Home » Tag Archives: Spring Security

Tag Archives: Spring Security

A Simple Web App with Spring Boot, Spring Security and Stormpath – in 15 Minutes

spring-interview-questions-answers

Building Identity Management, including authentication and authorization? Try Stormpath! Our REST API and robust Java SDK support can eliminate your security risk and can be implemented in minutes. Sign up, and never build auth again! UPDATE: We recently released a revision to our Stormpath Spring Security integration. You no longer have to inherit from a special Stormpath security configurer adapter. ...

Read More »

Validating JWT with Spring Boot and Spring Security

spring-interview-questions-answers

For my current project I will have a REST API set up with Spring Boot (most likely running with BoxFuse). To be able to use the API endpoint the application will check that the incoming request has a valid JWT token provided earlier (by an API service that I trust). To implement this functionality I want to make use of ...

Read More »

Stateless Spring Security Part 3: JWT + Social Authentication

spring-security-logo

This third and final part in my Stateless Spring Security series is about mixing previous post about JWT token based authentication with spring-social-security. This post directly builds upon it and focusses mostly on the changed parts. The idea is to substitude the username/password based login with “Login with Facebook” functionality based on OAuth 2, but still use the same token based authentication ...

Read More »

Stateless Spring Security Part 2: Stateless Authentication

spring-interview-questions-answers

This second part of the Stateless Spring Security series is about exploring means of authentication in a stateless way. If you missed the first part about CSRF you can find it here. So when talking about Authentication, its all about having the client identify itself to the server in a verifiable manner. Typically this start with the server providing the client with a ...

Read More »

Stateless Spring Security Part 1: Stateless CSRF protection

spring-interview-questions-answers

Today with a RESTful architecture becoming more and more standard it might be worthwhile to spend some time rethinking your current security approaches. Within this small series of blog posts we’ll explore a few relatively new ways of solving web related security issues in a Stateless way. This first entry is about protecting your website against Cross-Site Request Forgery (CSRF). ...

Read More »

Embedded Jetty and Apache CXF: secure REST services with Spring Security

spring-interview-questions-answers

Recently I run into very interesting problem which I thought would take me just a couple of minutes to solve: protecting Apache CXF (current release 3.0.1)/ JAX-RS REST services with Spring Security (current stable version 3.2.5) in the application running inside embedded Jetty container (current release 9.2). At the end, it turns out to be very easy, once you understand ...

Read More »

Stateless Session for multi-tenant application using Spring Security

spring-interview-questions-answers

Once upon a time, I published one article explaining the principle to build Stateless Session. Coincidentally, we are working on the same task again, but this time, for a multi-tenant application. This time, instead of building the authentication mechanism ourselves, we integrate our solution into Spring Security framework. This article will explain our approach and implementation. Business Requirement We need ...

Read More »

Secure REST services using Spring Security

spring-interview-questions-answers

Overview Recently, I was working on a project which uses a REST services layer to communicate with the client application (GWT application). So I have spent a lot of to time to figure out how to secure the REST services with Spring Security. This article describe the solution I found, and I have implemented. I hope that this solution will ...

Read More »

Spring Security Misconfiguration

spring-interview-questions-answers

I recently saw Mike Wienser’s SpringOne2GX talk about Application Security Pitfalls. It is very informative and worth watching if you are using Spring’s stack on servlet container. It reminded me one serious Spring Security Misconfiguration I was facing once. Going to explain it on Spring’s Guide Project called Securing a Web Application. This project uses Spring Boot, Spring Integration and ...

Read More »

Want to take your Java skills to the next level?

Grab our programming books for FREE!

Here are some of the eBooks you will get:

  • Advanced Java Guide
  • Java Design Patterns
  • JMeter Tutorial
  • Java 8 Features Tutorial
  • JUnit Tutorial
  • JSF Programming Cookbook
  • Java Concurrency Essentials