Author Archives: khiem

About khiem

I am a fan of Java ecosystem. Love reading books, and sharing.

Security checklist notes

The security checklist makes it possible for developers to learn and practice properly. Type Descriptions IDS Unrestricted File Upload like Exitf, shell script attack. References:– Owasp Unrestricted_File_Upload– 5 ways to File upload vulnerability Exploitation– Protect FileUpload Against Malicious File– Input Validation and Data Sanitization (IDS) HTTP Headers – Content-Security-Policy– X-Frame-Options– X-XSS-Protection– X-Content-Type-Options– Referrer-Policy– Feature-Policy e.g For… Read More »

What is the behavior of the annotation @Autowired with regards to field injection, constructor injection, and method injection?

The following are the types of dependency injections (DI) that could be injected into your application: Constructor-based dependency injection Setter-based dependency injection Field-based dependency injection The constructor injection pattern It is more suitable for mandatory dependencies, and it makes a strong dependency contract It provides a more compact code structure than others It supports testing… Read More »

Install JCE Unlimited Strength Jurisdiction Policy Files

1. Problem. In order to secure sensitive data such as card number, user account, email, etc..that meet PCI standard, people usually employe Advanced Encryption Standard – Symmetric Encryption Algorithms (Stalling, Cryptography and Network Security) to make the data safely. AES was designed to be efficient in both hardware and software and supports a block length… Read More »

JPA OneToMany Relationship

1. Introduction. The OneToMany relationship is the most common JPA association and foreign key is controlled by the child-side directly including unidirectional and bidirectional association. This note presents how to configure bidirectional @OneToMany association 2. Bidirectional ManyToOne / OneToMany Relationships. Assuming that: Event entity references a single instance of User entity User entity references a… Read More »

Get Client IP Address in HttpServletRequest

1. Problem. This note is to improve How to get client Ip Address in Java post to friendly display to clients and related issues. The display could be shown like a figure below: Client also want to see IP address in details as Google IP Address example: 2. Solution. In order to get a real… Read More »

JPA OneToOne Relationship

In JPA, two types of the @OneToOne relationships are bidirectional and unidirectional. In each type, we can use different mapping approaches: One-to-one association that maps a foreign key column. One-to-one association where both source and target share the same primary key values. One-to-one association from an embeddable class to another entity. 1. Bidirectional OneToOne association… Read More »

Asymmetric encryption by Java Cryptography

1. Overview In cryptography, there are two general categories of key based algorithms: Symmetric encryption algorithms: Symmetric algorithms use the same key for encryption and decryption such as the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) Asymmetric (or public key) encryption algorithms: Asymmetric algorithms use two separate keys for these two operations.… Read More »

Common parallel stream pitfalls

One of the most powerful features of the Java 8 Streams provides an easier path to parallel programming. However, in some cases, parallel stream may make programs run slower in comparison with the serial stream, including for loop to iterate over a collection. I put some common mistakes when using the Java 8 parallel stream to warn… Read More »

Creating a URL Shortener with Spring RESTful Web Service, Liquibase, and Postgresql

In this note I will create a URL shortening service using Spring Restful, Spring Boot, Liquibase, and PostgreSQL database.  In a similar way of some shortening services, such as,, and, purpose of the shortened URL may be more convenience for website and provide detailed information on clicks a link receives. 1. URL Shortener Service. The service will… Read More »