Archives de l’auteur : davidhxxx

Nexus 3 : installation

Installing Nexus on Linux (without container) Download the Nexus archive and uncompress it into a target folder. The application consists of two folders : – nexus-3.XX.X – sonatype-work The first one contains the nexus application and the second contains the … Continuer la lecture

Publié dans Non classé | Laisser un commentaire

Docker-Compose

Environment variables Compose CLI environment variables These configure the docker-compose command line execution. COMPOSE_PROJECT_NAME Sets the project name. This value is prepended along with the service name to the container on start up. ex : COMPOSE_PROJECT_NAME=fooapp If the template declares … Continuer la lecture

Publié dans Non classé | Laisser un commentaire

Spring Boot – OAuth 2 – Inject the OAuth2Authentication in the controllers

There are multiple ways of retrieving user/client information associated to the token specified in a request. With Spring, a very simple way is adding a OAuth2Authentication parameter in the controller of the method we where want to get that information. … Continuer la lecture

Publié dans Non classé | Laisser un commentaire

Spring Security – Filter chains and request authorization

The important components WebSecurityConfigurer instances When we enable Spring Security in a Spring application, we benefit automatically from one WebSecurityConfigurer instance or multiple of them if we included other spring dependencies that require them such as oauth2 deps Each WebSecurityConfigurer … Continuer la lecture

Publié dans Non classé | Laisser un commentaire

Angular and Spring Boot served by an Apache HTTPD server

The virtual host configuration In Ubuntu, it is in the sites-enabled/000-default.conf  <VirtualHost *:89> LogLevel trace8 LogLevel rewrite:trace8   ServerName localhost:89 DocumentRoot /var/www/quizz   RewriteEngine on   # don’t rewrite and stop the chain RewriteRule ^(/api|/processLogin|/logout-b)($|/) – [L]   # If … Continuer la lecture

Publié dans Non classé | Laisser un commentaire

Spring Boot (2.X) and Angular 5 : Authentication

Spring Boot security configuration It adds the configuration for both basic and form login authent from the front end. An interesting thing is that we need to override some handlers to prevent Spring from redirecting to a front web page. … Continuer la lecture

Publié dans Non classé | Laisser un commentaire

CSRF with Spring Boot

Spring Boot (2.1) By default, the CSRF protection is enabled in the WebSecurityConfigurerAdapter default constructor We could disable it in this way in configure(HttpSecurity http): http.csrf().disable() And we could also override the default configuration for CSRF. For example, the token … Continuer la lecture

Publié dans Non classé | Laisser un commentaire

CORS with Spring Boot

Spring Boot (2.1) : very basic configuration With older spring security versions, it is needed to create our own CorsFilter class and to perform the whole CORS logic in, then to add it in the spring security filter chain. Since … Continuer la lecture

Publié dans Non classé | 3 commentaires

CORS and CRSF

Cross-Origin Resource Sharing(CORS) General idea By default, for security reasons, browsers don’t accept requests from an origin (domain) to another one for some kinds of requests (for example XMLHttpRequest or GET with custom header). But by enabling CORS (in the … Continuer la lecture

Publié dans Non classé | Laisser un commentaire

OAuth2 Grant Types/Flows

The OAuth 2 paradigm You don’t need to go very far to understand clearly and simply what OAuth 2 is and what it brings in comparison to the traditional client-server authentication model. We have the information in the 2012 proposed … Continuer la lecture

Publié dans Non classé | Laisser un commentaire