Tag Archives: Spring Security

“I love writing authentication and authorization code.” ~ No Java Developer Ever. Tired of building the same login screens over and over? Try the Okta API for hosted authentication, authorization, and multi-factor auth. Using unit and integration tests to verify your code quality is an excellent way to show you care about your code. I recently did a bunch of ...

“I love writing authentication and authorization code.” ~ No Java Developer Ever. Tired of building the same login screens over and over? Try the Okta API for hosted authentication, authorization, and multi-factor auth. When building a web application, authentication and authorization is a must. Doing it right, however, is not simple. Computer security is a true specialty. Legions of developers ...

This guide walks through the process to create a centralized authentication and authorization server with Spring Boot 2, a demo resource server will also be provided. If you’re not familiar with OAuth2 I recommend this read. Pre-req JDK 1.8Text editor or your favorite IDEMaven 3.0+ Implementation Overview For this project we’ll be using Spring Security 5 through Spring Boot. If you’re familiar with ...

Recently I was working in a project that used a custom PasswordEncoder and there was a requirement to migrate it to bcrypt. The current passwords are stored as hash which means it’s not possible to revert it to the original String – at least not in an easy way. The challenge here was how to support both implementations, the old ...

“I love writing authentication and authorization code.” ~ No Java Developer Ever. Tired of building the same login screens over and over? Try the Okta API for hosted authentication, authorization, and multi-factor auth. Developers know that securing web apps can be a pain. Doing it right is tough. The worst part is that “right” is a moving target. Security protocols ...

1. Overview of Spring Security Integration with Grails Spring Security touts a number of authentication, authorization, instance-based, and various other features that make it so attractive to secure applications with. With this in mind, due to Grails use of Spring’s Inversion of Control Framework and MVC setup, developers sought to use Spring Security to secure Grails. This has resulted in ...

1. Overview Today, we’ll be reviewing the differences between Expression-Based Access Control (EBAC), Role Based Access Control (RBAC), and Attribute Based Access Control (ABAC), with a deeper focus on EBAC. 2. What is Expression-Based Access Control? Simply put, Expression-Based Access Control is the use of expressions to write authorization. The phrase Expression-Based Access Control (EBAC) is currently most commonly associated ...

In this post, I’d like to share a lesson learned by one of the teams at O&B. They were using Spring Boot with Spring Security. By default, anything that is protected by Spring Security is sent to the browser with the following HTTP header: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Essentially, the response will never be cached by the browser. While ...

Up until now in our previous posts we had our endpoints and controllers secured using the default spring security configuration. When Spring Security is on the classpath, the auto-configuration secures all endpoints by default. When it comes to complex applications we need different security policies per endpoints. We need to configure which endpoints should be secured, what type of users ...