Skip to content

Category: Programming / Coding

Apache Shiro: implementing new password hashing algorithms

As an Apache Shiro PMC member, I have occasionally contact to cryptographic functions. For example, Shiro 1.x allows hashed passwords in your shiro.ini configuration.

Now, everyone should know by now that just hashing (and salting) a password is not a good protection against brute force attacks. Even with hundreds or thousands of iterations, such a password can be prone to brute force attacks nowadays. This it is not a surprise that Lez Hazlewood (the original creator of Apache Shiro) had the idea to add an bcrypt implementation.

Use SnakeYAML in a modular jlink distribution

Whenever you pull in SnakeYAML (either directly or via Jackson), you will break your modulear builds. The reason: SnakeYAML is a named automatic module. But then, automatic modules cannot be used in jlink images.

But this can be healed. You can rescue your builds using the moditect-maven-plugin. It is a little hard to use, as the documentation is very technical. It also has few examples, and the documentation does not explain when to use which goal, and how to proceed. So, if you want to see a simple example, read on! 🙂

JAX-RS: getting helpful Json-B error messages

Json-B (not JSONB!), short for Json Binding, is a modern MicroProfile Java standard to convert json documents (json messages) to a java class and vice versa.

This standard is supported by most modern java application containers. But because of a definition gap in the Jax-RS standard, it is not as easy as initially thought to get proper and helpful error messages if an invalid JSON document is encountered in the POST request body of an endpoint. The ExceptionMapper will only work after applying a few tricks.

Spigot Plugin Development: How I got started

Developing a spigot plugin is easy, if you have used the Java programming language before. So, do you love playing Minecraft as I do? Are you a developer? There is a good chance that you are already running spigot as your server, which supports plugins using their own API. If you would like to develop your own plugin, you might get lost — there is not much in the way of good tutorials. In this article, I will try to explain the basic components of spigot, how to set up your development environment and how to get started.