JNCryptor has moved to GitHub

The JNCryptor project has moved to GitHub. This was partly triggered by Google’s removal of a download facility from Google Code, but also due to Rob Napier’s plans to consolidate all RNCyptor implementations into one single project.

Visit JNCryptor at https://github.com/RNCryptor/JNCryptor and view all the implementations at https://github.com/RNCryptor. Currently there are implementations in objective-c (the original), PHP, Java, Javascript, Python and Ruby.

Using Marker Interfaces in Spring

Marker interfaces are an efficient method of injecting Spring dependencies. By implementing a marker interface, a bean tells the Spring container that it wishes to be injected with a dependency. An example from the Spring core is MessageSourceAware, shown below:

public interface MessageSourceAware {
  void setMessageSource(MessageSource messageSource);
}

Any bean that implements MessageSourceAware will be automatically injected with a MessageSource after the bean is constructed.

To do this for your own classes, begin by creating an appropriate marker interface:

public interface FooAware {
  void setFoo(Foo foo);
}

Then, create a class that implements BeanPostProcessor. Spring spots beans that implement this interface and allows them an opportunity to fiddle with beans after they are constructed, but before they are made available to other beans. We also implement ApplicationContextAware, which is a marker interface that provides us with access to the application context.

public class MarkerInterfaceProcessor implements BeanPostProcessor,
		ApplicationContextAware {

	private ApplicationContext applicationContext;

	@Override
	public Object postProcessBeforeInitialization(Object bean,
			String beanName) throws BeansException {

		if (bean instanceof FooAware) {
			((FooAware) bean).setFoo(applicationContext
					.getBean(Foo.class));
		}

		return bean;
	}

	@Override
	public Object postProcessAfterInitialization(Object bean,
			String beanName) throws BeansException {
		// We have no need to adjust the bean after initialization
		return bean;
	}

	@Override
	public void setApplicationContext(
			ApplicationContext applicationContext)
			throws BeansException {
		this.applicationContext = applicationContext;
	}
}

A single class can be used to inject all the marker interface dependencies in your project – just add additional instanceof clauses. The final step is to tell Spring that your MarkerInterfaceProcessor class exists. There is no need to give the bean an id or a name, just declaring it is sufficient:

<bean class="com.foo.MarkerInterfaceProcessor" />

JNCryptor Promoted!

Thanks to Rob Napier for promoting JNCryptor on his twitter feed. Rob is the author of the original RNCryptor library, which I ported to Java.

JNCryptor from Duncan Jones: Java port of RNCryptor. Share well-encrypted data between Cocoa and Java! http://t.co/1l2uhNzt
@cocoaphony
Rob Napier

The same encryption format is now supported in objective-c, ANSI C and Java, with a PHP implementation semi-completed. It demonstrates how desperately the security community needed a simple format for storing symmetrically-encrypted data alongside salt and IV values! Well done, Rob.

A bad start for a security blog

No sooner had I signed up for my (admittedly cheap) web hosting than the following email arrived:

Thank you for signing up with us. Your new account has been setup and you can now login to our client area using the details below.

Email Address: foo@bar.com
Password: 2jlk987FHasd0

Great – they almost certainly store my password unhashed. Luckily I use LastPass to produce random passwords for each site, so they’ve not learnt an “important” one, but that’s hardly the point. I’ll be opening my first support ticket this evening to ask them for an explanation!