Dear Vishi, my logs for today
Quickly moving around in the terminal is essential for productivity. While Ctrl+A
(start of line) and Ctrl+E
(end of line) are great for editing commands, scrolling through output is different.
Most terminal emulators (like iTerm, GNOME Terminal, or Windows Terminal) allow you to scroll through the output buffer using Shift+PageUp
and Shift+PageDown
or your mouse's scroll wheel. To jump directly to the top or bottom, you can pipe the output of a command to a pager like less
:
# Pipe a long command's output to less
ls -lR / | less
# In less, you can:
# - Press 'G' to go to the end (bottom).
# - Press 'g' to go to the start (top).
# - Use arrow keys or j/k to scroll.
# - Press 'q' to quit.
When a file you're editing in Vim is changed by an external process (like a git pull
), you need to reload it.
:e
- Reload if no local changes were made. Vim will load the external changes.:e!
- Force reload and discard local changes. This command reloads the file from disk, overwriting any changes you've made in the buffer.OAuth2 is an authorization framework, not an authentication protocol. It provides standardized flows for applications to gain secure, limited access to user resources without exposing their credentials. Identity Providers like Okta, Auth0, or Entra ID (Azure AD) implement these flows.
/authorize
and /token
OAuth2 separates the process of getting user consent from the process of obtaining an access token. This separation is a key security principle and is handled by two main endpoints:
Why the separation? To keep sensitive tokens out of the browser. The access token is a powerful credential. By exchanging the code on the backend, the token is never exposed to the user's machine, preventing its theft through browser history or malicious scripts.
This is the most common and secure grant type, ideal for traditional web and mobile applications that have a backend server.
Flow:
/authorize
endpoint.client_id
, and client_secret
to the /token
endpoint.Real-World Examples:
This grant is for machine-to-machine (M2M) communication where there is no user interaction.
Flow:
/token
endpoint, sending its client_id
and client_secret
.Key Characteristics:
/authorize
endpoint is used.Real-World Examples:
PKCE (Proof Key for Code Exchange) is not a separate grant type but an extension that makes the Authorization Code flow more secure for clients that can't protect a secret, like Single-Page Applications (SPAs) and native mobile apps.
It mitigates an "authorization code interception" attack. In this attack, a malicious app on a user's device could intercept the authorization code and exchange it for an access token.
How PKCE Helps:
code_verifier
and a transformed version of it called the code_challenge
.code_challenge
to the /authorize
endpoint./token
endpoint, it also sends the original code_verifier
.verifier
and checks if it matches the challenge
sent earlier. If they match, the token is issued.This ensures that only the application that initiated the request can complete it.
Reference: Microsoft OAuth2 Documentation
In Spring MVC, an IllegalStateException: Ambiguous mapping
error occurs when two or more controller methods are mapped to the same URL pattern and HTTP method, and Spring cannot decide which one to invoke for an incoming request.
Consider this controller:
@RestController
class MyController {
// Maps to POST /123
@PostMapping("/{id}")
public String handlePostWithId(@PathVariable String id) {
// ...
}
// Also maps to POST /123, causing ambiguity!
@PostMapping("/{id}")
public String handlePostWithIdAndParam(@PathVariable String id, @RequestParam("test") String bar) {
// ...
}
}
Both methods map to POST
requests for paths like /some-id
. To resolve this, you need to make the mappings more specific. A common technique is to differentiate based on the presence of a request parameter using the params
attribute.
params
By adding params = "test"
, you tell Spring that the second method should only be invoked if the request URL contains the test
parameter.
@RestController
class MyController {
// Handles POST /123 (without a "test" param)
@PostMapping("/{id}")
public String handlePostWithId(@PathVariable String id) {
// ...
}
// Handles POST /123?test=someValue
@PostMapping(value = "/{id}", params = "test")
public String handlePostWithIdAndParam(@PathVariable String id, @RequestParam("test") String bar) {
// ...
}
}
Now the mappings are unique, and Spring can correctly route requests.
I know | Jo se |
I know it | Lo se |
do you know? | sabes? |
I want to know ? | Queiro saber |
she know its | ella lo sabe |