spring secruity | The Blog Pros

October 8, 2021

Spring Cloud Gateway : Resource Server With Keycloak RBAC

In this article, we will be exploring how we can integrate a resource server with an API gateway that is integrated with Keycloak and that enables role-based access control (RBAC).

Introduction

In my previous article “Spring Cloud Gateway Keycloak OAuth2 OIDC Integration,” I have shown how we can integrate Keycloak with Spring Cloud Gateway. Now in this article, we will extend this further to integrate a resource server, such that a client (e.g browser) can access a resource only when he has the correct role to access the resource on the server. This is a continuation of the aforementioned article, so I recommend reading it.

May 13, 2021

How Spring Security Concurrent Session Control Works: Part 1

Introduction

Spring security provides a mechanism to control and limit the maximum number of single-user open sessions. This mechanism prevents users from exceeding the number of allowed simultaneous connections. For example, Netflix limits the number of screens you can watch at the same time according to your subscription plan.

In part 1, we will understand how this mechanism works, how to use it, and being aware of the default spring security implementation limitations. In part 2, we will see how to overcome those limitations in a clustered environment.

October 9, 2020

Use Both JWT and Opaque Access Tokens With Spring Boot

How can one validate OAuth 2.0 access tokens? This question frequently comes up — along with the topic of validating JSON Web Tokens (JWT) based access tokens— however, this is NOT part of the OAuth 2.0 specification. JWTs are used so commonly that Spring Security supported them before adding support for remotely validating tokens.

This article will introduce how to build a simple application that utilizes both types of validation.

August 11, 2020

Understanding the Need for JSON Web Token (JWT)

JWT stands for JSON Web Token
It is pronounced as JAWT
It is Open Standard — RFC7519
JWT makes it possible to communicate securely between two bodies
JWT is used for Authorization

Video

This tutorial is explained in the below Youtube Video.

April 20, 2020

Introduction to Spring Data JPA — Part 4 Bidirectional One-to-Many Relations

In this article, we will discuss the following:

Bi-directional one-to-many relation
@Join column annotation
@JsonIgnore annotation
@Transient annotation

Let's look at the same use case of User and Role.

March 25, 2020

Securing Web Apps Using PKCE With Spring Boot

Technology has a way of updating faster than security standards. OAuth 2.0 is the latest and greatest standard for modern applications, but it’s eight years old now! Its contributors are working on the next version as we speak, and in the meantime, they release “guidance” periodically to help developers use OAuth 2.0 with new technology.

Last year, the developers submitted two drafts of important pieces of guidance for OAuth 2.0. OAuth 2.0 Security Best Current Practices gives advice for securing modern apps with OAuth 2.0, and OAuth 2.0 for Browser-Based Apps focuses specifically on web app best practices.

March 20, 2020

8 Open Source Projects You Need to See!

The year 2020 has already started and with it, the huge amount of languages/frameworks/tools that we developers have to know, learn or just 'take a look at' only increases. In this short article, I try to demonstrate the 8 OpenSource projects that appear to be promising for the year. Many of these projects are already in use today (some even on a large scale), others are coming into focus just this year, either through community adoption or relevance in the current context of software development.

Frontend

React — Gatsby

Gatsby is an SSG (Static Site Generator) OpenSource based on React that aims to make development easier and more efficient. Gatsby is a framework that brings together the main features of React and several other modern tools in the same package, facilitating the creation of fast and powerful websites and web applications.

September 30, 2019

Secure Spring REST API Using OAuth2 + MySQL

Spring your security forward

Let’s secure our Spring REST API with OAuth2 and MySQL. We will store user credentials in the MySQL database, and client credentials will be stored in the in-memory database. Every client has its own unique client ID.

To secure our REST API, we will have to do the following things:

May 22, 2019

Secure Your JHipster App With Social Login

Social login and JHipster, together, offer a simple and secure option for your customer-facing app. With social login, you can support the vast majority of your users who already have an account with Facebook or Google. In this tutorial, you are going to integrate two social login providers: Google and Facebook. You are also going to use two Okta features that allow you to customize the authentication experience: hosted logins and custom authorization server domains.

Create a Spring Boot + Angular App With JHipster

JHipster is an open-source project that allows you to generate a Spring Boot and Angular application quickly and easily. It even contains support for Okta out of the box! To use JHipster, you’ll need to have Node.js 10 and Java 8 installed. Then, run the following command to install JHipster: