My Shitty Code

Embracing the Messiness in Search of Epic Solutions

Tag: Java

  • Groovy: Handling Byte Order Marks When Reading a File

    PROBLEM Given a file with the following content:- When reading the file:- … the following values are printed:- Even though the value is trimmed, there is still a leading space in front of text. A further inspection reveals the leading space is not a regular space:- SOLUTION Some editors prepend a special Unicode character called […]

  • JEE Security: Preventing Clickjacking Attacks

    PROBLEM Clickjacking is an attack that tricks the users to perform unintended actions… see OWASP’s Testing for Clickjacking (OTG-CLIENT-009) SOLUTION To prevent clickjacking attacks, the app must set X-FRAME-OPTIONS header with an appropriate value:- If set correctly, the HTTPS response should show X-FRAME-OPTIONS header:- There are several ways to set this header. Solution 1: Using […]

  • JEE Security: Disabling HTTP OPTIONS method

    PROBLEM HTTP OPTIONS method is used to provide a list of methods that are supported by the web server. For example, the following shows both GET and HEAD are allowed on the given link:- Enabling OPTIONS may increase the risk of cross-site tracing (XST)… see OWASP’s Test HTTP Methods (OTG-CONFIG-006). SOLUTION There are several ways […]

  • Java: Exploring Preferences API

    BACKGROUND In any written scripts or rich client apps, there is almost a need to persist the user preferences or app configurations. Most of the time, we, the proud developers, handle that situation in very ad-hoc manner. When storing in a file, we use different formats: from old-boring XML, to cool-kid JSON, to even cooler-kid […]

  • JAXB2: Adding toString() to Generated Java Classes

    PROBLEM By default, the generated Java class prints the memory address when toString() is invoked. However, sometimes it is helpful to have a more meaningful toString() for debugging purposes. SOLUTION To fix this, configure maven-jaxb2-plugin to generate toString() based on the fields in the class:-

  • Spring Security SAML: Replacing SHA-1 with SHA-256 on Signature and Digest Algorithms

    PROBLEM By default, Spring Security SAML’s SAMLBootstrap uses SHA1withRSA for signature algorithm and SHA-1 for digest algorithm. For example, the above configuration will generate the following SAML request payload when using HTTP-POST binding:- Unfortunately, SHA-1 is now deemed insecure due to “Freestart Collision” attack. Further, most modern browsers have ceased to trust SHA-1 code signing […]