Securing Ajax endpoints inside a Web project with Spring Security

Sometime, you have to host the API inside the same project where you serve your HTML pagesOr probably a more usual case which may happen when you use JQuery with a framework like Spring MVC, the web pages are protected with a login form but you have also some URLs used by Ajax requests coming… Continue reading Securing Ajax endpoints inside a Web project with Spring Security

Mockito & Co!

It’s been a while I didn’t post anything… Today I’m back with Mockito 🙂 I played with it on my project and I learn some stuff… Ok, it’s mainly because I had some errors in my tests but still… It’s always good to share even if I am the only one who use this samples!… Continue reading Mockito & Co!

Remove null values from JSON object and ignore unavailable properties

The definition of web services using Spring is quite easy (see here for details), based on Jackson, the data marshalling/unmarshalling is totally hidden to the developer and it works perfectly. But I encountered performance issues with the null values, I had to manage some classes with a lot of data, and they often contain empty… Continue reading Remove null values from JSON object and ignore unavailable properties

Implementing CSRF protection with Angular-js

After 2 articles on the security, I continue with the set up of the CSRF protection using Spring security. The main idea behind is to prevent some one else to create (forge) a request without our authorization. Imagine that a page uses JavaScript to send something like https://my.bank.com/pay/15000/cayman_account, if you are connected to your bank… Continue reading Implementing CSRF protection with Angular-js

Angular-js and Restful web services access

Following my previous article about the integration of Spring Security with web services, I will now explain how I integrate it with an Angular-js project. For that purpose, I am a little bit lazy and I use a project I already written instead of building a completely new one. The project is a “funny” pet-store… Continue reading Angular-js and Restful web services access

Securing Restful web services using Spring-Security

After several months of silent, I woke up… With some security interests! The security is a common requirement on many web projects, and fortunately, Spring helps us to implement it. The most common way to do it is just defining a set of rules and letting Spring manage the login and so on. In this… Continue reading Securing Restful web services using Spring-Security

Oracle proxy user with Spring

The standard solution to manage the database connections in a web application is to let the server manage it, and use Spring to inject it wherever it is needed. By doing so, we can let also the transaction management to be done by a third party API, Spring fits perfectly this need. But this option… Continue reading Oracle proxy user with Spring

Add CORS management with Tomcat and Angular-Js

In one of my projects, I decided to setup a SOA architecture using Angular-Js as the UI layer. My main focus is to have a clear separation between the business and the presentation. Another benefit of this is that it is possible the use different servers to these 2 parts. But doing this causes an… Continue reading Add CORS management with Tomcat and Angular-Js

Multithreading and Spring Security

I manage a Spring project where I need to create a new thread to launch an asynchronous task. This project uses Spring Security and an Oracle proxy user (I will describe it in a future post), which means that, for each starting transaction, a call is made to the security context to get the current… Continue reading Multithreading and Spring Security