Posts

Showing posts from January, 2020

Spring Boot Actuator

Endpoints Actuator endpoints allow you to monitor and interact with your application. Spring Boot includes a number of built-in endpoints and you can also add your own. For example the  health  endpoint provides basic application health information. The way that endpoints are exposed will depend on the type of technology that you choose. Most applications choose HTTP monitoring, where the ID of the endpoint is mapped to a URL. For example, by default, the  health  endpoint will be mapped to  /health . The following technology agnostic endpoints are available: actuator Provides a hypermedia-based “discovery page” for the other endpoints. Requires Spring HATEOAS to be on the classpath. true auditevents Exposes audit events information for the current application. true autoconfig Displays an auto-configuration report showing all auto-configuration candidates and the reason why they ‘were’ or ‘were not’ applied. true beans Displ...

Why you should use BCrypt to hash passwords

In the online world, passwords play a critical role in keeping your data and other important information safe. For this reason, ensuring your passwords remain secure is critical. If not, the consequences can be catastrophic — think the Sony hacks of 2011. Hashed password solutions fall short Many password solutions simply are not good enough and put your data and resources at risk. Let’s take a look at a few examples. Plain text passwords As its name infers, a plain text password makes use of only letters. Should a hacker gain access to passwords such as these, they can easily pose as a user on your system. Often, plain text passwords are replicated across other logins as well, as users don’t want to have to remember multiple passwords for different sites or applications. Guess what? That just gives a hacker access to those applications as well. One way hash With a one-way hash password, a server does not store plain text passwords to authenticate a user. Here, a password...

How to Add a Public Landing Page

Image
If an application to have a landing page that is accessible to everyone at first, the user can then signup or login to access specific features. For achieve this we can add a public view page and set up the security constraints to allow access to the view page. In this example, we have a view page that anyone can access. Then they can click the link to access the secure pages. This project has the following mods 1. Updated security configs to allow public access to landing page 2. Updated controller to send requests to landing page 3. New landing page Details below --- 1. Updated security configs to allow public access to landing page See the config below. It will "permit all" access to the landing page "/".  Also, for successful logout it will redirect to the landing page "/" File: DemoSecurityConfig.java @Override protected void configure ( HttpSecurity http ) throws Exception { http . authorizeReq...

Spring Security - Latest Version

Spring Security - Latest Version In Spring world Spring framework and Spring Security are totally different projects. So for that we need to find the compatible spring security version for spring framework. UPDATES - Spring Security 5.2.1 Spring Security 5.2.1 was released on 4 November 2019. This is a maintenance/bug fix release. Spring Security 5.2.1 is compatible with Spring Framework 5.2.1 If you want to use the latest version, update your Maven POM file to use the compatible versions below <springframework.version> 5.2.1.RELEASE </springframework.version>   <springsecurity.version> 5.2.1.RELEASE </springsecurity.version> --- UPDATES - Spring Security 5.2.0 Spring Security 5.2.0 was released on 1 October 2019. This is a maintenance/bug fix release. Spring Security 5.2.0 is compatible with Spring Framework 5.2.0 If you want to use the latest version, update your Maven POM file to use the compatible versions below <s...