Home » Tag Archives: Security (page 12)

Tag Archives: Security

Implementing SAML to XACML

oasis-saml-logo

Before Implementing SAML This is how a XACML request will looks like when it is arriving at PDP(Policy Decision Point) to be evaluated. <Request xmlns='urn:oasis:names:tc:xacml:2.0:context:schema:os'> <Subject> <Attribute AttributeId='urn:oasis:names:tc:xacml:1.0:subject:subject-id' DataType='http://www.w3.org/2001/XMLSchema#string'> <AttributeValue>admin</AttributeValue> </Attribute> </Subject> <Resource> <Attribute AttributeId='urn:oasis:names:tc:xacml:1.0:resource:resource-id' DataType='http://www.w3.org/2001/XMLSchema#string'> <AttributeValue>http://localhost:8280/services/echo/echoString</AttributeValue> </Attribute> </Resource> <Action> <Attribute AttributeId='urn:oasis:names:tc:xacml:1.0:action:action-id' DataType='http://www.w3.org/2001/XMLSchema#string'><AttributeValue>read</AttributeValue> </Attribute> </Action> <Environment/> </Request> Basically it states who is(Subject) wanting to access which resource and what action ...

Read More »

OAuth 2.0 Webapp Flow Overview

oauth-logo

In my last few blogs I’ve been talking about accessing Software as a Service (SaaS) providers such as Facebook and Twitter using Spring Social. Some of you may have noticed that my sample code may have been a bit thin on the ground as I’ve being trying to describe what’s going on in the background and what Spring Social is ...

Read More »

Anti cross-site scripting (XSS) filter for Java web apps

java-interview-questions-answers

Here is a good and simple anti cross-site scripting (XSS) filter written for Java web applications. What it basically does is remove all suspicious strings from request parameters before returning them to the application. It’s an improvement over my previous post on the topic. You should configure it as the first filter in your chain (web.xml) and it’s generally a ...

Read More »

JBoss AS 7: Custom Login Modules

jboss-logo

JBoss AS 7 is neat but the documentation is still quite lacking (and error messages not as useful as they could be). This post summarizes how you can create your own JavaEE-compliant login module for authenticating users of your webapp deployed on JBoss AS. A working elementary username-password module provided. Why to use Java EE standard authentication? Java EE security ...

Read More »

Servlet Basic Auth in an OSGi environment

osgi-alliance-logo

You will first need to get a reference to the OSGI HTTP Service. You can do this through a declarative service. This post will concentrate on steps after getting a reference to the HTTP Service. Note: The complete class for this post is located here When registering a servlet through the OSGI HTTP Service, it provides you with an option ...

Read More »

Preventing CSRF in Java web apps

owasp-logo

Cross-site request forgery attacks (CSRF) are very common in web applications and can cause significant harm if allowed. If you have never heard of CSRF I recommend you check out OWASPs page about it. Luckily preventing CSRF attacks is quite simple, I’ll try to show you how they work and how we can defend from them in the least obtrusive ...

Read More »

Google Services Authentication in App Engine, Part 2

google-aps-logo

In the first part of the tutorial I described how to use OAuth for access/authentication for Google’s API services. Unfortunately, as I discovered a bit later, the approach I used was OAuth 1.0, which has apparently now been officially deprecated by Google in favor of version 2.0 of OAuth. Obviously, I was a bit bummed to discovered this, and promised I ...

Read More »

Google Services Authentication in App Engine, Part 1

google-aps-logo

This post will illustrate how to build a simple Google App Engine (GAE) Java application that authenticates against Google as well as leverages Google’s OAuth for authorizing access to Google’s API services such as Google Docs. In addition, building on some of the examples already provided by Google, it will also illustrate how to persist data using the App Engine ...

Read More »

Where do Security Requirements come from?

software-development-2-logo

One of the problems in building a secure application is that it’s not always clear what the security requirements are and where they are supposed to come from. Are security requirements supposed to come from the customer? Are they specified in the regulatory and compliance environment? Or are they implicit in the type of application that you are building – ...

Read More »

Key Exchange Patterns with Web Services Security

software-development-2-logo

When we have message level security with web services – how we achieve integrity and confidentiality is through keys. Keys are used to sign and encrypt messages been passed from the rqeuestor to the recipient or form the client to the service and vise versa. During this blog post, we’ll be discussing different key exchange patterns and their related use ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close