Archives mensuelles : novembre 2019

The important components WebSecurityConfigurer instances When we enable Spring Security in a Spring application, we benefit automatically from one WebSecurityConfigurer instance or multiple of them if we included other spring dependencies that require them such as oauth2 deps Each WebSecurityConfigurer … Continuer la lecture →

The virtual host configuration In Ubuntu, it is in the sites-enabled/000-default.conf  <VirtualHost *:89> LogLevel trace8 LogLevel rewrite:trace8   ServerName localhost:89 DocumentRoot /var/www/quizz   RewriteEngine on   # don’t rewrite and stop the chain RewriteRule ^(/api|/processLogin|/logout-b)($|/) – [L]   # If … Continuer la lecture →

Spring Boot security configuration It adds the configuration for both basic and form login authent from the front end. An interesting thing is that we need to override some handlers to prevent Spring from redirecting to a front web page. … Continuer la lecture →

Spring Boot (2.1) By default, the CSRF protection is enabled in the WebSecurityConfigurerAdapter default constructor We could disable it in this way in configure(HttpSecurity http): http.csrf().disable() And we could also override the default configuration for CSRF. For example, the token … Continuer la lecture →

Spring Boot (2.1) : very basic configuration With older spring security versions, it is needed to create our own CorsFilter class and to perform the whole CORS logic in, then to add it in the spring security filter chain. Since … Continuer la lecture →

Cross-Origin Resource Sharing(CORS) General idea By default, for security reasons, browsers don’t accept requests from an origin (domain) to another one for some kinds of requests (for example XMLHttpRequest or GET with custom header). But by enabling CORS (in the … Continuer la lecture →

The OAuth 2 paradigm You don’t need to go very far to understand clearly and simply what OAuth 2 is and what it brings in comparison to the traditional client-server authentication model. We have the information in the 2012 proposed … Continuer la lecture →

The grant types/ flows First, we will describe some grant types and in the next point we will see how to implement them with Spring Boot 2 The implicit flow / The implicit grant Steps : 1) the client requests … Continuer la lecture →