Tuesday, August 28, 2012

Java/JDBC connect to Amazon RDS (MySQL) with SSL

First you need to set your JDBC url to something like the following:
jdbc:mysql://whatever_publichost_your_db_has.rds.amazonaws.com/db_name?autoReconnect=true&useSSL=true&requireSSL=true

Notice the useSSL and requireSSL as connection parameters
Then you need to import the following SSL certificate into your Java cacerts trusted store:
sudo keytool -import -keystore /PathToYourJDK_OR_JRE_lib/security/cacerts -file path_to_downloaded_from_above_file/mysql-ssl-ca-cert.pem

Set the correct JDBC username/password when connecting and all should be fine.

Thursday, August 23, 2012

Spring security expressions not working with OAUTH2

When using spring security OAUTH2 in a client app, you will normally define an access decision manager like this:


That is needed to add the OAUTH2 scope voter to the auth decision process. Well, that is going to mess with the element if you're using it and have use-expressions="true". 

So even if you have:

your expressions will not work. You will get a stack trace like the following:

java.lang.IllegalArgumentException: Unsupported configuration attributes: [hasRole('ROLE_USER'), permitAll]...

That's because of the above custom definition of the accessDecisionManager bean. You need to switch the RoleVoter definition in the accessDecisionManager for a WebExpressionVoter in order for the web expressions to become available, just like this:


Here you go,
Enjoy Spring Security (with OAUTH2) as before.