Home » Tag Archives: Security (page 11)

Tag Archives: Security

Spring Security – Two Security Realms in one Application

spring-security-logo

This blog post is mainly about Spring Security configuration. More specifically it is intending to show how to configure two different security realms in one web application. First security realm is intended for the browser clients. It enables us to log in with in the login page and access protected resources. Second security realm is intended for the REST web ...

Read More »

GlassFish JDBC Security with Salted Passwords on MySQL

oracle-glassfish-logo

One of the most successful posts on this blog is my post about setting up a JDBC Security Realm with form based authentication on GlassFish. Some comments on this post made me realize that there is more to do to actually make this secure as it should be. Security out of the box Picture: TheKenChan (CC BY-NC 2.0) GlassFish comes with a ...

Read More »

Hash Length Extension Attacks

java-logo

In this post I will try to leave the summer slump behind and focus on more interesting things than complaining about the weather – hash length extension attacks. Hash length extension attacks are nothing complicated or high sophisticated, to be honest it is just about how to use hash functions. As discussed in one of my former posts there are ...

Read More »

Database Abstraction and SQL Injection

software-development-2-logo

I have subscribed to various user groups of jOOQ’s competing database abstraction tools. One of which is ActiveJDBC, a Java implementation of Active Record design pattern. Its maintainer Igor Polevoy recently claimed that: SQL injection is a web application problem, and not directly related to an ORM. ActiveJDBC will process any SQL that is passed to it. (See the discussion ...

Read More »

Extending JMeter with a WS-Trust/STS sampler

apache-jmeter-logo

JMeter does not have any inbuilt support for WS-Security or WS-Trust and that made me develop this STS Sampler for JMeter – which could make anyone’s life better while load testing an STS. First you need to have the Apache JMeter distribution. I am using v2.7. Then you can download sts.sampler.zip from here – unzip it and copy the “repo” ...

Read More »

Implementing SAML to XACML

oasis-saml-logo

Before Implementing SAML This is how a XACML request will looks like when it is arriving at PDP(Policy Decision Point) to be evaluated. <Request xmlns='urn:oasis:names:tc:xacml:2.0:context:schema:os'> <Subject> <Attribute AttributeId='urn:oasis:names:tc:xacml:1.0:subject:subject-id' DataType='http://www.w3.org/2001/XMLSchema#string'> <AttributeValue>admin</AttributeValue> </Attribute> </Subject> <Resource> <Attribute AttributeId='urn:oasis:names:tc:xacml:1.0:resource:resource-id' DataType='http://www.w3.org/2001/XMLSchema#string'> <AttributeValue>http://localhost:8280/services/echo/echoString</AttributeValue> </Attribute> </Resource> <Action> <Attribute AttributeId='urn:oasis:names:tc:xacml:1.0:action:action-id' DataType='http://www.w3.org/2001/XMLSchema#string'><AttributeValue>read</AttributeValue> </Attribute> </Action> <Environment/> </Request> Basically it states who is(Subject) wanting to access which resource and what action ...

Read More »

OAuth 2.0 Webapp Flow Overview

oauth-logo

In my last few blogs I’ve been talking about accessing Software as a Service (SaaS) providers such as Facebook and Twitter using Spring Social. Some of you may have noticed that my sample code may have been a bit thin on the ground as I’ve being trying to describe what’s going on in the background and what Spring Social is ...

Read More »

Anti cross-site scripting (XSS) filter for Java web apps

java-interview-questions-answers

Here is a good and simple anti cross-site scripting (XSS) filter written for Java web applications. What it basically does is remove all suspicious strings from request parameters before returning them to the application. It’s an improvement over my previous post on the topic. You should configure it as the first filter in your chain (web.xml) and it’s generally a ...

Read More »

JBoss AS 7: Custom Login Modules

jboss-logo

JBoss AS 7 is neat but the documentation is still quite lacking (and error messages not as useful as they could be). This post summarizes how you can create your own JavaEE-compliant login module for authenticating users of your webapp deployed on JBoss AS. A working elementary username-password module provided. Why to use Java EE standard authentication? Java EE security ...

Read More »

Servlet Basic Auth in an OSGi environment

osgi-alliance-logo

You will first need to get a reference to the OSGI HTTP Service. You can do this through a declarative service. This post will concentrate on steps after getting a reference to the HTTP Service. Note: The complete class for this post is located here When registering a servlet through the OSGI HTTP Service, it provides you with an option ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close