by ·0 Comments

Occasionally I write posts just to let me hold onto a thought process, moreso than to help someone else find a solution.  The below fits that profile – feel free to ignore, unless you’re really interested in poking around DropWizard.

Goal: wrap JSON responses with /* */.  This is to support a hacky version of CSRF.  Bleah.

Starting point: DropWizard 0.7.1, which used Jersey 1.18

Attempts:

  • JacksonMessageBodyProvider: just couldn’t get it to hook in correctly
  • Jersey ContainerResponseFilter: Hook in via DropWizard’s environment.jersey().getResourceConfig().getContainerResponseFilters().add( … do guice injection here ).  No ready way to rewrite response.  Can append headers.  Could apparently adjust request information going in.  But not JSON formatted result coming out
  • Servlet Filter: can append /* foo */ (haven’t yet grabbed JSON), but that’s added to { “foo”: “bar”, “bar”: “foo”}/* foo */, rather than wrapping.  Did have to turn off gzip in DropWizard, else the stream was already closed.  (Couldn’t figure out a way to inject my filter in ahead of the Gzip actions…)  In this case, though, httpResponse.resetBuffer() doesn’t succeed, as the stream is already committed.

Final solution: use WriteInterceptor: https://jersey.java.net/documentation/latest/filters-and-interceptors.html#d0e9712 – but those exist in Jersey 2, which isn’t supported until DropWizard 0.8.0…   Note: Jersey 2 changes its dependency injection approach to use HK2 instead of its previous own approach, which meant that my nifty wiring in of Spring security had to be redone / reworked.

Outcome: Whoever decided to protect from JSON execution through wrapping the JSON with comment blocks, you threw me a number of curve balls.  But I did in fact prevail, and now have an interceptor which wraps my responses appropriately, _if_ there’s not a certain flag and the user making the request isn’t a privileged user.  Ugh.  All nicely unit-tested, using Mockito to let me cover the conditions for the request, etc.  This is code I need to hang onto….

 

by ·0 Comments

Accomplishment for the night: a WordPress update from 3.5.1 to 4.1.1.  In most systems, that’s a well-planned out affair.  The combination of a ‘what the heck’ attitude this evening by me, and a push-button upgrade by WordPress means that I made a major upgrade with nothing more than an XML export without suffering any (at least thusfar noticed) undue effects.   Well done, WordPress!   No login to my hosting environment to rescue my database, no even import from the afore-mentioned XML export.  My theme came over successfully, even though I’ve hacked it up…  Again, well done!  May my development efforts handle software upgrades as successfully as you have!

by ·0 Comments

TDD to the rescue. Stupid error of the day debugged, after a bit of head scratching…

Three things go into a collection, but only two come out and hit the final log file. I can see them go in, so the comparison logic itself is working just fine…

Just running through the debugger wouldn’t have made me notice. It took figuring out why my Mockito verify set wasn’t satisfied. Aha! Poor choice of map key. Issue resolved. But it still took me 1/2 an hour of poking through. The insertion was happening as part of a Consumer action for an Iterable.forEach, which was a new construct for me. Because it was new, I of course assumed I didn’t “get” how it worked. Nuh-uh – that part worked just fine.  Once I actually paid attention to where I was stashing my info, I realized when putting in a second item for key ‘foo’, the first item disappears, if you’re stashing in a Map.  Just a ‘doh!’ moment.  But certain I wouldn’t have noticed it for quite a while if I hadn’t written out those verify() invocation checks.

by ·0 Comments

A business blog recently described a list of interview questions HR might ask you to try to get inside your head.  Some of them I’ve actually used on interviews with candidates.  I’m not an HR person, but hey, seeing if someone can describe the technical projects they’re most proud of helps me to see that they take pride in their work, as well as what they consider to be something worth bragging about.

The question I’d never asked anything near is what someone would do if they won $5 million dollars.  I’m certain: I’d be done working for anyone in particular.  I’d keep doing technical work, but I’d only do that which particularly interested me.  That’s not a very reasonable scenario for working for someone else…  there is this thing about keeping the customers happy and paying the bills that is worthy and valuable. But without the need of an ongoing paycheck, I could definitely see geeking out on open source projects, working as a technical contributor for a non-profit, etc…

I’d actually be interested were someone to ask me the $5 mil question…  their response to _my_ response would help me understand how big they think their impact on my life ought to be overall…    So, a highly useful question if it helps us each winnow the other out.

by ·0 Comments

Apparently I’ve been inadvertently running a password cracker library while trying to test out building my VirtualBox image. Couldn’t figure out why I was getting files with extensions of .hwm, .pwd, and .pwi, rather than getting some sort of console output when I ran ‘packer build packer.json’ Now I know . And I hope that the new alias added for packer in my .bashrc helps me explain, if and when the security team visits.