2018/02/27

2018/02/14

[Fortify] Fix Cross-Site Scripting: Persistent

Problem


Before
Code snippet in JSP file:
1
2
    String content = report.getContent();
    out.print(content);


After

Add dependency in pom.xml
1
2
3
4
5
    <dependency>
        <groupId>org.owasp.encoder</groupId>
        <artifactId>encoder</artifactId>
        <version>1.2.1</version>
    </dependency>

Updated code snippet in JSP file:
1
2
3
4
5
    <%@ page import="org.owasp.encoder.Encode"%>


    String content = report.getContent(acct_no,schema+"://"+server+":"+port);
    out.print(Encode.forHtml(content));    


Reference
[1] https://github.com/OWASP/owasp-java-encoder/wiki/2)-Use-the-OWASP-Java-Encoder

2018/02/13

[HP Laptop] Function Keys 問題

Problem
剛拿到 HP Laptop 時,發現當我要按 F1 ~ F12 按鈕,都需要先按下 fn key 才能使用,若否則會啟動音量調整、螢幕亮度調整的功能。該如何設定,讓與系統預設的設定對調?


How-To
須進入BIOS Setup 畫面進行設定,處理流程如下



Screenshot for Step 2


Screenshot for Step 3 and Step 4


Screenshot for Step 5


2018/02/12

[Jackson] How to convert JSON string to YAML?

Problem
Assume I have a JSON string:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
{
 "id": 1,
 "name": "Albert",
 "email": "albert@gmail.com",
 "phone": "0900123456",
 "address": {
  "streetAddress": "信義區信義路五段7號",
  "city": "台北市",
  "zipCode": "110"
 }
}


I would like to convert JSON string to YAML:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
 ---
id: 1
name: "Albert"
email: "albert@gmail.com"
phone: "0900123456"
address:
  streetAddress: "信義區信義路五段7號"
  city: "台北市"
  zipCode: "110"
 



How to do it?

How-To
Take advantage of libraries can fulfill this requirement.

Add the following dependencies in pom.xml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 <dependency>
  <groupId>com.fasterxml.jackson.core</groupId>
  <artifactId>jackson-core</artifactId>
  <version>2.9.3</version>
 </dependency>

 <dependency>
  <groupId>com.fasterxml.jackson.core</groupId>
  <artifactId>jackson-databind</artifactId>
  <version>2.9.3</version>
 </dependency>

 <dependency>
        <groupId>com.fasterxml.jackson.core</groupId>
  <artifactId>jackson-annotations</artifactId>
  <version>2.9.3</version>
 </dependency>

 <dependency>
  <groupId>com.fasterxml.jackson.dataformat</groupId>
  <artifactId>jackson-dataformat-yaml</artifactId>
  <version>2.9.3</version>
 </dependency>

Here has sample code:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
  package test.albert.jackson;
  
  import java.io.IOException;
  
  import com.fasterxml.jackson.databind.JsonNode;
  import com.fasterxml.jackson.databind.ObjectMapper;
  import com.fasterxml.jackson.dataformat.yaml.YAMLMapper;
  
  import lombok.extern.slf4j.Slf4j;
  
  @Slf4j
  public class JacksonTest {
  
      public static void main(String[] args) throws IOException {
          Address address = Address.builder().zipCode("110").city("台北市").streetAddress("信義區信義路五段7號").build();
          Employee albert = Employee.builder().id(1).name("Albert").email("albert@gmail.com").phone("0900123456")
                  .address(address).build();
  
          
          ObjectMapper mapper = new ObjectMapper();
          
          // convert object to JSON
          String json = mapper.writeValueAsString(albert);
          log.debug(json);
          
          // convert JSON to YAML
          JsonNode jsonNode = mapper.readTree(json);
          String yaml = new YAMLMapper().writeValueAsString(jsonNode);
          log.debug("yaml = \n " + yaml);
      }
  
  }



2018/02/11

[Liquibase] How to fix checksum validation error

Problem
I am editing changelog-master.yaml, I got error message as I start up Spring boot:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'liquibase' defined in class path resource [org/springframework/boot/autoconfigure/liquibase/LiquibaseAutoConfiguration$LiquibaseConfiguration.class]: 
Invocation of init method failed; nested exception is liquibase.exception.ValidationFailedException: Validation Failed:
     1 change sets check sum
          classpath:/db/changelog/db.changelog-master.yaml::1::albert was: 7:6e574692a29b35c6788f06c99fe2eecc but is now: 7:c5994a0c5ad9c2ba211a4f8e3ced2ec9


How-To
Here has the process to solve this problem:
1. drop all tables which had already created in liquibase
2. clear all data in databasechangelog table
delete from databasechangelog


2018/02/10

[Ant] java.lang.UnsupportedClassVersionError: com/sun/tools/javac/Main : Unsupported major.minor version 52.0

Problem
When I use Ant 1.10.1 to build my Java project, it occurs error as bellows:
java.lang.UnsupportedClassVersionError: org/apache/tools/ant/launch/Launcher : Unsupported major.minor version 52.0

How-To

The problem is 1.10.x releases require Java 8 at run time, but I am using Java 7 in my project.
Therefore, I need to use Ant 1.9.x releases instead of 1.10.x releases



2018/02/09

[Maven] How to stop Maven to check for updates for artifacts in offline mode ?

Problem
I am using offline mode to build my project, the command is as bellows:
mvn -o -Dmaven.repo.local="C:/Users/albert/.m2" clean install -Dmaven.test.skip=true

During the build process, Maven still check for updated for certain artifacts even in offline mode. How to avoid it?


How-To

Go to your local repository (ex. C:/Users/albert/.m2), and delete all *.lastupdated and _remote.repositories files.
Then Maven won't check updates any more.




2018/02/08

[PostgreSQL] How to assign customized numbering rule in primary key

Problem
Assume I have a table, loan_main, which have a primary key, loan_id, with numbering rule : LN_YYYYMMDD_9999999999.
How to insert data into loan_main automatically without caring how to build loan_id with this numbering rule.

How-to


In this case, we need to know
1. how to concatenate string, i.e. ||
2. how to get current date with specific format:
select to_char(now(), 'YYYYMMDD')

3. how to get value from sequence and pad zero to the left:

select LPAD(nextval('loan_sequence')::text, 10, '0')


The syntax looks like:
ALTER TABLE loan_main ALTER COLUMN loan_id SET DEFAULT ('LN_' || (to_char(now(), 'YYYYMMDD')) || '_' || LPAD(nextval('loan_sequence')::text, 10, '0'));





2018/02/07

Java Bean Validation example

Add dependencies to your pom.xml
    <!-- validation start  -->
    <dependency>
        <groupId>javax.validation</groupId>
        <artifactId>validation-api</artifactId>
        <version>2.0.0.Final</version>
    </dependency>

    <dependency>
        <groupId>org.hibernate</groupId>
        <artifactId>hibernate-validator</artifactId>
        <version>6.0.2.Final</version>
    </dependency>

    <dependency>
        <groupId>org.glassfish</groupId>
        <artifactId>javax.el</artifactId>
        <version>3.0.1-b08</version>
    </dependency>
    <!-- validation end -->
        
    <!-- DI start -->
    <dependency>
        <groupId>com.google.inject</groupId>
        <artifactId>guice</artifactId>
        <version>4.1.0</version>
    </dependency>
    <!-- DI end -->
        
    <!-- lombok -->
    <dependency>
        <groupId>org.projectlombok</groupId>
        <artifactId>lombok</artifactId>
        <version>$1.16.18</version>
        <scope>provided</scope>
    </dependency>
    
    <dependency>
        <groupId>com.google.guava</groupId>
        <artifactId>guava</artifactId>
        <version>21.0</version>
    </dependency>


Scenario
Assume I have a Customer bean, it have 6 attributes which include id, name, gender, age, email and dateOfBirth.
These attributes have its validation rules:

  1. id should not be null
  2. name should not by null or empty
  3. gender should not be null
  4. age should be between 18 and 60
  5. email should not be null or empty and should have valid format
  6. dateOfBirth should be before today


The Java bean with bean validation annotation looks like:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
package albert.practice.validation;

import java.util.Date;

import javax.validation.constraints.Email;
import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Past;

import org.hibernate.validator.constraints.Range;

import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.ToString;

@AllArgsConstructor
@NoArgsConstructor
@ToString
@Data
public class Customer {
    public static enum Gender {
        MALE, FEMALE;
    }

    @NotNull(message = "顧客編號不可為 null")
    private Long id;

    @NotEmpty(message = "姓名不可為空")
    private String name;

    @NotNull(message = "性別不可為空")
    private Gender gender;

    @Range(min = 18, max = 60, message = "年齡必須介於 18 到 60 歲之間")
    private Integer age;

    @NotEmpty(message = "Email 不可為空")
    @Email(message = "Email 格式不合法")
    private String email;
    
    @Past(message = "生日必須要今天以前")
    private Date dateOfBirth;
}


Assume I have a CustomerService class to create Customer, it should validate Customer Java Bean before do insert. The main validate logic will be in validate method (line 25 ~ 38).
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
package albert.practice.validation;

import java.util.ArrayList;
import java.util.List;
import java.util.Set;

import javax.validation.ConstraintViolation;
import javax.validation.Validation;
import javax.validation.Validator;

import com.google.common.base.Joiner;
import com.google.common.base.Strings;
import com.google.inject.Singleton;

import lombok.extern.slf4j.Slf4j;

@Slf4j
@Singleton
public class CustomerService {

    public void create(Customer customer) {
        validate(customer);
    }

    public static void validate(Object obj) {
        List<String> errors = new ArrayList<>();

        Validator validator = Validation.buildDefaultValidatorFactory().getValidator();
        Set<ConstraintViolation<Object>> violations = validator.validate(obj);
        for (ConstraintViolation<Object> violation : violations) {
            errors.add(violation.getMessage());
        }

        String completeErrorMsg = Joiner.on("\n").join(errors);
        if (!Strings.isNullOrEmpty(completeErrorMsg)) {
            throw new IllegalArgumentException(completeErrorMsg);
        }
    }

}



The resource class will prepare Customer Object and invoke create method which provide by CustomerService
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
package albert.practice.validation;

import com.google.inject.Guice;
import com.google.inject.Inject;

public class CustomerResource {

 @Inject
 private CustomerService service;
 
 public static void main(String[] args) {
    Customer customer = new Customer();
    customer.setId(null);
    customer.setAge(12);
    customer.setEmail("test@gmail.");
  
    new CustomerResource().createCustomer(customer);
 }
 
 public void createCustomer(Customer customer){
    service = Guice.createInjector().getInstance(CustomerService.class);
    service.create(customer);
 }
 
}


Execution message in console:
1
2
3
4
5
6
7
8
9
Exception in thread "main" java.lang.IllegalArgumentException: 性別不可為空
年齡必須介於 18  60 歲之間
Email 格式不合法
顧客編號不可為 null
姓名不可為空
 at albert.practice.validation.CustomerService.validate(CustomerService.java:35)
 at albert.practice.validation.CustomerService.create(CustomerService.java:20)
 at albert.practice.validation.CustomerResource.createCustomer(CustomerResource.java:22)
 at albert.practice.validation.CustomerResource.main(CustomerResource.java:17)



2018/02/06

[JSR 303 - Bean Validation] HV000183: Unable to initialize 'javax.el.ExpressionFactory'.

Problem
I am using JSR 303 to do bean validation.

When I try to initialize 
Validator instance ..... 
Validator validator = Validation.buildDefaultValidatorFactory().getValidator(); 

But I get the following error message: 

Exception in thread "main" javax.validation.ValidationException: HV000183: Unable to initialize 'javax.el.ExpressionFactory'. Check that you have the EL dependencies on the classpath, or use ParameterMessageInterpolator instead
 at org.hibernate.validator.messageinterpolation.ResourceBundleMessageInterpolator.buildExpressionFactory(ResourceBundleMessageInterpolator.java:115)
 at org.hibernate.validator.messageinterpolation.ResourceBundleMessageInterpolator.<init>(ResourceBundleMessageInterpolator.java:46)
 at org.hibernate.validator.internal.engine.ConfigurationImpl.getDefaultMessageInterpolator(ConfigurationImpl.java:420)
 at org.hibernate.validator.internal.engine.ConfigurationImpl.getDefaultMessageInterpolatorConfiguredWithClassLoader(ConfigurationImpl.java:596)
 at org.hibernate.validator.internal.engine.ConfigurationImpl.getMessageInterpolator(ConfigurationImpl.java:355)
 at org.hibernate.validator.internal.engine.ValidatorFactoryImpl.<init>(ValidatorFactoryImpl.java:149)
 at org.hibernate.validator.HibernateValidator.buildValidatorFactory(HibernateValidator.java:38)
 at org.hibernate.validator.internal.engine.ConfigurationImpl.buildValidatorFactory(ConfigurationImpl.java:322)
 at javax.validation.Validation.buildDefaultValidatorFactory(Validation.java:103)
 at albert.practice.validation.CustomerService.validate(CustomerService.java:38)
 at albert.practice.validation.CustomerService.create(CustomerService.java:21)
 at albert.practice.validation.CustomerService.main(CustomerService.java:32)
Caused by: java.lang.NoClassDefFoundError: javax/el/ELManager
 at org.hibernate.validator.messageinterpolation.ResourceBundleMessageInterpolator.buildExpressionFactory(ResourceBundleMessageInterpolator.java:107)
 ... 11 more
Caused by: java.lang.ClassNotFoundException: javax.el.ELManager
 at java.net.URLClassLoader.findClass(Unknown Source)
 at java.lang.ClassLoader.loadClass(Unknown Source)
 at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
 at java.lang.ClassLoader.loadClass(Unknown Source)
 ... 12 more
    



How-to
Add this dependency to your pom.xml
    <dependency>
        <groupId>org.glassfish</groupId>
        <artifactId>javax.el</artifactId>
        <version>3.0.1-b08</version>
    </dependency>



Reference
[1] https://stackoverflow.com/questions/42718869/hibernate-validation-unable-to-initialize-javax-el-expressionfactory-error

2018/02/05

[Google Guice] Dependency Injection Example

Google Guice is the framework to automate the dependency injection in applications. Google Guice is one of the leading frameworks whose main work is to provide automatic implementation of dependency injection. 



How-To
Step 1. Add dependency in your pom.xml
1
2
3
4
5
    <dependency>
        <groupId>com.google.inject</groupId>
        <artifactId>guice</artifactId>
        <version>4.1.0</version>
    </dependency>


Step 2. Create a service class to retrieve a person's contact people
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
package albert.practice.guice;

import java.util.List;

import com.google.common.collect.ImmutableList;
import com.google.inject.Singleton;

import lombok.extern.slf4j.Slf4j;

@Slf4j
@Singleton
public class ContactService {

    public List<Contact> getContacts(String id) {
        log.debug("person id is " + id);
        return ImmutableList.of(new Contact("Mandy", "0912111111"), new Contact("Dad", "0911111111"),
                new Contact("Mom", "0922222222"));
    }

}


Step 3. Create a resource to inject service class and retrieve person's contact people 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
package albert.practice.guice;

import java.util.List;

import com.google.inject.Inject;


public class PersonResource {
 
    @Inject
    private ContactService contactService;
    
    public List<Contact> getContacts(String id) {
        return contactService.getContacts(id);
    }
    
}



Step 4. Create a test class
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
package albert.practice.guice;

import static org.junit.Assert.assertEquals;

import java.util.List;

import org.junit.Before;
import org.junit.Test;

import com.google.inject.Guice;

import lombok.extern.slf4j.Slf4j;

@Slf4j
public class PersonResourceTest {
 
    private PersonResource personResouce;
    
    @Before
    public void setup() {
        personResouce = Guice.createInjector().getInstance(PersonResource.class);
    }
    
    @Test
    public void testGetContacts() {
        List<Contact> contacts = personResouce.getContacts("123");
        contacts.stream().forEach(c -> log.debug(c.toString()));
        
        assertEquals(3, contacts.size());
    }
}