Home » Tag Archives: Security (page 11)

Tag Archives: Security

WSO2 Identity Server: Identity Management platform

oasis-saml-logo

WSO2 Identity Server provides a flexible, extensible and robust platform for Identity Management. This blog post looks inside WSO2 Identity Server to identify different plug points available for Authentication, Authorization and Provisioning. WSO2 Identity Server supports following standards/frameworks for authentication, authorization and provisioning. 1. SOAP based authentication API 2. Authenticators 3. OpenID 2.0 for decentralized Single Sign On 4. SAML2 ...

Read More »

Spring security 3 Ajax login – accessing protected resources

spring-interview-questions-answers

I have seen some blogs about Spring Security 3 Ajax login, however I could not find any that tackles how to invoke Ajax based login, where a protected resource is being accessed in Ajax by an anonymous user. The problem – The web application enables anonymous access to certain parts and certain parts are protected resources which require the user ...

Read More »

Spring Security – Two Security Realms in one Application

spring-security-logo

This blog post is mainly about Spring Security configuration. More specifically it is intending to show how to configure two different security realms in one web application. First security realm is intended for the browser clients. It enables us to log in with in the login page and access protected resources. Second security realm is intended for the REST web ...

Read More »

GlassFish JDBC Security with Salted Passwords on MySQL

oracle-glassfish-logo

One of the most successful posts on this blog is my post about setting up a JDBC Security Realm with form based authentication on GlassFish. Some comments on this post made me realize that there is more to do to actually make this secure as it should be. Security out of the box Picture: TheKenChan (CC BY-NC 2.0) GlassFish comes with a ...

Read More »

Hash Length Extension Attacks

java-logo

In this post I will try to leave the summer slump behind and focus on more interesting things than complaining about the weather – hash length extension attacks. Hash length extension attacks are nothing complicated or high sophisticated, to be honest it is just about how to use hash functions. As discussed in one of my former posts there are ...

Read More »

Database Abstraction and SQL Injection

software-development-2-logo

I have subscribed to various user groups of jOOQ’s competing database abstraction tools. One of which is ActiveJDBC, a Java implementation of Active Record design pattern. Its maintainer Igor Polevoy recently claimed that: SQL injection is a web application problem, and not directly related to an ORM. ActiveJDBC will process any SQL that is passed to it. (See the discussion ...

Read More »

Extending JMeter with a WS-Trust/STS sampler

apache-jmeter-logo

JMeter does not have any inbuilt support for WS-Security or WS-Trust and that made me develop this STS Sampler for JMeter – which could make anyone’s life better while load testing an STS. First you need to have the Apache JMeter distribution. I am using v2.7. Then you can download sts.sampler.zip from here – unzip it and copy the “repo” ...

Read More »

Implementing SAML to XACML

oasis-saml-logo

Before Implementing SAML This is how a XACML request will looks like when it is arriving at PDP(Policy Decision Point) to be evaluated. <Request xmlns='urn:oasis:names:tc:xacml:2.0:context:schema:os'> <Subject> <Attribute AttributeId='urn:oasis:names:tc:xacml:1.0:subject:subject-id' DataType='http://www.w3.org/2001/XMLSchema#string'> <AttributeValue>admin</AttributeValue> </Attribute> </Subject> <Resource> <Attribute AttributeId='urn:oasis:names:tc:xacml:1.0:resource:resource-id' DataType='http://www.w3.org/2001/XMLSchema#string'> <AttributeValue>http://localhost:8280/services/echo/echoString</AttributeValue> </Attribute> </Resource> <Action> <Attribute AttributeId='urn:oasis:names:tc:xacml:1.0:action:action-id' DataType='http://www.w3.org/2001/XMLSchema#string'><AttributeValue>read</AttributeValue> </Attribute> </Action> <Environment/> </Request> Basically it states who is(Subject) wanting to access which resource and what action ...

Read More »

OAuth 2.0 Webapp Flow Overview

oauth-logo

In my last few blogs I’ve been talking about accessing Software as a Service (SaaS) providers such as Facebook and Twitter using Spring Social. Some of you may have noticed that my sample code may have been a bit thin on the ground as I’ve being trying to describe what’s going on in the background and what Spring Social is ...

Read More »

Anti cross-site scripting (XSS) filter for Java web apps

java-interview-questions-answers

Here is a good and simple anti cross-site scripting (XSS) filter written for Java web applications. What it basically does is remove all suspicious strings from request parameters before returning them to the application. It’s an improvement over my previous post on the topic. You should configure it as the first filter in your chain (web.xml) and it’s generally a ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close