Is that you who attacks my system? Watch my presentations!

We need more knowledge sharing on security topics - that's for sure. We, as developers, need to know what threats await for us in the open Internet where our system exposes Login APIs. I don't mean here general threats from OWASP. I mean specific attacks with detailed analysis and guides. You don't often find this … Continue reading Is that you who attacks my system? Watch my presentations! →

Spring: Securing REST API with BasicAuth

The simpliest, yet effective way to secure Spring REST API is to use Basic Auth. I'm going to show how to do it with Spring Security. Note Basic Auth is stateless (no need to manage sessions) and simple to implement. However it should be used with https only if outside of a trusted network. Also … Continue reading Spring: Securing REST API with BasicAuth →

Spring Boot Security: Custom AuditEvent listener configuration

Security best practices requires all Authentication related events to be logged in defined format and sometimes event should be handled in special way. Spring security has its own Security Event log implementation and default repository (in memory repository) If you need to provide your own implementation you need to add custom configuration class. The class … Continue reading Spring Boot Security: Custom AuditEvent listener configuration →

SSL Certificate with Subject Alternate Names

This post is a continuation of Creating HTTPS SSL Self Signed certificate. SSL Certificates are created for one particular 'cn'. This can be your domain name (www.example.com). Certificate Validation Exception may occur when you try to access your host another way (for example using IP address instead of domain name or accessing it from localhost). … Continue reading SSL Certificate with Subject Alternate Names →

Spring Boot: SSL/HTTPS for embedded Tomcat

If your Spring Boot app is running on embedded Tomcat, you need to use the TomcatConnectionCustomizer class to set up the HTTPS in Tomcat. Get the source code Source Code for this tutorial is available on my github under the SpringBootHttps tag: https://github.com/yacekmm/looksok/tree/SpringBootHttps 1. Prepare keystore and certificate First you need to have your certificate. If you … Continue reading Spring Boot: SSL/HTTPS for embedded Tomcat →

Spring Security: Securing your MVC app with basic login and password authentication

In most cases when you create a web application you need to restrict it to certain groups of users with login and password, manage their roles and sessions. Spring Security helps to develop secured apps supporting all of the AAA aspects: authentication, authorization and accounting. This post will teach you basics about the login & … Continue reading Spring Security: Securing your MVC app with basic login and password authentication →

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: