Home » Tag Archives: Spring Security (page 2)

Tag Archives: Spring Security

Stateless Spring Security Part 1: Stateless CSRF protection

spring-interview-questions-answers

Today with a RESTful architecture becoming more and more standard it might be worthwhile to spend some time rethinking your current security approaches. Within this small series of blog posts we’ll explore a few relatively new ways of solving web related security issues in a Stateless way. This first entry is about protecting your website against Cross-Site Request Forgery (CSRF). ...

Read More »

Embedded Jetty and Apache CXF: secure REST services with Spring Security

spring-interview-questions-answers

Recently I run into very interesting problem which I thought would take me just a couple of minutes to solve: protecting Apache CXF (current release 3.0.1)/ JAX-RS REST services with Spring Security (current stable version 3.2.5) in the application running inside embedded Jetty container (current release 9.2). At the end, it turns out to be very easy, once you understand ...

Read More »

Stateless Session for multi-tenant application using Spring Security

spring-interview-questions-answers

Once upon a time, I published one article explaining the principle to build Stateless Session. Coincidentally, we are working on the same task again, but this time, for a multi-tenant application. This time, instead of building the authentication mechanism ourselves, we integrate our solution into Spring Security framework. This article will explain our approach and implementation. Business Requirement We need ...

Read More »

Secure REST services using Spring Security

spring-interview-questions-answers

Overview Recently, I was working on a project which uses a REST services layer to communicate with the client application (GWT application). So I have spent a lot of to time to figure out how to secure the REST services with Spring Security. This article describe the solution I found, and I have implemented. I hope that this solution will ...

Read More »

Spring Security Misconfiguration

spring-interview-questions-answers

I recently saw Mike Wienser’s SpringOne2GX talk about Application Security Pitfalls. It is very informative and worth watching if you are using Spring’s stack on servlet container. It reminded me one serious Spring Security Misconfiguration I was facing once. Going to explain it on Spring’s Guide Project called Securing a Web Application. This project uses Spring Boot, Spring Integration and ...

Read More »

Spring Security – Behind the scenes

Spring-Security-logo

Security tasks such as authentication of user and authorization of a user to view application resources are usually handled by the application server. These tasks can be delegated to Spring security flow relieving application server from handling these tasks. Spring security basically handles these tasks by implementing standard javax.servlet.Filter. For initializing Spring security into your application, you need to declare ...

Read More »

Getting Started with method security in Grails using Spring Security

grails-logo

This blog post will be about implementing method level security with security expressions in Grails using the Spring Security plugins. I assume you have some basic understanding of the Grails Spring Security Core plugin. Roles aren’t enough. When using the Spring Security Core plugin you typically start to configure which roles are required for accessing certain URLs. This configuration can ...

Read More »

Grails: Calling bean methods in Spring Security expressions

grails-logo

Some days ago while working on a Grails application I was in a situation where a wanted to call a bean method from a Spring security SPEL expression. I was using the @PreAuthorize annotation from the Spring Security ACL plugin and wanted to do something like this:               @PreAuthorize("myService.canAccessUserProfile(#profileId)") public Profile getUserProfile(long profileId) {   ... } @PreAuthorize takes ...

Read More »

Want to take your Java skills to the next level?

Grab our programming books for FREE!

Here are some of the eBooks you will get:

  • Spring Interview QnA
  • Multithreading & Concurrency QnA
  • JPA Minibook
  • JVM Troubleshooting Guide
  • Advanced Java
  • Java Interview QnA
  • Java Design Patterns