Archives annuelles : 2019

Spring Boot (2.1) By default, the CSRF protection is enabled in the WebSecurityConfigurerAdapter default constructor We could disable it in this way in configure(HttpSecurity http): http.csrf().disable() And we could also override the default configuration for CSRF. For example, the token … Continuer la lecture →

Spring Boot (2.1) : very basic configuration With older spring security versions, it is needed to create our own CorsFilter class and to perform the whole CORS logic in, then to add it in the spring security filter chain. Since … Continuer la lecture →

Cross-Origin Resource Sharing(CORS) General idea By default, for security reasons, browsers don’t accept requests from an origin (domain) to another one for some kinds of requests (for example XMLHttpRequest or GET with custom header). But by enabling CORS (in the … Continuer la lecture →

The OAuth 2 paradigm You don’t need to go very far to understand clearly and simply what OAuth 2 is and what it brings in comparison to the traditional client-server authentication model. We have the information in the 2012 proposed … Continuer la lecture →

The grant types/ flows First, we will describe some grant types and in the next point we will see how to implement them with Spring Boot 2 The implicit flow / The implicit grant Steps : 1) the client requests … Continuer la lecture →

pom.xml <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency> application.properties By default, only health,info,metrics are enabled. To enable all others : management.endpoints.web.exposure.include=* Actuators /beans : Displays a complete list of all the Spring beans in your application. /cache : Exposes available caches. /configprops : … Continuer la lecture →

AJP as reverse proxy without SSL In Spring Boot 2.1 (it should also work in some earlier versions), we can enable the AJP connector such as :  import org.apache.catalina.connector.Connector; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.boot.web.server.WebServerFactoryCustomizer; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile;   … Continuer la lecture →

Foreword I precise 2.4 because major as well minor versions matter in Apache 2 configuration. If you don’t use Apache 2.4, don’t go further. The installation Apache 2 is in the default packages repositories of Ubuntu. So to install the default … Continuer la lecture →

Modify the logging configuration Warn : Jenkins relies on java.util.logging. Beware of level to specify : https://docs.oracle.com/javase/7/docs/api/java/util/logging/Level.html For direct OS installations, modify the script that run jenkins to set a system property when the JVM is run : -Djava.util.logging.config.file=/var/jenkins_home/logging.properties For … Continuer la lecture →

Enable fullscreen or custom screen size – documentation official …We need to set the EnableEnhancedSessionMode to true to enable xrdp.To rollback, set it to false. Read value of the EnableEnhancedSessionMode property : Get-VMHost | fl -Property EnableEnhancedSessionMode Get all properties of a … Continuer la lecture →