Content-Security-Policy is important for web security. Yet, it’s not mainstream yet, it’s syntax is hard, it’s rather prohibitive and tools rarely have flexible support for it. While Spring Security does have a built-in Content Security Policy (CSP) configuration, it allows you to specify the policy a a string, not build it dynamically. And in some cases you need more than that. ...
Read More »Home »
Spring Method Security with PreAuthorize
Friends don’t let friends write user auth. Tired of managing your own users? Try Okta’s API and Java SDKs today. Authenticate, manage, and secure users in any application within minutes. This tutorial will explore two ways to configure authentication and authorization in Spring Boot using Spring Security. One method is to create a WebSecurityConfigurerAdapter and use the fluent API to override the ...
Read More »Simple Authentication with Spring Security
Friends don’t let friends write user auth. Tired of managing your own users? Try Okta’s API and Java SDKs today. Authenticate, manage, and secure users in any application within minutes. Authentication is vital to all but the most basic web applications. Who is making the request, wanting data, or wanting to update or delete data? Can you be sure that ...
Read More »Upgrading Spring Security OAuth and JUnit Tests through the 👀 of a Java Hipster
“I love writing authentication and authorization code.” ~ No Java Developer Ever. Tired of building the same login screens over and over? Try the Okta API for hosted authentication, authorization, and multi-factor auth. Using unit and integration tests to verify your code quality is an excellent way to show you care about your code. I recently did a bunch of ...
Read More »A Quick Guide to OAuth 2.0 with Spring Security
“I love writing authentication and authorization code.” ~ No Java Developer Ever. Tired of building the same login screens over and over? Try the Okta API for hosted authentication, authorization, and multi-factor auth. When building a web application, authentication and authorization is a must. Doing it right, however, is not simple. Computer security is a true specialty. Legions of developers ...
Read More »Centralized Authorization with OAuth2 & JWT using Spring Boot 2
This guide walks through the process to create a centralized authentication and authorization server with Spring Boot 2, a demo resource server will also be provided. If you’re not familiar with OAuth2 I recommend this read. Pre-req JDK 1.8Text editor or your favorite IDEMaven 3.0+ Implementation Overview For this project we’ll be using Spring Security 5 through Spring Boot. If you’re familiar with ...
Read More »Password Encoder Migration with Spring Security 5
Recently I was working in a project that used a custom PasswordEncoder and there was a requirement to migrate it to bcrypt. The current passwords are stored as hash which means it’s not possible to revert it to the original String – at least not in an easy way. The challenge here was how to support both implementations, the old ...
Read More »Build a Web App with Spring Boot and Spring Security in 15 Minutes
“I love writing authentication and authorization code.” ~ No Java Developer Ever. Tired of building the same login screens over and over? Try the Okta API for hosted authentication, authorization, and multi-factor auth. Developers know that securing web apps can be a pain. Doing it right is tough. The worst part is that “right” is a moving target. Security protocols ...
Read More »Grails with Spring Security
1. Overview of Spring Security Integration with Grails Spring Security touts a number of authentication, authorization, instance-based, and various other features that make it so attractive to secure applications with. With this in mind, due to Grails use of Spring’s Inversion of Control Framework and MVC setup, developers sought to use Spring Security to secure Grails. This has resulted in ...
Read More »