Debugging Spring REST bad request 400 codes

This happens way too often: you POST or PUT something to a Spring @RestController and Spring only tells you that there is a bad request, HTTP 400 code; no further explanations, no logs, no exceptions. Spring logs the error cause under the category "org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod" so you can enable logging for that in your log4j.properties: log4j.logger.org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod=DEBUG,stdout … Continue reading Debugging Spring REST bad request 400 codes →

Ansible local_action privilege de-escalation or: how to wait for a reboot

I increasingly use Ansible not only for glorious tasks like setting up my various VMs I use for prototyping but also for mundane things like resetting my personal laptop every time I get a new one or break it (dedicated readers of this blog will know me to do that a lot [2],[3],[4]). Most of … Continue reading Ansible local_action privilege de-escalation or: how to wait for a reboot →

Advanced web security topics

(Updated 22 May 2020) This post discusses web security issues that I come across - so far thankfully mostly by reading about them. It is a work in progress which I'll keep updating. The post title includes "advanced" because the topics discussed here involve clever, non-trivial hacks, are novel at the time of their publication … Continue reading Advanced web security topics →