Tag: Security
-
How to Renew a JWT Without Requesting to Login
In this post, I will explore how to renew JWTs without requiring the user to log in again. Making authentication quick and effortless for both the user and the developer.
-
Spring Cloud Gateway with KeyCloak and OAuth2
In this article I will show how to configure a KeyCloak server. And I will use it in a Spring Cloud and Spring Boot architecture as an authorization server where a Spring Cloud Gateway will try to authenticate.
-
Spring Cloud Gateway with OAuth2 Authorization Server
In this article I will create a Spring Cloud Gateway application connected to an OAuth2 Authorization Server. I will use an existing OAuth2 Authorization server and create a Spring Cloud Gateway application from scratch to consume data from a Resource Server.
-
OAuth2 and OpenID Connect
In this article, I will compare the OAuth2 and OpenID Connect authentication protocols. I will implement the OpenID Connect with the Spring Security Authorization Server.
-
Spring Security and Roles Authorization
In this article I will explain the difference between Authentication and Authorization. I will also explain how to implement the Authorization pattern with Spring Security. For that, I will use the @PreAuthorize annotation.
-
The CSRF Protection with Spring Security
In this article I will explain the CSRF attack, the Cross-Site Request Forgery attack. I will show how Spring Security can protect against this attack, in both a server side rendering server and with a separated frontend and the Cookie repository.
-
Basic Authentication & JWT
In this article I show how to secure a Flask backend with Basic Authentication and also with JWT. I will show the usage of the library flask-http-auth for the Basic Authentication and the token based Authentication. Then, I will add the library pyjwt to encode and decode a JWT.
-
Log4Shell Vulnerability
In this article I show how the Log4Shell vulnerability can impact. I show how the JNDI commands are intercepted with an LDAP server, and how to protect against this vulnerability.
-
Store the HTTP Session into Redis
In this article I show how to store the HTTP session into Redis with Spring Boot. I show the necessary dependencies and how to configure Spring Boot to not have the HTTP session stored only in the application.
-
OAuth2 Authentication with Spring Security and Github
In this article I will show how to authenticate using the OAuth2 system with Spring Security and Github. For that, I will need to create a Github login application and connect it to my Spring Boot application with Spring Security to allow it to perform the necessary requests.
The Dev World - Sergio Lema 