Archives de catégorie : Non classé

Installing Nexus on Linux (without container) Download the Nexus archive and uncompress it into a target folder. The application consists of two folders : – nexus-3.XX.X – sonatype-work The first one contains the nexus application and the second contains the … Continuer la lecture →

Environment variables Compose CLI environment variables These configure the docker-compose command line execution. COMPOSE_PROJECT_NAME Sets the project name. This value is prepended along with the service name to the container on start up. ex : COMPOSE_PROJECT_NAME=fooapp If the template declares … Continuer la lecture →

There are multiple ways of retrieving user/client information associated to the token specified in a request. With Spring, a very simple way is adding a OAuth2Authentication parameter in the controller of the method we where want to get that information. … Continuer la lecture →

The important components WebSecurityConfigurer instances When we enable Spring Security in a Spring application, we benefit automatically from one WebSecurityConfigurer instance or multiple of them if we included other spring dependencies that require them such as oauth2 deps Each WebSecurityConfigurer … Continuer la lecture →

The virtual host configuration In Ubuntu, it is in the sites-enabled/000-default.conf  <VirtualHost *:89> LogLevel trace8 LogLevel rewrite:trace8   ServerName localhost:89 DocumentRoot /var/www/quizz   RewriteEngine on   # don’t rewrite and stop the chain RewriteRule ^(/api|/processLogin|/logout-b)($|/) – [L]   # If … Continuer la lecture →

Spring Boot security configuration It adds the configuration for both basic and form login authent from the front end. An interesting thing is that we need to override some handlers to prevent Spring from redirecting to a front web page. … Continuer la lecture →

Spring Boot (2.1) By default, the CSRF protection is enabled in the WebSecurityConfigurerAdapter default constructor We could disable it in this way in configure(HttpSecurity http): http.csrf().disable() And we could also override the default configuration for CSRF. For example, the token … Continuer la lecture →

Spring Boot (2.1) : very basic configuration With older spring security versions, it is needed to create our own CorsFilter class and to perform the whole CORS logic in, then to add it in the spring security filter chain. Since … Continuer la lecture →

Cross-Origin Resource Sharing(CORS) General idea By default, for security reasons, browsers don’t accept requests from an origin (domain) to another one for some kinds of requests (for example XMLHttpRequest or GET with custom header). But by enabling CORS (in the … Continuer la lecture →

The OAuth 2 paradigm You don’t need to go very far to understand clearly and simply what OAuth 2 is and what it brings in comparison to the traditional client-server authentication model. We have the information in the 2012 proposed … Continuer la lecture →