Introduction to SPNEGO/Kerberos Authentication in Spring 1. Overview In this tutorial, we’ll understand the basics of the Kerberos authentication protocol. We’ll also cover the need for SPNEGO in connection with Kerberos. Finally, we’ll see how to make use of the Spring Security Kerberos extension to create applications enabled for Kerberos… Continue Reading spring-security-kerberos

Spring REST API + OAuth2 + Angular Spring Security OAuth 1. Overview In this tutorial, we’ll secure a REST API with OAuth and consume it from a simple Angular client. The application we’re going to build out will consist of four separate modules: Authorization Server Resource Server UI implicit –… Continue Reading rest-api-spring-oauth2-angularjs

Find the Registered Spring Security Filters 1. Overview Spring Security is based on a chain of servlet filters. Each filter has a specific responsibility and depending on the configuration, filters are added or removed. In this tutorial, we’ll discuss different ways to find the registered Spring Security Filters. 2. Security… Continue Reading spring-security-registered-filters

Unable to Locate Spring NamespaceHandler for XML Schema Namespace 1. The Problem This article will discuss one of the most common configuration problems in Spring – a namespace handler for one of the Spring namespaces is not found. Most of the time, this means one particular Spring jar is missing… Continue Reading unable-to-locate-spring-namespacehandler-for-xml-schema-namespace

Spring Security – security none, filters none, access permitAll 1. Overview Spring Security provides several mechanisms to configure a request pattern as unsecured or allowing all access. Depending on each of these mechanisms – this can either mean not running the security filter chain on that path at all, or… Continue Reading security-none-filters-none-access-permitAll

Filtering Jackson JSON Output Based on Spring Security Role 1. Overview In this quick tutorial, we’ll show how to filter JSON serialization output depending on a user role defined in Spring Security. 2. Why Do We Need To Filter? Let’s consider a simple yet common use case where we have… Continue Reading spring-security-role-filter-json

Securing Java EE with Spring Security 1. Overview In this quick tutorial, we’ll be looking at how to secure a Java EE web application with Spring Security. 2. Maven Dependencies Let’s start with the required Spring Security dependencies for this tutorial: <dependency> <groupId></groupId> <artifactId>spring-security-web</artifactId> <version>4.2.3.RELEASE</version> </dependency> <dependency> <groupId></groupId> <artifactId>spring-security-config</artifactId> <version>4.2.3.RELEASE</version>… Continue Reading java-ee-spring-security

Registration with Spring – Integrate reCAPTCHA 1. Overview In this article we’ll continue the Spring Security Registration series by adding Google reCAPTCHA to the registration process in order to differentiate human from bots. 2. Integrating Google’s reCAPTCHA To integrate Google’s reCAPTCHA web-service, we first need to register our site with… Continue Reading spring-security-registration-captcha

Control the Session with Spring Security 1. Overview In this article, we’re going to illustrate how Spring Security allows us to control our HTTP Sessions. This control ranges from a session timeout to enabling concurrent sessions and other advanced security configs. Further reading: Retrieve User Information in Spring Security How… Continue Reading spring-security-session