacks. It depends highly on an uninterrupted connection between the sender and receiver, it is limited by the capabilities of the power line and its components are still very expensive.

The wireless bridge instead bundles all the different wireless connections into one and shares it through the wireless ports which is supported by most of the cheapest routers. Therefore it was the favorite choice to solve my problem.

After some investigation I found out that for example the "TP-Link TL-WR841N" can be configured as a wireless bridge and it was available below 35€

The advantage of this router is that it is compatible with "DD-WRT" which is an open source linux based operating system for routers, switches and so on. So after a short functioning test with the original firmware I just flashed it with this one (I think this change is reversible, but I'm not 100% sure)

The settings to change are described best in this article, so I'm not going to repeat them.

The whole setup took less than half an hour and is doable even for beginners, so unleash you router

Actually the problem with this configuration is, that the devices in room2 do not see the devices in room1 and vice versa. This can be fixed with static routes.
And the real client bridge is not possible yet with this router

Thursday, January 12, 2012

Migrate to Hibernate 4 and Spring 3.1 - SessionFactory

As most of you probably have to do these days or in the near future we have to migrate our project to the newest Versions ob Hibernate and Spring. Actually the Version numbers are
  • Hibernate 4.0.0.Final
  • Hibernate Search 4.0.0.Final
  • Spring 3.1.0.RELEASE
If you want to perform a complete migration you'll need to change also to Spring 3.1. because in that version they added support for hibernate 4. For example they added the package
which is needed for example to create the org.springframework.orm.hibernate4.LocalSessionFactoryBean which defines all the annotated classes and the hibernate properties needed to create the session

<!-- Hibernate SessionFactory -->
<bean id="sessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean" p:dataSource-ref="dataSource">
<property name="annotatedClasses">
<property name="hibernateProperties">
As you can see there is no definition of  eventlisteners whatsoever. Before version 3.6 of hibernate-search the changelisteners where defined here, which is now obsolete.

<!-- Obsolete in 3.6: FullTextIndexEventListener default constructor is obsolete. Remove all explicitevent listener configuration. As of Hibernate Core 3.6 Hibernate Search will be automatically enabled if it is detectedon the classpath.
<property name="eventListeners">  
<entry key="post-update">
<bean class="org.hibernate.search.event.FullTextIndexEventListener" />
<entry key="post-insert">
<bean class="org.hibernate.search.event.FullTextIndexEventListener" />
<entry key="post-delete">
<bean class="org.hibernate.search.event.FullTextIndexEventListener" />
Another interesting change is that the class definition not just changed from hibernate3 to hibernate4 but in our case from org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean into org.springframework.orm.hibernate4.LocalSessionFactoryBean.
This leads to the lost of the possibility of defining a lobHandler which according to the JavaDoc of the LobHandler interface is still a good practice. I asked about this at stackoverflow, but I didn't got an answer yet, so I asked it today on the spring forum.

Furthermore you notice that now the complete connection properties including the c3p0 (cache) definition is defined in this bean. This makes it much simpler because there is no additional "datastore" bean needs to be there.
However there is still a "datastore" bean which needs to be defined otherwise you'll get a NullPointerException. (UPDATE: This will apparently be fixed in Spring 3.1.1)

Another important thing that needs to be defined in this bean is the hibernate-search. It's properties changed slightly in version 4.0 and the most important ones are shown below.
The real values of the properties depend highly on your environment, however if you need my values just drop me a comment and I'll add them.

Unfortunately there is still an Error in hibernate 4.0.0.Final regarding the progress monitor when re-indexing the whole database. It seems that this error was found in CR1then fixed in CR2 and reappeared in the final version

Wednesday, January 04, 2012

Apple TV Untethered Jailbreak iOS5 (4.4.4)

Finally it is possible to update the Apple TVs to the newest version. Of course I know that it was possible since  Apple released it, however in my case the un-jailbreaked Apple TV is not really useful.

The problem is that I'm living in a region close to the border of my country and the official state language is not my mother tongue. Unfortunately you can not borrow multilingual movies in the iTunes store, so already the main functionality of the ATV is quite useless for me.

Despite that I don't care about that particular feature the ATV is really great, and if you jailbreak it, it is even better. Airplay works incomparably well between iDevices and sharing your iTunes libraries is perfekt for data that is used very often such as the music on your disc. If you want more I'll suggest to install nitoTV, XBMC and IceFilms.

What can I say to jailbreaking... At the end it is really straight forward and described best on the firecore webpage where you can also download the jailbreak-program.

What you need is:

Now just update your ATV to the latest Version using iTunes(to test if everything works well with the original Version) and jailbreak it using the instruction on the  firecore webpage.

Now we need to avoid that ATV updates its OS which would mean that all changes are lost we need to change the /etc/hosts file as follows; First backup the original file
cp /etc/hosts /etc/hosts.bak
Redirect the update sites to localhost, which means that there is no chance to ever find an update
echo " appldnld.apple.com" >> /etc/hosts
echo " mesu.apple.com" >> /etc/hosts
echo " appldnld.apple.com.edgesuite.net" >> /etc/hosts
This changes can be removed as follows (if you need to) or use the backup
sed -i '/ appldnld.apple.com/d' /etc/hosts
sed -i '/ mesu.apple.com/d' /etc/hosts
sed -i '/ appldnld.apple.com.edgesuite.net/d' /etc/hosts
UPDATE: In the actual jailbreak the /etc/hosts is changed already by the jailbreak

Install nitoTV:
On Mac its simple, just open a terminal whereas on windows you'll need to download PuTTY. Now just connect to your ATV via openSSL.

  1. SSH into your ATV (e.g.ssh root@atv.ip  with default password “alpine”)
  2. passwd” to enter a new password (if you want to)
  3. echo “deb http://apt.awkwardtv.org ./” > /etc/apt/sources.list.d/awkwardtv.list
  4. apt-get update
  5. apt-get install com.nito.nitoTV
  6. killall Lowtide

Now after the restart you should have nitoTV installed and see it on the main ATV page.

Install XBMC:
That's even simpler; Within nitoTV there is one package in the list called XBMC-ATV2. Just istall that one and your done!

Install IceFilms:
IceFilms is a nice AddOn for XBMC that needs to be installed via SFTP.
1) Download the file (make sure that it remains .zip)
Then you'll need a program to send files to the ATV which for Windows can be WinSCP. Despite that the MAC is SSL-friendly there exists a simple GUI program for doing this which is CyberDuck
2) Sent the file via SFTP (default port 22) to the ATV in folder /private/var/mobile/Media folder
3) Open XBMC
4) Go to System --> AddOns
5) "Install from ZIP file" and go to the folder where you put the Zip and install it

Now the AddOn is installed and you can find it in the list of the Videos --> AddOns

Now that you have everything you need just enjoy your ATV2+ :-D