Tag Archives: Spring Security

1. Overview of Spring Security Integration with Grails Spring Security touts a number of authentication, authorization, instance-based, and various other features that make it so attractive to secure applications with. With this in mind, due to Grails use of Spring’s Inversion of Control Framework and MVC setup, developers sought to use Spring Security to secure Grails. This has resulted in ...

1. Overview Today, we’ll be reviewing the differences between Expression-Based Access Control (EBAC), Role Based Access Control (RBAC), and Attribute Based Access Control (ABAC), with a deeper focus on EBAC. 2. What is Expression-Based Access Control? Simply put, Expression-Based Access Control is the use of expressions to write authorization. The phrase Expression-Based Access Control (EBAC) is currently most commonly associated ...

In this post, I’d like to share a lesson learned by one of the teams at O&B. They were using Spring Boot with Spring Security. By default, anything that is protected by Spring Security is sent to the browser with the following HTTP header: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Essentially, the response will never be cached by the browser. While ...

Up until now in our previous posts we had our endpoints and controllers secured using the default spring security configuration. When Spring Security is on the classpath, the auto-configuration secures all endpoints by default. When it comes to complex applications we need different security policies per endpoints. We need to configure which endpoints should be secured, what type of users ...

A colleague of mine pointed me to an interesting question on StackOverflow and suggested it may be a good one for me to answer because of my experience with Spring. The question was, “How to authorize specific resources based on users who created those in REST, using annotations.” The gist of it is this: What I’m trying to do is ...

On a previous post we used the user details service in order to provide a way to load our data from a function based on a username given. The implementation of the user details might be backed by an in-memory mechanism, a sql/no-sql database etc. The options are unlimited. What we have to pay attention when it comes to password ...

“I love writing authentication and authorization code.” ~ No Java Developer Ever. Tired of building the same login screens over and over? Try the Okta API for hosted authentication, authorization, and multi-factor auth. Every developer wants to build faster and more efficiently, to support scale. Building a microservices architecture with Spring can add resilience and elasticity to your architecture that ...

As we have seen on a previous post the username and password for our spring application was configured through environmental variables. This is ok for prototype purposes however in real life scenarios we have to provide another way to make the users eligible to login to the application. To do so we use the UserDetailsService Interface. The user details service ...

Spring security is a great framework saving lots of time and effort from the developers. Also It is flexible enough to customize and bring it down to your needs. As spring evolves spring security involves too making it easier and more bootstrapping to setup up security in you project. Spring Boot 2.0 is out there and we will take advantage ...