Tag: Spring Boot

From stateful to stateless RESTful security using Spring and JWTs – Part 4 (JWT-based authentication)

Previously we have managed to finally get rid of that Session object and transform our RESTful API security to leverage a stateless authentication solution. We replaced our beloved JSESSIONID with a simple string of text, a token, that allowed us to identify a user. But the solution we used is not secure at all. We still need to find a token with the right characteristics to be safe enough in this world of leaks and breaches. Enter JWTs…

From stateful to stateless RESTful security using Spring and JWTs – Part 3 (token-based authentication)

Last time we reviewed how to quickly set up stateful authentication on our Spring-based project. That’s very nice ‘n’ all, and in many cases you won’t need anything more. However shouldn’t we try to get rid of that session-based dependency and attempt to move to a REST-friendly stateless authentication solution? Let’s begin…

From stateful to stateless RESTful security using Spring and JWTs – Part 2 (session-based authentication)

After a quick introduction we are now ready to begin our journey towards stateless authentication for RESTful APIs… by setting up a stateful example. Yes I know, but we have to start somewhere, right? In this part we’ll set up our project and code a couple of simple endpoints. One of those will be secured using Spring Security’s session-based authentication.

Spring Security’s CSRF protection for REST services: the client side and the server side

Spring Security offers CSRF (cross-site request forgery) protection by default for Java web applications. In this post I will examine how you can make that CSRF protection work for a web client interacting with REST-based CSRF-protected services. Both the web client’s code and the server application’s configuration will be described.