Registration – Password Strength and Rules 1. Overview In this quick tutorial, we’ll look at how to implement and show proper password constraints during registration. Things like – the password should contain a special character, or it should be at least 8 characters long. We want to be able to… Continue Reading registration-password-strength-and-rules

Preventing Username Enumeration Attacks with Spring Security 1. Overview In this tutorial, we’ll describe enumeration attacks in general. More specifically, we’ll explore username enumeration attacks against a web application. And, most importantly, we’ll explore options for handling them through Spring Security. 2. Explaining Enumeration Attacks Enumeration technically means complete and ordered… Continue Reading spring-security-enumeration-attacks

Security with Spring The Security with Spring tutorials focus, as you’d expect, on Spring Security. Get started with the Registration series if you’re interested in building a registration flow, and understanding some of the frameworks basics. Then, explore the topics you’re most interested in, related to security. Finally, have a… Continue Reading security-spring

Angular 4 Upgrade for Spring Security OAuth Spring Security OAuth 1. Overview In this quick tutorial, we’re going to upgrade our existing Angular application described here, to use Angular 4 instead of AngularJS. 2. Setup Angular4 First, we’ll use Angular CLI to generate and manage our front-end modules. First, we’ll… Continue Reading angular-4-upgrade-for-spring-security-oauth

Spring Security with Stormpath 1. Overview Stormpath has developed solid support for Spring Boot and Spring Security – to make the integration with their infrastructure and services quite straightforward. In this article, we’re going to have a look at a minimalistic setup and integration of Stormpath with Spring Security. 2.… Continue Reading spring-security-stormpath

Multiple Entry Points in Spring Security 1. Overview In this quick tutorial, we’re going to take a look at how to define multiple entry points in a Spring Security application. This mainly entails defining multiple http blocks in an XML configuration file or multiple HttpSecurity instances by extending the WebSecurityConfigurerAdapter… Continue Reading spring-security-multiple-entry-points

Spring Cloud – Securing Services 1. Overview In the previous article, Spring Cloud – Bootstrapping, we’ve built a basic Spring Cloud application. This article shows how to secure it. We’ll naturally use Spring Security to share sessions using Spring Session and Redis. This method is simple to set up and… Continue Reading spring-cloud-securing-services

Spring Security – Whitelist IP Range 1. Overview In this tutorial, we’ll discuss how to whitelist IP ranges in Spring Security. We’ll take a look at both Java and XML configurations. We’ll also see how to whitelist IP range using a custom AuthenticationProvider. 2. Java Configuration First, let’s explore the… Continue Reading spring-security-whitelist-ip-range