Doorgaan naar hoofdcontent

Posts

Posts uit 2018 tonen

Spring overriding beans

So we have a bean of type FunkyClass and we want to override it. How? Well, we have the @Ordered annotation, which allows us to define the order when there are multiple beans of the same type. However, what happens when we only want one? Spring does not automatically take the highest order. To override a bean, you can use the @Primary annotation :)

git partial revert

So, apparently I removed an entire directory. A long time ago in the history. But I want it back. I want it back for good. git checkout <commit id> -- <path-to-directory> Will checkout the directory nicely, thus restoring it. Also for files, etc.

And along comes a visitor

Every time I look at a visitor pattern, I wonder, why. What is the use of this thing? Especially, when I consider modularity, I just don't understand. Let's say I have different objects: Door Engine Wheel Blinker Trunk Chair (all of them are CarParts , of course) When there's a cross-cutting concern which needs to be handled, the discussion arises: do you modify all the objects (say, they need a getCustomerValue, getBuildValue, getProductionTime, getSupplier, getRequiredComponents , for example, since we're using these parts in a factory and we need those), or maybe do you want all Supplier code to be in the same spot (since else knowledge of all suppliers gets scattered around, and you'd want it in a single spot) For the last, the code would get pretty messy. it would look something like Suppliers.getSupplierOf(Carpart part) { if(part instanceOf Door) {   return "supplierOne"; } if( part instanceOf Engine) {    if(((...

xml modification

So I wanted to modify some xml. And yes, that might mean xslt. However, the modification wasn't nice... in Java, it was fine, but to do that in xslt... rather not. So, I ventured into the world of 'how do you call java from xslt'. Of course, you can. Of course, you need to use Saxon. Of course, then you need a PAYED version of Saxon ... Sigh. I guess I'll stick to flat xslt and a lot of work then. Just to remember how it *can* be done: <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:imro="http://www.geonovum.nl/imro/2012/1.1" xmlns:gml="http://www.opengis.net/gml/3.2"  xmlns:java="http://xml.apache.org/xalan/java" exclude-result-prefixes="java" >     <xsl:output method="xml" encoding="utf-8" indent="yes"/>     <!-- Identity template : copy all text nodes, elements and attributes -->       <xsl:template match=...

Your own security annotation

So, I'm on a small project which has some multi-tenancy. Simply put; user A can see the bananas on his trees, and user B can see the bananas on his own trees... but they can't see each others. But it's restfull, so ideally, you'd call something like /tree/{tree-id}/bananas And since we know who's executing the call (since it's authenticated), we can verify that it's user A calling us, and then check which trees he can see. If he's trying to be sneaky, and does a restcall with a treeId of B, a security violation should occur. Okay, so how do we do that? Well, the application has a controller for that, and we'd want to secure it there. So, assume we have the following code: public List<Banana> getBananasOfTree(String tree) Since it's supposed to be annotated, we'd use something like this: @RequestMapping("/tree/{tree-id}/bananas") @Secured // or some other requirement  public List<Banana> getBananasOfTree(@Pat...

OSGI insights without sonar

So I was on a project without sonar. Oh my. Well, it was an OSGI project, so the problems couldn't be that bad, right? But how good were they (and what things were bad?) I found Stan4j , a code analysis tool for eclipse, which draws nice graphs and can handle osgi pretty well it seems. Now I can see that dependencies/bundle names aren't properly aligned (even though OSGI doesn't complain), etc.

So that security thing

Well, web security is tricky. However, Mozilla can go to the rescue! They have the observatory ( https://observatory.mozilla.org/) It can scan a webpage for you and give it a bit of a rating. Its just a static check, on headers, etc. But it shows how far you've narrowed down your attack surface. Of course, it doesn't say anything against actual attacks (get ZAP for that)