The latest articles on DEV Community by Oskars (@oskarspakers). https://dev.to/oskarspakers https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F490583%2F010d10b2-098b-4a36-80f8-c1d3d7c9b111.png https://dev.to/oskarspakers en Oskars Wed, 20 Oct 2021 08:23:44 +0000 https://dev.to/oskarspakers/efficient-auditing-for-read-operations-4p3a https://dev.to/oskarspakers/efficient-auditing-for-read-operations-4p3a <p>Recently I ran into a scenario when the read operation was not performing well due to auditing requirements. If you need to persist an audit record on every read operation, writing to the database will most likely be the bottleneck.<br> There are a few improvements listed below that can be done to improve performance. Improvements are ordered by subjective performance gain.</p> <ol> <li>Defer writing audit records using asynchronous queue</li> <li>Consume records from the queue in batches and do bulk inserts</li> <li>Separate read and write operations and read data from replica</li> </ol> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--fxHFLqkn--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/f19jb9qm3m9stgcyydv5.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--fxHFLqkn--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/f19jb9qm3m9stgcyydv5.png" alt="Diagram for asynchronous auditing"></a></p> <p>Detailed descriptions of steps in the flow:</p> <ol> <li>User requests to get the status of something</li> <li>Application registers an event "getStatusCalled" that getStatus request has been performed.</li> <li>Application retrieves status from database standby node, thus not loading primary database node. The user receives a response</li> <li>Another application node (or same application node, but a different thread) periodically consumes "getStatusCalled" events in batches</li> <li>Application performs bulk insert to primary database node. Changes are replicated to the standby node using the database replication process.</li> </ol> <p>Have a feedback or improvement idea? Share it in a comment.</p> cqrs audit eventdriven Oskars Mon, 04 Jan 2021 14:02:27 +0000 https://dev.to/oskarspakers/import-pbkdf2-hashed-user-passwords-into-keycloak-571m https://dev.to/oskarspakers/import-pbkdf2-hashed-user-passwords-into-keycloak-571m <p>If you are in process of migrating to dedicated authentication provider Keycloak, you might need to retain original passwords from the source system.</p> <p>Since I spent some time on getting creating users with already hashed passwords to work with Keycloak, sharing the API call that is needed to achieve this. Tested with Keycloak 9.0.5<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>POST http://localhost:8080/auth/admin/realms/master/users Authorization: Bearer {{access_token}} Content-Type: application/json { "enabled": true, "attributes": {}, "username": "admin", "emailVerified": "", "credentials": [ { "credentialData": "{\"hashIterations\": 27500,\"algorithm\": \"pbkdf2-sha256\"}", "secretData": "{\"salt\": \"x/bm4Y3DcuV9eU97ervkPA==\",\"value\": \"1u7BLvfSPxQFpwc5jpGSA+88EGl9pZYKhaZ8YPIu9N4=\"}", "type": "password" } ] } </code></pre> </div> <p>Here salt must be Base64 encoded value.<br> An example creates a user with username "admin" and password "admin"</p> <p>There are also online tools available to encode raw passwords, for example, <a href="https://8gwifi.org/pbkdf.jsp">https://8gwifi.org/pbkdf.jsp</a>.</p> keycloak password authentication pbkdf2