Tag: Spring
-
Spring Web: Encode ‘+’ Value Using UriComponentsBuilder
PROBLEM Given the following code… When using Spring Web 4.3.18.RELEASE, the URL is properly encoded:- However, when using version between 5.0.0.RELEASE and 5.0.7.RELEASE, the URL containing “+” value does not get encoded:- SOLUTION There is a ticket opened regarding this breaking change. To properly encode “+” value, use 5.0.8.RELEASE or later. Then, ensure encode() is… Read More…
-
JEE Security: Preventing Clickjacking Attacks
PROBLEM Clickjacking is an attack that tricks the users to perform unintended actions… see OWASP’s Testing for Clickjacking (OTG-CLIENT-009) SOLUTION To prevent clickjacking attacks, the app must set X-FRAME-OPTIONS header with an appropriate value:- If set correctly, the HTTPS response should show X-FRAME-OPTIONS header:- There are several ways to set this header. Solution 1: Using… Read More…
-
JEE Security: Disabling HTTP OPTIONS method
PROBLEM HTTP OPTIONS method is used to provide a list of methods that are supported by the web server. For example, the following shows both GET and HEAD are allowed on the given link:- Enabling OPTIONS may increase the risk of cross-site tracing (XST)… see OWASP’s Test HTTP Methods (OTG-CONFIG-006). SOLUTION There are several ways… Read More…
-
Spring + Ehcache: XML-less Spring Configuration for Ehcache 2.x vs Ehcache 3.x
BACKGROUND The documentation on the web regarding Ehcache 3.x configuration using Spring is rather lacking. There is apparently a very distinct difference in Spring Java-based configuration between Ehcache 2.x vs Ehcache 3.x. Spring + Ehcache 2.x Dependency:- Spring configuration:- Spring + Ehcache 3.x Dependency:- Spring configuration:- Read More…
-
LdapTemplate: javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ‘…’
BACKGROUND Let’s assume we have the following LDAP configuration… When running any LDAP query, the following exception is thrown:- SOLUTION There are 3 solutions to this problem. Query against Gobal Catalog To prevent the referral issues when dealing with Active Directory, we may query against the Global Catalog by using port 3268. The possible downside… Read More…
-
LdapTemplate: AttributesMapper vs ContextMapper
BACKGROUND When using Spring’s LdapTemplate, there are two ways to transform the queried results: AttributesMapper and ContextMapper. Here’s the comparison between these mapper classes. AttributesMapper If you are migrating your existing LDAP queries to Spring’s LdapTemplate, AttributesMapper seems ideal because you can copy most of the code over because it provides javax.naming.directory.Attributes. However, you have… Read More…