Welcome to my first "gotchas" post! In this series I'll try to document common traps we tend to fall into again and again. In this episode: Tomcat throws a java.lang.NoClassDefFoundError: org/apache/commons/logging/LogFactory when deploying and starting your brand new Java web application...
Part 2 of examining a full, secure implementation of a solution for web-client, REST-based systems using AngularJS and Spring and addressing authentication, CORS and CSRF aspects. The full, working code is available on GitHub. In this part, we look at how we can prevent CSRF attacks from a server's perspective.
A full, secure implementation of a solution for web-client, REST-based systems using AngularJS and Spring and addressing authentication, CORS and CSRF aspects. The full, working code is available on GitHub. In this part, we setup the project and examine how CORS is configured on the server side.
Spring Security offers CSRF (cross-site request forgery) protection by default for Java web applications. In this post I will examine how you can make that CSRF protection work for a web client interacting with REST-based CSRF-protected services. Both the web client's code and the server application's configuration will be described.
So you want to validate the data sent to your application's REST services? Nowadays you can quite easily do that using Spring and the Bean Validation API. And to help you test that validation process, how about bringing in Spring Boot to programmatically start your application and run your tests against it?
Today's web applications expect some RESTful services to provide them with the data they need. But what about securing those accesses? In this post, I provide a full example of form-based RESTful authentication against a Spring Boot + Spring Security back-end.
Back to some technical stuff after my post of last week. This time we'll have a look on how to configure your Spring Security when working on top of a Spring Boot project.