By now “stateful” or session-based authentication is pretty much well-accepted. Frameworks such as Spring Security or Apache Shiro make it really easy to implement a decent solution in just a few easy steps. I previously discussed how to secure a Spring-based REST API using Spring Security for authentication, CSRF protection and CORS. But in some cases, session-based security might not be good enough…
You are developing your web client (AngularJS or any other) against your REST services’ server, secured using cookies-based sessions and CSRF tokens sent as cookies. You’ve done everything by the book, followed the tutorials to make your security work, especially CORS and CSRF tokens. And yet you still get a pesky 403 when trying to login!
Welcome to my first “gotchas” post! In this series I’ll try to document common traps we tend to fall into again and again. In this episode: Tomcat throws a java.lang.NoClassDefFoundError: org/apache/commons/logging/LogFactory when deploying and starting your brand new Java web application…
Since version 2.0, Cassandra’s auto-pagination feature has simplified pagination quite a bit… if you can persist a ResultSet! What if the context is a stateless web application, where we actually would rather avoid memorizing whole result sets’ states for every connected user?
Part 2 of examining a full, secure implementation of a solution for web-client, REST-based systems using AngularJS and Spring and addressing authentication, CORS and CSRF aspects. The full, working code is available on GitHub. In this part, we look at how we can prevent CSRF attacks from a server’s perspective.
A full, secure implementation of a solution for web-client, REST-based systems using AngularJS and Spring and addressing authentication, CORS and CSRF aspects. The full, working code is available on GitHub. In this part, we setup the project and examine how CORS is configured on the server side.
Do you get “Too many open files” issues or “java.lang.NoSuchMethodError: com.google.common.util.concurrent.RateLimiter.acquire(I)V” errors when running your CassandraUnit tests? Do you feel like your tests could get a speed boost? Then read this…
Spring Security offers CSRF (cross-site request forgery) protection by default for Java web applications. In this post I will examine how you can make that CSRF protection work for a web client interacting with REST-based CSRF-protected services. Both the web client’s code and the server application’s configuration will be described.
Looking for something to help you with testing your Cassandra-related methods? Then CassandraUnit might be what you’re looking for! This article will provide you with a quick overview of CassandraUnit’s features, and a practical example on how to set it up for your testing needs.
So you want to validate the data sent to your application’s REST services? Nowadays you can quite easily do that using Spring and the Bean Validation API. And to help you test that validation process, how about bringing in Spring Boot to programmatically start your application and run your tests against it?