Dive into the latest releases from #Spring 
GA releases of Spring Boot, Spring Security, Spring Authorization Server, Spring Session, Spring Integration, Spring for GraphQL, Spring AI and Spring Web Services.
Recent searches
Search options
#springsecurity
0 posts0 participants0 posts today
Dive into the latest releases from #Spring
First release candidates of Spring Boot, Spring Data 2025.0.0, Spring Security, Spring Authorization Server, Spring Session, Spring Integration, Spring Modulith & Spring Web Services.
This #InfoQ article provides a detailed solution for registering & authenticating a user through a client-side #JavaScript application using the #SpringSecurity infrastructure, access & refresh tokens.
We explore the process in detail with helpful flow diagrams!
Dive into the latest releases from #Spring
Spring Boot, Spring Security, Spring Authorization Server, Spring for GraphQL, Spring Integration, Spring AMQP, Spring for Apache Kafka and Spring Web Services.
Hey #Scala people working on web auth, any recommendations for a useable, maintained TOTP library?
Or should I just use #SpringSecurity ?
Dive into the latest releases from #Spring
Releases of: Spring Boot, Spring Security, Spring Authorization Server, Spring Integration, Spring AI and Spring AMQP.
Many of these releases are included in Spring Boot 3.5.0-M2, 3.4.3 & 3.3.9.
Securing #Vaadin Applications with One-Time Token by @SimonMartinelli
https://martinelli.ch/securing-vaadin-applications-with-one-time-token/
Martinelli · Securing Vaadin Applications with One-Time TokenLogging into an application should be simple for users but still safe and secure. Traditional logins with usernames and passwords work, but they can be inconvenient and sometimes risky if passwords are stolen. A one-time token login offers a solution—it's both easy for users and secure.
In this blog post,
In my new blog post, "Securing Vaadin Applications With One-Time Token," I show you how to use the new Spring Security feature that enables the user to log in with a one-time token combined with Vaadin.
#Vaadin #SpringBoot #SpringSecurity
https://buff.ly/3WFsUsn
Martinelli · Securing Vaadin Applications with One-Time TokenLogging into an application should be simple for users but still safe and secure. Traditional logins with usernames and passwords work, but they can be inconvenient and sometimes risky if passwords are stolen. A one-time token login offers a solution—it's both easy for users and secure.
In this blog post,
Dive into the latest releases from Spring
Milestone releases of: Spring Boot, Spring Framework, Spring Data, Spring Security, Spring Integration and Spring Modulith.
#SpringSecurity is widely used, offering numerous settings for various scenarios.
This #InfoQ article demonstrates basic configurations with detailed component analysis through diagrams and code examples, providing a starting point for further customization.
Read now: https://bit.ly/3DWoKFX
Dive into the latest releases from #Spring! https://bit.ly/3DBHv1l
Spring Boot, Spring Security, Spring Authorization Server, Spring Session, Spring Integration, Spring Modulith, Spring Batch, Spring AMQP, Spring for Apache Kafka, Spring for Apache Pulsar and Spring Shell.
Dive into the latest releases from #Spring! https://bit.ly/3MmKYlr
Spring Boot, Spring Data, Spring Cloud, Spring Security, Spring Authorization Server, Spring Session, Spring for Apache Kafka & Spring for Apache Pulsar.
connect2id's Nimbus OAuth2/OIDC SDK is underrated, particularly as a direct dependency!
https://connect2id.com/products/nimbus-oauth-openid-connect-sdk
Many people use it through Spring Security or Pac4j but the lib is relatively easy to use directly (particularly if you know the protocols) and can be used to add OIDC support to Java apps with much less complexity than those Spring or Pac4j authentication frameworks (but at the cost of having to handle some of the Web security yourself, mainly around CSRF)
connect2id.comNimbus OAuth 2.0 SDK with OpenID Connect extensions | Connect2id
Spring survey 2024 is here. Let us know what you like about Spring, its portfolio, and how we can improve so you become more productive.
dimensionalresearch.co1.qualtrics.comSurveySurvey
Aaaaaaaaa #SpringSecurity mit #Websockets bringt mich grad auf die Palme :/
Derweil will ich ja nur sicherstellen das keine Subscriptions von nicht angemeldeten Usern gemacht werden. Aber es werden einfach alle Requests geblockt, auch wenn ich alles whiteliste. -.-
Jemand eine Tipp in die richtige Richtung?
I just updated a ~10 year old application I started in pre #SpringBoot 1 from v2.7 to the latest 3.2, and I have to say, it was flawless now that with ActiveMQ finally has a Jakarta version out.
Hat tip to the #SpringSecurity team, for once I do find the "new" way here way nicer, well done.
GitHubUpgrade to Spring Boot 3.2, including Javax -> Jakarta migration. · michael-simons/biking2@375794dThis is the source code of http://biking.michael-simons.eu - Upgrade to Spring Boot 3.2, including Javax -> Jakarta migration. · michael-simons/biking2@375794d
I see so many #SpringBoot and #SpringSecurity tutorials store usernames and passwords in a database. Sure, the passwords are appropriately encrypted, but why are folks rolling their own database storage and not being shown how to use OAuth or OpenID and authenticate against a third-party system where they've done this for you?
There's so many more important things to learn than storing usernames/passwords in a database table (integrating with OAuth/OpenID is hard enough!), which folks will unlikely every do in their career.
When exposing an application to the outside world, consider a Reverse-Proxy or an API Gateway to protect it from attacks. @frankel #ApacheAPISIX discusses the details with #Keycloak and #SpringSecurity on Foojay 
Today!
https://foojay.io/today/system-architecture-move-authentication-to-the-api-gateway
foojaySystem Architecture: Move Authentication to the API GatewayWhen exposing an application to the outside world, consider a Reverse-Proxy or an API Gateway to protect it from attacks.