Show JWT Signup and/or Login Process

SIGNUP: /api/person/post

mainscore mainscore

Located in PersonApiController.java

Explain a POJO and Changes to a POJO

POJO: Plain Old Java Object

It is a Java class that adheres to a set of standards to keep a simplistic structure. It does not extend or implement specialized classes or interfaces, which makes it a plain Java object.

Private Fields:

These are variables that cannot be accessed from outside the class.

Public No-Argument Constructor:

This is a constructor which does not take any parameters. It is often used to create an instance of the class with default values.

Getter and Setter Methods:

Getter methods allow external classes to retrieve the values of private fields. Setter methods allow external classes to modify those values.

mainscore

Changes to a POJO:

Adding, modifying, or removing fields, as well as updating methods to reflect the new structure or behavior. It’s important to ensure that the changes are backward-compatible if the POJO is used in a serialized or persisted form.

Explain Security Configuration Rules That Are Required for Access

This allows for the control of access to resources and protects sensitive information contained in secure endpoints.

SecurityConfig.java

CSRF protection, authentication, authorization, CORS support, and JWT token validation Authentication mechanisms (e.g., username/password, OAuth), authorization rules (defining who can access what), encryption of sensitive data, and secure communication protocols (HTTPS).

Describe Docker and Process for Update Docker Application

Docker allows for deployment automation inside of portable containers.

Process for Update Docker Application:

  1. Pull the latest version of the docker image
  2. Stop any running containers of the old docker image: docker-compose down
  3. Remove any old, outdated containers
  4. Run the new container: docker-compose up -d –build

mainscore

Describe Route 53 and Process for Domain Setup

Route 53:

DNS web service provided by AWS. It essentially allows for the registration of new domain names and routes traffic to these subdomains

Process for Domain Setup:

  1. Create a hosted zone for your domain.
  2. Update the domain’s DNS records with the provided name servers.
  3. Configure the necessary DNS records such as A (IPv4 address), CNAME (canonical name), MX (mail exchange), etc.
    • Normally an A record → Utilize EC2 Public IP Address as the value.
  4. Optionally, set up routing policies, health checks, and other advanced features based on your requirements.

mainscore

Show API Access Code and Error Handling, Specifically Redirect on 403

mainscore

Describe Managing CORS Policies Through Nginx and Java

CORS: Cross-Origin Resource Sharing

It is a security feature implemented by web browsers to control requests made across different domains.

NGINX:

  • /etc/nginx/sites-available → touch create new file
  • Add add_header directive to include the appropriate CORS headers in responses. Example headers include Access-Control-Allow-Origin and Access-Control-Allow-Methods.
  • sudo ln -s /etc/nginx/sites-available/file /etc/nginx/sites-enabled
  • This is a symbolic link: sites-enabled contains active server block configs

JAVA:

Handle CORS through changing CORS headers: SecurityConfig.java CrossOrigins in controller files → Specifies that requests from a particular origin are able to access the resources provided by that particular controller

Describe Reverse Proxy of server_name to proxy_pass

In NGINX, configuring a reverse proxy involves using the server block and specifying the server_name directive to define the domain or hostname for which the server block will be responsible. Additionally, the proxy_pass directive is used to forward requests to a backend server or upstream server. This setup is commonly used to handle incoming requests and act as an intermediary between clients and backend servers.

  • proxy_pass http://backend-server;: Specifies the backend server’s address. Requests received by NGINX will be forwarded to the backend server specified in the proxy_pass directive.

Describe Route 53 and Process for Domain Setup

Route 53:

DNS web service provided by AWS. It essentially allows for the registration of new domain names and routes traffic to these subdomains

Process for Domain Setup:

  1. Create a hosted zone for your domain.
  2. Update the domain’s DNS records with the provided name servers.
  3. Configure the necessary DNS records such as A (IPv4 address), CNAME (canonical name), MX (mail exchange), etc.
    • Normally an A record → Utilize EC2 Public IP Address as the value.
  4. Optionally, set up routing policies, health checks, and other advanced features based on your requirements.

Show API Access Code and Error Handling, Specifically Redirect on 403

Describe Managing CORS Policies Through Nginx and Java

CORS: Cross-Origin Resource Sharing

It is a security feature implemented by web browsers to control requests made across different domains.

NGINX:

  • /etc/nginx/sites-available → touch create new file
  • Add add_header directive to include the appropriate CORS headers in responses. Example headers include Access-Control-Allow-Origin and Access-Control-Allow-Methods.
  • sudo ln -s /etc/nginx/sites-available/file /etc/nginx/sites-enabled
  • This is a symbolic link: sites-enabled contains active server block configs

JAVA:

Handle CORS through changing CORS headers: SecurityConfig.java CrossOrigins in controller files → Specifies that requests from a particular origin are able to access the resources provided by that particular controller

Describe Reverse Proxy of server_name to proxy_pass

In NGINX, configuring a reverse proxy involves using the server block and specifying the server_name directive to define the domain or hostname for which the server block will be responsible. Additionally, the proxy_pass directive is used to forward requests to a backend server or upstream server. This setup is commonly used to handle incoming requests and act as an intermediary between clients and backend servers.

  • proxy_pass http://backend-server;: Specifies the backend server’s address. Requests received by NGINX will be forwarded to the backend server specified in the proxy_pass directive.
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/", "/home").permitAll() // Permit all access to the home page
                .antMatchers("/admin/**").hasRole("ADMIN") // Only users with 'ADMIN' role can access /admin/**
                .anyRequest().authenticated() // All other requests need to be authenticated
            .and()
            .formLogin()
                .loginPage("/login") // Custom login page
                .permitAll() // Allow access to the login page
            .and()
            .logout()
                .permitAll(); // Allow access to the logout functionality
    }
}


public class User {

    private Long id;
    private String name;
    private String email;

    // Default constructor
    public User() {
    }

    // Constructor with parameters
    public User(Long id, String name, String email) {
        this.id = id;
        this.name = name;
        this.email = email;
    }

    // Getters and setters
    public Long getId() {
        return id;
    }

    public void setId(Long id) {
        this.id = id;
    }

    public String getName() {
        return name;
    }

    public void setName(String name) {
        this.name = name;
    }

    public String getEmail() {
        return email;
    }

    public void setEmail(String email) {
        this.email = email;
    }

    // toString method for easy printing of User object
    @Override
    public String toString() {
        return "User{" +
                "id=" + id +
                ", name='" + name + '\'' +
                ", email='" + email + '\'' +
                '}';
    }
}


public class User {

    private Long id;
    private String name;
    private String email;
    private int age; // New field added

    // Default constructor
    public User() {
    }

    // Constructor with parameters
    public User(Long id, String name, String email, int age) {
        this.id = id;
        this.name = name;
        this.email = email;
        this.age = age;
    }

    // Getters and setters
    public Long getId() {
        return id;
    }

    public void setId(Long id) {
        this.id = id;
    }

    public String getName() {
        return name;
    }

    public void setName(String name) {
        this.name = name;
    }

    public String getEmail() {
        return email;
    }

    public void setEmail(String email) {
        this.email = email;
    }

    public int getAge() {
        return age;
    }

    public void setAge(int age) {
        this.age = age;
    }

    // toString method for easy printing of User object
    @Override
    public String toString() {
        return "User{" +
                "id=" + id +
                ", name='" + name + '\'' +
                ", email='" + email + '\'' +
                ", age=" + age +
                '}';
    }
}