CyberSecurity NP is an organization dedicated to promoting the education of cyber security nationally in local communities. Check out our Chapters
====================================================================================== This a sample demo to demonstrate how we can automate building an app, run a security scan and deploy it in the cloud
This is a sample application for using database services on Cloud Foundry with the Spring Framework and Spring Boot.
This application has been built to store the same domain objects in one of a variety of different persistence technologies - relational, document, and key-value stores. This is not meant to represent a realistic use case for these technologies, since you would typically choose the one most applicable to the type of data you need to store, but it is useful for testing and experimenting with different types of services on Cloud Foundry.
The application use Spring Java configuration and bean profiles to configure the application and the connection objects needed to use the persistence stores. It also uses the Spring Cloud Connectors library to inspect the environment when running on Cloud Foundry. See the Cloud Foundry documentation for details on configuring a Spring application for Cloud Foundry.
One Spring bean profile should be activated to choose the database provider that the application should use. The profile is selected by setting the system property spring.profiles.active
when starting the app.
The application can be started locally using the following command:
$ ./gradlew assemble
$ java -jar app.jar -Dspring.profiles.active=<profile>
where <profile>
is one of the following values:
in-memory
(no external database required)mysql
postgres
mongodb
redis
If no profile is provided, in-memory
will be used. If any other profile is provided, the appropriate database server must be started separately. The application will use the host name localhost
and the default port to connect to the database. The connection parameters can be configured by setting the appropriate Spring Boot properties.
If more than one of these profiles is provided, the application will throw an exception and fail to start.
When running on Cloud Foundry, the application will detect the type of database service bound to the application (if any). If a service of one of the supported types (MySQL, Postgres, Oracle, MongoDB, or Redis) is bound to the app, the appropriate Spring profile will be configured to use the database service. The connection strings and credentials needed to use the service will be extracted from the Cloud Foundry environment.
If no bound services are found containing any of these values in the name, then the in-memory
profile will be used.
If more than one service containing any of these values is bound to the application, the application will throw an exception and fail to start.
After installing the 'cf' command-line interface for Cloud Foundry, targeting a Cloud Foundry instance, and logging in, the application can be built and pushed using these commands:
$ ./gradlew assemble
$ cf push yourappname build/lib/appname.jar
The application will be pushed using settings in the provided manifest.yml
file. The output from the command will show the URL that has been assigned to the application.
Using the provided manifest, the application will be created without an external database (in the in-memory
profile). You can create and bind database services to the application using the information below.
Depending on the Cloud Foundry service provider, persistence services might be offered and managed by the platform. These steps can be used to create and bind a service that is managed by the platform:
# view the services available
$ cf marketplace
# create a service instance
$ cf create-service <service> <service plan> <service name>
# bind the service instance to the application
$ cf bind-service <app name> <service name>
# restart the application so the new service is detected
$ cf restart
Cloud Foundry also allows service connection information and credentials to be provided by a user. In order for the application to detect and connect to a user-provided service, a single uri
field should be given in the credentials using the form <dbtype>://<username>:<password>@<hostname>:<port>/<databasename>
.
These steps use examples for username, password, host name, and database name that should be replaced with real values.
# create a user-provided Oracle database service instance
$ cf create-user-provided-service oracle-db -p '{"uri":"oracle://root:[email protected]:1521/mydatabase"}'
# create a user-provided MySQL database service instance
$ cf create-user-provided-service mysql-db -p '{"uri":"mysql://root:[email protected]:3306/mydatabase"}'
# bind a service instance to the application
$ cf bind-service <app name> <service name>
# restart the application so the new service is detected
$ cf restart
To test the application with different services, you can simply stop the app, unbind a service, bind a different database service, and start the app:
$ cf unbind-service <app name> <service name>
$ cf bind-service <app name> <service name>
$ cf restart
Database drivers for MySQL, Postgres, MongoDB, and Redis are included in the project. To connect to an Oracle database, you will need to download the appropriate driver (e.g. from http://www.oracle.com/technetwork/database/enterprise-edition/jdbc-112010-090769.html?ssSourceSiteId=otnjp), add the driver .jar file to the src/main/webapp/WEB-INF/lib
directory in the project, and re-build the application .war file using ./gradlew assemble
.