My Shitty Code

Embracing the Messiness in Search of Epic Solutions

Home

Welcome to my encyclopedia of shitty code!

  • Spring Security SAML: Replacing SHA-1 with SHA-256 on Signature and Digest Algorithms

    PROBLEM By default, Spring Security SAML’s SAMLBootstrap uses SHA1withRSA for signature algorithm and SHA-1 for digest algorithm. For example, the above configuration will generate the following SAML request payload when using HTTP-POST binding:- Unfortunately, SHA-1 is now deemed insecure due to “Freestart Collision” attack. Further, most modern browsers have ceased to trust SHA-1 code signing… Read More…

  • Spring Security SAML: Handling IdP’s Public Certificate When Loading Metadata Over HTTPS

    PROBLEM By default, when loading IdP’s metadata over HTTPS (ex: https://adfs-server/federationmetadata/2007-06/federationmetadata.xml), Spring Security SAML will perform the trust verification configured in JDK. However, there are times we do not have direct access to JDK home directory especially if the web apps are hosted on someone else’s JEE or PaaS servers. SOLUTION To fix this, the… Read More…

  • Java + SAML: Illegal Key Size

    PROBLEM When attempting to decrypt the SAML response from IdP, the following exception occurs:- SOLUTION When inspecting the SAML response payload below, the data is encrypted with AES-256:- By default, Java’s keysize is limited to 128-bit key due to US export laws and a few countries’ import laws. To fix this… Read More…

  • Spring Security SAML: Configuring Binding for Sending SAML Messages to IdP

    PROBLEM Depending on each institution’s Identity Provider (IdP) configuration, the Service Provider (Sp) may need to configure the correct binding for sending SAML messages to IdP. SOLUTION Using Spring Security SAML, the binding configuration is highlighted below:- HTTP-POST Binding Configuration:- Using HTTP-POST binding, the SAML message to IdP will contain the signature information:- HTTP-Redirect Binding… Read More…

  • There are no Limits…

    Bruce had me up to three miles a day, really at a good pace. We’d run the three miles in twenty-one or twenty-two minutes. Just under eight minutes a mile [Note: when running on his own in 1968, Lee would get his time down to six-and-a-half minutes per mile]. So this morning he said to… Read More…

  • Java + HTTPS: Unable to Find Valid Certification Path to Requested Target

    PROBLEM When invoking a HTTPS URL from Java, for example… …the following exception is thrown… SOLUTION 1: Disable SSL Validation – NOT RECOMMENDED One way is to simply disable the SSL validation by configuring SSLContext to trust all X.509 certificates before invoking the intended HTTPS URL. Unless you are writing test cases or implementing non-production… Read More…

  • Java + HTTPS: Handling ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

    PROBLEM When accessing HTTPS links from a local application server, the modern browser throws the following error message(s):- SOLUTIONS There are multiple solutions to this problem. SOLUTION 1: Disable browser check One way is to completely disable this check on the browser. For example, in Firefox, go to about:config and set security.ssl3.dhe_rsa_aes_128_sha and security.ssl3.dhe_rsa_aes_256_sha to… Read More…

  • Maven: Bundling and Unpacking Native Libraries

    Introduction Steps to bundle the native libraries to be pushed to Nexus, and to unpack the native libraries on mvn package. Bundling Native Libraries into a JAR File Let’s assume we have the following native libraries for multiple platforms:- Create a jar that contains these native libraries. The -C options prevents the native folder from… Read More…

  • IntelliJ IDEA: Configuring Default Project Settings

    PROBLEM When creating or checking out a project for the first time in IntelliJ IDEA, we may need to reconfigure the project settings. My biggest pain is IntelliJ IDEA will always use the wrong Maven version when I check out the project from the source control. SOLUTION The good news is there is a way… Read More…

About Author

This author has 20+ years of experience in software engineering and cloud engineering. In an industry where knowledge becomes obsolete in the next three months, he learns anything that crosses his path indiscriminately. He floats from one technology to another like a moth and stings the problem sets like a mosquito. This author codes Java while drinking Espresso and writes Spock specifications while listening to Groovy beats. He masters Google Cloud Platform just like how he masters the art of predicting the movement of dark clouds over his backyard, where 60% of the time, he is right every time.

This author suffers from the Dunning-Kruger effect, where he overestimates his competence and underestimates his ignorance. Technology buzzwords never faze him, for he does not know enough to be afraid of in the first place. GCP, GCS, GCR, GKE, GWT… everything sounds the same to him. He never fears acronyms, synonyms, or antonyms, for he has ChatGPT in his back pocket. This author is a jack of all trades but a master of none. He writes like he knows all the answers, yet he googles for better solutions from elsewhere. He fakes it until he makes it; if he doesn’t, that’s okay because he has the attention span of a squirrel. The blog posts are his buried walnuts, in case he needs them one day.

In conclusion, this author is full of something. He apologizes in advance if you are trying to solve your company’s real problems with his shitty solutions. There, he has successfully written paragraphs of nonsense because every professional blogging website needs a section about the author, with a too-cool-to-smile portrait staring sideways into the abyss.