authentication | The Blog Pros

November 6, 2019

Deep Dive to OAuth2.0 and JWT (Part 4 JWT Use Case)

Up your Spring Security game!

Scenario

Assume that you are building an application for a hypothetical store chain. Each user of this application is assigned a role, and each role has a defined set of activities that it can perform (technically the API that it can access). Let say this store has the following roles and activities. (Note: this is part our in a series on JWTs security best-practices, parts one, two, and three can be found here, here, and here, respectively.)

Admin
- Can add new stores.
- Can add new users and assign roles to them (store admin and store user).
Store Manager
- Can add new products to the store.
- Can remove products from the store.
- Can update product details.
User
- Can view his/her detail.
- Can view all products.
- Can view a product using product id.
- Can get all products from a store.

Environment

We will be implementing authentication with the following tools:

November 6, 2019

Building a Java App With Gradle

Build a Java web app with Gradle!

Gradle and Maven are two major build systems in the Java universe. Build systems are used for executing intricate webs of dependencies compiling the project, as well as bundling the resource and metafiles into the final .war or .jar file.

Both Maven and Gradle systems are awesome to work with. However, I prefer Gradle for a more complicated project. In this tutorial, I’ll cover everything you ever wanted to know about building a Java application with Gradle.

November 1, 2019

Use MySQL Without a Password (And Still Be Secure)

Some say that the best password is the one you don’t have to remember. That’s possible with MySQL, thanks to the auth_socket plugin and its MariaDB version unix_socket.

Neither of these plugins is new, but while reviewing what’s new with MariaDB 10.4, I saw that the unix_socket now comes installed by default and is one of the authentication methods (one of them, because, in MariaDB 10.4, a single user can have more than one authentication plugin, as explained in the Authentication from MariaDB 10.4 document).

October 25, 2019

Use Angular to Build Your First PWA

Progressive Web Application (PWA) has been quite the buzz word for the last few years, but what exactly is it?

PWAs utilize a number of modern browser technologies to improve overall user experience. The core component of a PWA is a service worker, which is a piece of JavaScript code that runs in the background of a website intercepting and fetching all browser requests.

October 25, 2019

Authentication and Authorization: Mastering Security

Don't be this paranoid... but maybe be a little paranoid

In this edition of "Best of DZone," we dive into a topic that's forgotten all too often during software development: security. So, strap in, close the blinds, and, as our CTO likes to say, "Put on your tin foil hats," as we dive into all things authentication and authorization.

Whether it be auth basics, adding auth to your web apps, microservices, or APIs, or getting started with JSON Web Tokens (JWTs), we (meaning our amazing community of contributors) have your back to make sure your next project is completely secure, no matter the situation.

October 24, 2019

Containerize Spring Boot Apps Using Docker and Jib

We like the cut of your Jib.

We live in a world where we strive to scale automation as much as possible. Whether it’s offering cloud-based deployments, microservices, or containerization, we work to make things as efficient as possible.

Containerization bundles an application along with all of its configuration libraries, files, and dependencies to run in a bug-free automatable process across different environments and platforms. A popular ecosystem for containerizing apps is Docker.

October 16, 2019

Use OAuth 2.0 to Secure Your ASP.NET Core App

Imagine having an app where you can write and store your notes efficiently. Today, we are going to build an app that will keep track of your notes. We’ll use ASP.NET Core to build the app. We’ll also use .NET Core’s OAuth 2.0 authentication middleware to make sure the personal notes are kept secure.

My Private Notes App

As mentioned earlier, you'll use an ASP.NET app to build your note-keeping app. Here's how the app works: The home page will keep track of all your recent notes, and if you include more than three notes, the oldest will be shelved. Once we've built the app, you'll learn how to secure it with OAuth. Read this starter project from GitHub to get started.

October 15, 2019

Adding Authentication With SimpleID

I co-founded a developer toolkit company with the explicit goal of making decentralized applications easier to use. However, the tools aren’t just for decentralized applications. Traditional application developers can make use of SimpleID to add authentication and storage to their app quickly.

Let’s start with a sample project since, in most cases, developers will be adding authentication to an existing project. For this, we can use a simple to-do application I had built to compare reactn to Redux.

October 11, 2019

Learn How to Secure your ASP.NET MVC App with SSO

If you’re building custom applications owned by the same organization, there are many benefits of implementing single sign-on (SSO). You get shorter development time, increased security, and improved user experience. One of my favorite aspects of SSO is that instead of upgrading a large codebase all at once, you can do it a piece at a time.

What do I mean by that? Well, let's say you're looking to shift an app written in ASP.NET MVC 5 to ASP.NET Core MVC. You can do so by migrating each service at a time instead of rewriting the entire thing. You can then connect the two apps like they were one by enabling SSO.

October 10, 2019

Deep Dive Into OAuth2.0 and JWT (Part 2 OAuth2.0)

In the previous article, we introduced Authentication and Authorization. In this article, let us have a look at one of the most commonly used implementation, i.e. OAuth2.0.

Introduction

In the traditional client-server authentication model, the client requests protected resources on the server by authenticating with the server using the resource owner's credentials. To provide third-party applications access to restricted resources, the resource owner shares its credentials with the third party. This sharing of credential can create several problems and limitations, some of which are listed below.

October 9, 2019

Deep Dive Into OAuth2.0 and JWT (Part 1 Setting the Stage)

Right from the inception of computer-based applications to today, one of the most common, yet complex problems that almost every developer must have come across during his career is security. Which, means understanding what data/information to be presented to whom — in addition to many other aspects like time, validation, re-validation and so on.

All the concerns related to security can be broken down into two categories. Authentication and Authorization.

September 26, 2019

Learn How to Use Okta’s Authentication API with Java Servlets

Get the authentication your application needs

Building an application from the ground up can be very satisfying. It can help you learn the nitty-gritty of software development and how to overcome its everyday challenges. Today, we’ll use Java Servlets to build an app from scratch.

There are numerous ways to add authentication to your app. To build this sample app, we’ll use Okta for simple and secure user authentication.

September 24, 2019

Login With Facebook and Google Using Angular 8

In this article, we will learn the step-by-step process of allowing users to log in to an application with Facebook and Gmail using Angular 8. Login with Facebook and Google makes it safe and easy for users to use applications. When a user clicks on the Login button with Facebook or Gmail, the user is navigated to Facebook or Google to give the app permission. In response, the user receives a Token key and other personal details. We will use the angular6-social-login Angular library in the demo.

You may also like: OAuth 2 Access Token Usage Strategies for Multiple Resources (APIs): Part 1.

Prerequisites

Visual Studio.
Basic knowledge of Angular and Web API.
Visual Studio Code.
SQL Server Management Studio.

This article covers the following:

September 19, 2019

The Comodo Breach and the Dangers of Shared Accounts

Recently, security researcher Jelle Ursem discovered a concerning data breach at Comodo, a cybersecurity company responsible for endpoint detection response.

Although no customer certificate private keys were exposed, confidential sales documents, Comodo team data (including names, contact info, photos, and personal calendars), and customer contracts were available to the public.

September 12, 2019

Stay Hip With the Latest Java and Spring Boot Using JHipster 6

Stay hip with JHipster for your Java and Spring Boot apps

If you’re confused by how OAuth 2.0 and OpenID Connect (OIDC) work together, please see What the Heck is OAuth? In short, OIDC is a thin layer on top of OAuth 2.0 that adds identity.

The Java world has been very busy lately, especially with all the major Java versions releasing every six months. This honestly can be a lot to keep up with. I was using Java 8 until I was introduced to Spring Boot 2.1.

September 4, 2019

Build a Spring Boot App and Deploy Into Tomcat

Tomcat to the rescue

Deploying an application can be quite tedious because of the multiple steps that are involved. Today, I will show you how to simplify the process with Tomcat by building a web app and deploying it through the browser.

For this tutorial, we will use:

August 30, 2019

Learn How to Use PHP to Create Microservices

Software is always evolving from the programming languages and frameworks to the architectures of the apps we create. Because of the ever-changing nature of software, companies are always experimenting with ideas to improve software longevity, such as the latest update of the microservice architecture in PHP. Traditionally, web apps are created as monoliths (a single code base, running in the same process), which are generally harder to maintain, as you need to re-deploy the entire app for every change you make unlike with a microservice.

Today, we will learn how to build a microservices architecture in PHP.

August 6, 2019

Four Most Used REST API Authentication Methods

While there are as many proprietary authentication methods as there are systems that utilize them, they are largely variations of a few major approaches. In this post, I will go over the four most used in the REST APIs and microservices world.

Authentication vs. Authorization

Before I dive into this, let's define what authentication actually is, and more importantly, what it’s not. As much as authentication drives the modern internet, the topic is often conflated with a closely related term: authorization.