Monday, November 28, 2016

MongoDB basic Overview

Overview

  • MongoDB is a cross-platform, documented oriented database and it is not based on schema like relational database.
  • It uses dynamic schema and stores data in JSON format.
  • It provides high performance, high availability, and easy scalability and it works on concept of collection and document.
  • It is an open-source software.
  • MongoDB is mainly written in C++, JavaScript and C.


Download

Please refer this link to setup MongoDB on your machine.

Terminology

·         Document

Document is similar to row/tuples in RDBMS, it is a set of key-value pairs and having dynamic schema i.e. the documents in the same collection do not need to have the same set of fields or structure and another document may hold different types of data.

·         Collection

It is the equivalent to a TABLE in RDBMS and do not enforce a schema. It exists within a single database and each document within a collection can have different schema.

·         Database

It is the equivalent to a DATABASE in RDBMS and a database can have zero or more collections.


Sample Document

{ "_id" : ObjectId("583c623e2226aa5f3b8e14f4"),
"title" : "MongoDB Basic Overview",
"by" : "http://waheedtechblog.in"
}

Where _id is the unique key for each document generated by MongoDB. Even we can provide unique key in MongoDB by specifying _id attribute while inserting data.
The generated unique key has specific format i.e. first 4 bytes are for the current timestamp, next 3 bytes are for machine id, next 2 bytes are for process id of MongoDB server and last 3 bytes are simple incremental VALUE. 

Advantages of MongoDB

· It is a schema less document
· No more complex joins
· Provides ACID properties at the document level as in the case of relational databases.
· Supports common authentication mechanisms, such as LDAP, AD, and certificates. Users can connect to MongoDB over SSL and the data can be encrypted.
· Enables horizontal scalability by using a technique called Sharding.
· Supports dynamic queries on documents using a document-based query language that's nearly as powerful as SQL.
· Conversion/mapping of application objects to database objects not needed.
· Cost effective solution as it improves flexibility and reduces cost on hardware and storage.
· Supports replica sets i.e. a failover mechanism is automatically handled. If the primary server goes down, the secondary server becomes the primary automatically, without any human intervention.

When to Use MongoDB Rather than MySQL or any Other RDBMS

· When your data is going to big and schema is not defined.
· When your data is location based
· When you expect a high load
· When you need to partition and shard your database.
· When you want to create, replica set (set of servers that act as Master-Slaves) 


Summary

MongoDB is great tool and can be very useful in creating applications like bug tracking, discussion forums, advertisements, and the like. However, Joins are not possible in MongoDB; It requires proper analysis before making a decision.

Sunday, November 27, 2016

How to install and verify MongoDB on Windows 7 ?


Step by Step instructions:

1.      Download MongoDB

Check MongoDB msi from Official website and download Windows Server 2008 R2 64-bit and later version.

2.      Install MongoDB

Double click on downloaded MSI (mongodb-win32-x86_64-2008plus-ssl-3.2.11-signed.msi) file and follow the click on next button on wizard to complete the installation.

3.      Create Default Directory

MongoDB requires a data directory to store all data and its default data directory path is \data\db.
On Windows, By default it will always look for above directory under C:/ structure, Goto C: directory and create /data/db, So the full path of db folder will be C:\data\db

4.      Set environment variables

Set MongoDB location to system's environment variables and give path till bin folder.

5. 

5.      Start MongoDB

To start MongoDB server, Open cmd and type mongod, it will start the MongoDb server on port -27017.


6

6.      Verify MongoDB

Open cmd prompt and type mongo.exe

Additional Notes:


 1.      Configuration File

We can create a config file where we can add the custom path of data/db directory, Config file will be similar to properties file and add attributes in key/value pair.
##data path can be updated using dbpath
dbpath=E:\mongodb\data

##log file
logpath=E:\mongodb\log\mongo.log

Use mongod.exe –config E:/mongodb/mongo.config to load config file while starting mongodb2. 

2.      Start as a service

We can start mongoDB as a service, Adding MongoDB as Windows Service will start MongoDB automatically following each system restart. Install as Windows Service with --install.
E:\mongodb\bin> mongod --config E:\mongodb\mongo.config --install


To start MongoDB Service
net start MongoDB


To stop MongoDB Service
net stop MongoDB

To remove MongoDB Service

d:\mongodb\bin>mongod --remove

Thank you..!!!

Monday, May 2, 2016

How to extract Private key from keystore ?

There can be a situation where you want to extract private key from your keystore but it is not a straight forward as we think as It involves two steps i.e.
·         Extracting private key from keystore in PKCS#12 format
·         Converting it to .PEM file

Step1: Extracting in PKCS format
keytool -v -importkeystore -srckeystore KEYSTORE_NAME -srcalias CERTIFICATE_ALIAS -destkeystore FILE_NAME.p12 -deststoretype PKCS12
Eg: keytool -v -importkeystore -srckeystore keystore.jks -srcalias  application -destkeystore privatekey.p12 -deststoretype PKCS12

Note: If you don’t know the alias name of your certificate then you can display it:
keytool -list -v -keystore keystore.jks
Step2: Converting it into .PEM FILE
openssl pkcs12 -in privatekey.p12 -out private.pem

            

Wednesday, December 16, 2015

How to access Shibboleth as SP built in variables in your Application?

Most of the variables created by the SP are controlled by you, and correspond to mapped attributes. A few are built into the SP and can't be renamed.

Variable
Meaning
Shib-Application-ID
The applicationId property derived for the request.
Shib-Session-ID
The internal session key assigned to the session associated with the request.
Shib-Identity-Provider
The entityID of the IdP that authenticated the user associated with the request.
Shib-Authentication-Instant
The ISO timestamp provided by the IdP indicating the time of authentication.
Shib-Authentication-Method
The AuthenticationMethod or <AuthnContextClassRef> value supplied by the IdP, if any.
Shib-AuthnContext-Class
The AuthenticationMethod or <AuthnContextClassRef> value supplied by the IdP, if any.
Shib-AuthnContext-Decl

The 
<AuthnContextDeclRef> value supplied by the IdP, if any.


We can access all these variable as header in JAVA application.
Eg:
    request.getHeader("Shib-Identity-Provider")
   request.getHeader("Shib-Session-ID")

Reference:

Friday, December 4, 2015

Attribute Authority, Command Line Interface (AACLI)

Today, I have encountered one interesting tool in Shibboleth IdP which will check the resolver, filters and also the metadata so that you can know exactly what will happen in any given situation without starting the IdP. J

As a developer, I would say it’s a great tool as you don’t have to restart your IdP again and again after every changes.

The name of the tool is (Attribute Authority, Command Line Interface) ACCLI which is located in the IDP_HOME/bin directory and is called aacli.sh or aacli.bat.

How it works?

Make sure, you have set IDP_HOME to your system environment variable.

To check what all attribute it will return for userId SysAdmin and Service Provider EntityId “https://domain.waheedtechblog.com/shibboleth”)

aacli.bat --configDir=C:\idp\conf\ --principal=SysAdmin --requester=https://domain1.com/Shibboleth



Please check here for detail information.

Wednesday, October 14, 2015

How to enable multiple domains in Apache Server using Name-Based VirtualHosts and SSL

Scenario: I have an Apache Server(SSL enabled) and tomcat running on my machine and there is one application (app1) hosted on tomcat which is only accessible from Apache Server. You cannot access it directly from tomcat.
Now you want to access app1 using multiple domains i.e. domain1.waheedtechblog.com annd domain2.waheedtechblog.com should point to the same application which is hosted on tomcat.

(I want to implement different Authentication mechanism based on different domains)
Solution: The above case can be achieved using NameBased VirtualHosts and SSL.
First you need to uncomment following lines form ${apache}/conf/httpd.conf file
  • LoadModule ssl_module modules/mod_ssl.so
  • LoadModule proxy_module modules/mod_proxy.so
  • LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
  • LoadModule rewrite_module modules/mod_rewrite.so
  • LoadModule proxy_http_module modules/mod_proxy_http.so
  • Include conf/extra/httpd-ssl.conf

then goto ${apache}/conf/extra/httpd-ssl.conf file add Virtualhost tag for each domain.

Listen 443
NameVirtualHost *:443

<VirtualHost *:443>

DocumentRoot "c:/Apache2/htdocs"
ServerName domain1.waheedtechblog.com
ServerAdmin admin@example.com
ErrorLog "c:/Apache2/logs/error_domain1.log"
TransferLog "c:/Apache2/logs/access_domain1.log"

SSLEngine on
SSLCertificateFile "C:\Apache2\certificate\domain1.crt"
SSLCertificateKeyFile "C:\Apache2\certificate\domain1.key"

ProxyPass / ajp://sp.domain.com:8009/app1/

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>

<VirtualHost *:443>

DocumentRoot "c:/Apache2/htdocs"
ServerName domain2.waheedtechblog.com
ServerAdmin admin@example.com
ErrorLog "c:/Apache2/logs/error_domain2.log"
TransferLog "c:/Apache2/logs/access_domain2.log"

SSLEngine on
SSLCertificateFile "C:\Apache2\certificate\domain2.crt"
SSLCertificateKeyFile "C:\Apache2\certificate\domain2.key"

ProxyPass / ajp://sp.domain.com:8009/app1/

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>

Points to remember:
  • Add all DNS entry in system hosts file Eg: for windows (Add “127.0.0.1 domain1.waheedtechblog.com” to “C:\Windows\System32\drivers\etc\hosts”)
  • Make sure you are using different certificates and Key for each domain or else it will always point to default VirtualHost i.e. first one that you have defined. Click here on how to generate key and certificate.
  • In proxyPass, always ends with '/' or else you will see redirect issue.

In case of any issue, You can drop your comment in the comment box.

Reference:

https://wiki.apache.org/httpd/NameBasedSSLVHosts

How to generate SSL Key, CSR and Self Signed Certificate using OpenSSL.

I have already discussed how to generate SSL certificate using keytool over here. In this article, I am going to explain how can you achieved the same thing using OpenSSL tool.
The three differnet files that I am going to generate i.e. :
  • waheedtechblog.key
  • waheedtechblog.csr
  • waheedtechblog.crt

Generate Private key : waheedtechblog.key

openssl genrsa -des3 -out waheedtechblog.key 1024



Generate a Certificate Signing Request (CSR)

Using above generated key file, We will now create the CSR file

openssl req -new -key waheedtechblog.key -out waheedtechblog.csr



Generate a Self-Signed SSL Certificate

openssl x509 -req -days 365 -in waheedtechblog.csr -signkey waheedtechblog.key -out waheedtechblog.crt



These file can be used to enable SSL in Apache Server.

Sometime, we need to remove passphrase to run key in Apache Server, if you get such issue while enabling SSL in Apache Server then run following command to remove passphrase :

openssl rsa -in waheedtechblog.key -out waheedtechblog_new.key



Your new file is key without encryption.


Thank you..!!!!




How TOPT Works: Generating OTPs Without Internet Connection

Introduction Have you ever wondered how authentication apps like RSA Authenticator generate One-Time Passwords (OTPs) without requiring an i...