Month: March 2015
-
Spring Security: Invalid CSRF Token ‘null’ was found on the request parameter ‘_csrf’ or header ‘X-CSRF-TOKEN’
PROBLEM With Spring Security 4.x, the CSRF protection is enabled by default. You may disable it, but to be more aligned with OWASP and the industry security standard, it’s best to leave this setting the way it is. Learn more about CSRF attack… To prevent this attack, Spring Security 4.x requires you to attach a… Read More…
-
Jackson 2.x: JSON Serialization Difference for Map.Entry between 2.4.x vs 2.5.x
It appears Jackson 2.4.5 and 2.5.1 behave a little differently when handling Map.Entry. Let’s assume we have the following bean:- We have a simple Spring MVC rest controller that creates this bean and returns the JSON data back to the client:- Jackson 2.4.5 generates the following JSON:- Jackson 2.5.1 generates the following JSON:- Read More…
-
Spring MVC: Handling Joda Data Types as JSON
PROBLEM Let’s assume we have the following bean that contains Joda’s LocalDate and LocalDateTime objects:- This simple Spring MVC rest controller creates this bean and returns the JSON data back to the client:- By default, the generated JSON looks like this:- How do we nicely format these values and still retain the correct data types… Read More…