Apache Shiro 1.2.0+ (JDBC Realm) and Glassfish 3.1.1+

Lately, I’ve been experimenting with Apache Shiro for securing my Java EE applications. My focus so far has been to implement an authentication mechanism backed by a MySQL database and to be ran on top of a Glassfish container.

I’m sharing these experiments at my Github page. Feel free to take a look, copy and eventually create pull requests for your own additions/optimizations.

Gerrit + Jenkins in LDAP environment

Today, I got Gerrit integrated with Jenkins. Even though there’s good info on the web on how to get this beautiful couple working together, I lack the explanation on how to configure Gerrit SSH for Jenkins usage when Gerrit authenticates its users on a LDAP service.

First of all, the Gerrit instance I’m working on is authenticating against the company LDAP directory. Nothing new here as LDAP users can log-in sucessfully. Now, the thing is Gerrit process is not running as an LDAP user, but rather an Unix one (local) and we need a Gerrit user (non-local) with a public SSH key for Jenkins to be able to acess the code review tool.

The confusion was set! How would I authenticate Jenkins without an LDAP user created for this sole purpose?! gerrit create-account is the way to go!

For this command to work, you must have an authenticated user in Gerrit with administrative privileges and public SSH key set.

First, let’s create a key for the user that Jenkins is going to use:

ssh-keygen -t rsa -b 2048

You should now have two new files, a private key and a public key. Never ever give the private key!! Imagining your recently created public key file is named id_rsa.pub and that you’ve got an xpto user configured in Gerrit as part of the group Administrators, let’s add thevirtual user:

cat id_rsa.pub | ssh -p 29418 xpto@gerrit.example.com gerrit create-account --ssh-key - jenkins

It should be OK now! Just install Gerrit Trigger Jenkins plug-in and configure it as described in the documentation. It won’t take more than two minutes before you’ve got Gerrit shaking hands with Jenkins 🙂