spring security | The Blog Pros

June 12, 2019

This Week in Spring: NoHTTP, Organizational Consistency, Kotlin Microservices

Hi, Spring fans! Can you believe it? We’re already almost halfway through June! Summer’s nearly here! It’s 97 degrees Fahrenheit/37 degrees Celsius in San Francisco! That’s nuts! I’m glad I’m in the beautiful Amsterdam and Eindhoven, NL, beating the heat, though. What a privilege. We’ve got a busy week, as always, so let’s get to it!

The Spring team has undertaken a massive effort to eliminate insecure HTTP URLs in favor of HTTPS. Learn how we did it (and you could, too) in this blog: Announcing nohttp.
A Bootiful Podcast: Spring Cloud lead Spencer Gibb talks on Microservices, Brazil, and more
In last week’s installment of Spring Tips: Organizational Consistency in your Spring Boot Applications, I introduced things you can do to achieve consistency in your applications including auto-configuration, building starter-dependencies, the Spring JavaFormat Maven plugin, and more.
React-ing to start.spring.io User feedback updates — click here to learn more.
Kotlin Microservice With Spring Boot Tutorial. Be sure to check it out!
I also dig this article on how to bootstrap a Spring Boot application with Maven.
An oldie-but-a-goodie: Spring Boot: A Work of Art.
This is sort of awesome. Remember ZK? You can use with Spring Boot! Learn how in this “Using ZK With Spring Boot.”
I love this nice post on how the Alibaba team lwered latency for Apache RocketMQ. Also of note: there’s a super-slick integration for Apache RocketMQ in Spring Cloud Alibaba. Check it out!
Do not miss this replay of Olga Maciaszek and Marcin Grzejszczak’s Spring I/O talk, How to live in a post Spring Cloud Netflix world

June 5, 2019

Device Authentication: Notify User of Login From New Device or Location

Spring Security is the framework most used framework along with Spring MVC for authentication and authorization purposes. It provides ways to create an authentication manager for authenticating different providers like OpenId, LDAP, database, etc.

In this tutorial, we are going to learn how to manage security: Whenever a user logs in from a new device or new location, we need to send an email to the user. For this, we need to get the location of the user and the device used to authenticate.

April 25, 2019

This Week in Spring: Releases, Podcasts, Cloud, and Spring Security

Hi, Spring fans, and welcome to another installment of This Week in Spring! This week, I’m in sunny California, then it’s off to Istanbul, Turkey, for the epic SpringOne Tour event. Then, I'm off again to Chicago, Illinois, for the better-and-better GOTO Chicago show. I hope to see you there!

We’ve got a busy week in Spring, so without further ado, let’s get to it!

April 25, 2019

Spring Data-LDAP: Part 2

Now, since we have plugged in the LDAP information, it is time to stitch it with Spring Security. The easiest thing to do is:

@Configuration
@EnableWebSecurity(debug = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private static final Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);


    @Autowired
    private LdapContextSource ldapContextSource;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.httpBasic().and().authorizeRequests().antMatchers("/users","/").permitAll()
                .anyRequest().authenticated().and().csrf().disable();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.ldapAuthentication().contextSource(ldapContextSource)
                .userSearchBase("ou=users")
                .groupSearchBase("ou=groups")
                .groupSearchFilter("member={0}")
                .userDnPatterns("ou=users,dc=example,dc=com")
                .userSearchFilter("uid={0}");
    }
}

March 8, 2019

A Bootiful Podcast: Interview With Sree Tummidi, Senior Product Manager for Security at Pivotal

Hi, Spring fans! This week, I’m excited to welcome Sree Tummidi, a senior product manager working at the intersection of application security and platform at Pivotal. We talked about security, Spring Security, cloud platforms, OAuth, OIDC and OIDC Connect, SAML, and, of course, the Cloud Foundry UAA, and tons more.

Twitter: @sreetummidi
UAA

February 14, 2019

Spring Boot and OAuth2: Getting the Authorization Code

In the previous tutorial, we focused on an overview of OAuth and how to implement it. In this tutorial, we will be looking at how to use the authorization code grant.

To do this, we will be implementing the Client Application and Resource Server. The flow we will be implemented as follows:

January 17, 2019

Keep Your Secrets Away From Code (Consul + Spring)

Consul

According it's documentation, "Consul is a distributed service mesh to connect, secure, and configure services across any runtime platform and public or private cloud."

You can read more about Consul here.

January 14, 2019

Grails With Spring Security

Spring Security touts a number of authentication, authorization, instance-based, and various other features that make it so attractive to secure applications with.

With this in mind, due to Grails use of Spring’s Inversion of Control Framework and MVC setup, developers sought to use Spring Security to secure Grails.