Scan a Redis Cluster

The Redis SCAN command allows you to iterate over the key space. On a single Redis node you can SCAN all keys or just keys matching a pattern. It’s a slow operation: O(N) where N is the number of keys in the database. However, it can be useful when you want to view every item in the database or when there’s no way to find your values without traversing everything. Due to the way that Redis shards data though, it may be difficult to SCAN keys on a Redis Cluster. It is possible but it takes a little more work.

Read more »

Spring4Shell

The Spring4Shell (CVE-2022-22965) critical severity vulnerability in Spring Framework allows remote code execution (RCE). At time of writing, it can be exploited only in very specific scenarios. However, Spring have made a patch available (Spring Framework version 5.3.18 and 5.2.20) and I strongly advise you to take them, even if you’re not running the exploitable setup.

Read more »

Spring Security delegating password encoder

The new DelegatingPasswordEncoder provides support for multiple PasswordEncoder implementations, many of which are available in Spring Boot applications with default configuration. This makes it possible to select an algorithm at run time and to have a database containing password hashes with different algorithms.

Read more »

Testing Spring reactive WebClient

The reactive WebClient does not yet have the mature test support that RestTemplate now has. There is not yet a standard recipe to test Spring WebClient applications. No doubt support will be improved in future versions but for now, here’s what works for me.

Read more »

Securing a Zookeeper ensemble

Even in secured networks, it’s a good idea to use some of the security features available in Zookeeper. In this post we’ll look at two security mechanisms: mutual TLS (mTLS) and SASL authentication. We’ll set up these security features on the server-server communication (leader election protocols) and client-server communication (Kafta to Zookeeper).

Read more »

Building a Zookeeper ensemble

Some notes on setting up and configuring a Zookeeper ensemble. Many guides use some shortcuts to setting up the ensemble such as running multiple Zookeeper instances on a single machine or running them in Docker. Both require some workarounds to make it work. As a better example, this guide runs three Zookeeper instances across three different VMs.

Read more »

Microsoft Bot Framework Part 3: Connect to channels

In the first two parts we built a bot using the Microsoft Bot Framework SDK and registered it in Azure. In this third and final part we’ll consume the bot using three of the available Bot Framework Channels: A simple chat component on a web page, SMS text and a fully custom Node.js application.

Read more »

Microsoft Bot Framework Part 2: Build a bot with Bot Framework SDK

In the first part, we created an Azure Bot registration and connected to a demo bot application. In this part we’ll swap out the demo bot for one we’ve built using the Microsoft Bot Framework SDK.

Read more »

Microsoft Bot Framework Part 1: Create an Azure Bot Resource

In this part, I’ll register and configure a bot with Microsoft Azure Bot Service. It might seem odd to start here rather than going straight into the application code. However, getting this step out of the way gives us something simple to play with that works end to end.

Read more »

Exception handling in ScheduledExecutorService

Java’s ScheduledExecutorService allows you to schedule Runnable tasks without having to worry too much about creating Threads. But how do we handle this exception? We have a few options.

Read more »