My Shitty Code

Embracing the Messiness in Search of Epic Solutions

Tag: Java

  • Spring Security SAML: Handling IdP’s Public Certificate When Loading Metadata Over HTTPS

    PROBLEM By default, when loading IdP’s metadata over HTTPS (ex: https://adfs-server/federationmetadata/2007-06/federationmetadata.xml), Spring Security SAML will perform the trust verification configured in JDK. However, there are times we do not have direct access to JDK home directory especially if the web apps are hosted on someone else’s JEE or PaaS servers. SOLUTION To fix this, the… Read More…

  • Java + SAML: Illegal Key Size

    PROBLEM When attempting to decrypt the SAML response from IdP, the following exception occurs:- SOLUTION When inspecting the SAML response payload below, the data is encrypted with AES-256:- By default, Java’s keysize is limited to 128-bit key due to US export laws and a few countries’ import laws. To fix this… Read More…

  • Spring Security SAML: Configuring Binding for Sending SAML Messages to IdP

    PROBLEM Depending on each institution’s Identity Provider (IdP) configuration, the Service Provider (Sp) may need to configure the correct binding for sending SAML messages to IdP. SOLUTION Using Spring Security SAML, the binding configuration is highlighted below:- HTTP-POST Binding Configuration:- Using HTTP-POST binding, the SAML message to IdP will contain the signature information:- HTTP-Redirect Binding… Read More…

  • Java + HTTPS: Unable to Find Valid Certification Path to Requested Target

    PROBLEM When invoking a HTTPS URL from Java, for example… …the following exception is thrown… SOLUTION 1: Disable SSL Validation – NOT RECOMMENDED One way is to simply disable the SSL validation by configuring SSLContext to trust all X.509 certificates before invoking the intended HTTPS URL. Unless you are writing test cases or implementing non-production… Read More…

  • Java + HTTPS: Handling ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

    PROBLEM When accessing HTTPS links from a local application server, the modern browser throws the following error message(s):- SOLUTIONS There are multiple solutions to this problem. SOLUTION 1: Disable browser check One way is to completely disable this check on the browser. For example, in Firefox, go to about:config and set security.ssl3.dhe_rsa_aes_128_sha and security.ssl3.dhe_rsa_aes_256_sha to… Read More…

  • Java: Builder for Immutable POJO

    PROBLEM Let’s assume we have an immutable Person object:- … and an immutable Car object:- To create the Person object, we need to write something like this:- If the POJO has a lot of properties, it becomes very difficult to keep track all the constructor argument positions. SOLUTION @mkarneim wrote a POJO Builder that creates… Read More…