Security
-
Software Development
Database Abstraction and SQL Injection
I have subscribed to various user groups of jOOQ’s competing database abstraction tools. One of which is ActiveJDBC, a Java…
Read More » -
Enterprise Java
Extending JMeter with a WS-Trust/STS sampler
JMeter does not have any inbuilt support for WS-Security or WS-Trust and that made me develop this STS Sampler for…
Read More » -
Software Development
Implementing SAML to XACML
Before Implementing SAML This is how a XACML request will looks like when it is arriving at PDP(Policy Decision Point)…
Read More » -
Software Development
OAuth 2.0 Webapp Flow Overview
In my last few blogs I’ve been talking about accessing Software as a Service (SaaS) providers such as Facebook and…
Read More » -
Enterprise Java
Anti cross-site scripting (XSS) filter for Java web apps
Here is a good and simple anti cross-site scripting (XSS) filter written for Java web applications. What it basically does…
Read More » -
Enterprise Java
JBoss AS 7: Custom Login Modules
JBoss AS 7 is neat but the documentation is still quite lacking (and error messages not as useful as they…
Read More » -
Enterprise Java
Servlet Basic Auth in an OSGi environment
You will first need to get a reference to the OSGI HTTP Service. You can do this through a declarative…
Read More » -
Enterprise Java
Preventing CSRF in Java web apps
Cross-site request forgery attacks (CSRF) are very common in web applications and can cause significant harm if allowed. If you…
Read More » -
Enterprise Java
Google Services Authentication in App Engine, Part 2
In the first part of the tutorial I described how to use OAuth for access/authentication for Google’s API services. Unfortunately, as…
Read More »