My Shitty Code

Embracing the Messiness in Search of Epic Solutions

Tag: Spring Boot

  • Feign + Eureka: UnknownHostException when Attempting to Invoke a Service

    PROBLEM When attempting use Feign to invoke a service through Eureka, the following exception occurs:- SOLUTION Go to the donkey-kong-service app and add the following line to the Now, when Feign tries to invoke the service, the IP address will be used instead of the OS’ reported hostname.

  • Spring Boot: Restarting App using Dev Tools with IntelliJ IDEA

    Spring Boot provides spring-boot-devtools module that allows the app to “smartly” restart whenever the files on the classpath have changed. Because the rarely changed classes (ex: 3rd party JARs) are separated out into a different classloader from the app’s actively developed classes’ classloader, it allows Spring Boot to quickly restart the app compared to “cold […]

  • Spring Boot: Connecting to IBM MQ over JMS using non-IBM JRE

    There are several ways to connect to IBM MQ:- This article shows you how to connect with Spring’s JmsTemplate. CONNECTIVITY INFO Typically, the MQ admin will provide the following connectivity info that allows you to connect to MQ:- DEPENDENCY Add the following dependency:- SPRING CONFIGURATION While the connectivity info can be hardcoded in Spring Boot’s […]

  • JEE Security: Preventing Clickjacking Attacks

    PROBLEM Clickjacking is an attack that tricks the users to perform unintended actions… see OWASP’s Testing for Clickjacking (OTG-CLIENT-009) SOLUTION To prevent clickjacking attacks, the app must set X-FRAME-OPTIONS header with an appropriate value:- If set correctly, the HTTPS response should show X-FRAME-OPTIONS header:- There are several ways to set this header. Solution 1: Using […]

  • JEE Security: Disabling HTTP OPTIONS method

    PROBLEM HTTP OPTIONS method is used to provide a list of methods that are supported by the web server. For example, the following shows both GET and HEAD are allowed on the given link:- Enabling OPTIONS may increase the risk of cross-site tracing (XST)… see OWASP’s Test HTTP Methods (OTG-CONFIG-006). SOLUTION There are several ways […]