Implementing CSRF protection with Angular-js

After 2 articles on the security, I continue with the set up of the CSRF protection using Spring security. The main idea behind is to prevent some one else to create (forge) a request without our authorization. Imagine that a page uses JavaScript to send something like https://my.bank.com/pay/15000/cayman_account, if you are connected to your bank… Continue reading Implementing CSRF protection with Angular-js

Angular-js and Restful web services access

Following my previous article about the integration of Spring Security with web services, I will now explain how I integrate it with an Angular-js project. For that purpose, I am a little bit lazy and I use a project I already written instead of building a completely new one. The project is a “funny” pet-store… Continue reading Angular-js and Restful web services access

Securing Restful web services using Spring-Security

After several months of silent, I woke up… With some security interests! The security is a common requirement on many web projects, and fortunately, Spring helps us to implement it. The most common way to do it is just defining a set of rules and letting Spring manage the login and so on. In this… Continue reading Securing Restful web services using Spring-Security

Add CORS management with Tomcat and Angular-Js

In one of my projects, I decided to setup a SOA architecture using Angular-Js as the UI layer. My main focus is to have a clear separation between the business and the presentation. Another benefit of this is that it is possible the use different servers to these 2 parts. But doing this causes an… Continue reading Add CORS management with Tomcat and Angular-Js

Multithreading and Spring Security

I manage a Spring project where I need to create a new thread to launch an asynchronous task. This project uses Spring Security and an Oracle proxy user (I will describe it in a future post), which means that, for each starting transaction, a call is made to the security context to get the current… Continue reading Multithreading and Spring Security

Spring Security with JSF 2 and custom login form

Here, I am integrating Spring Security with JSF 2 using a custom login form. First, the maven dependencies for Spring-Security (I consider that the JSF project is already set-up, if it is not the case, you can check here): <properties> … <spring.security.version>3.2.4.RELEASE</spring.security.version> </properties> … <!– Spring-Security dependencies –> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>${spring.security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId>… Continue reading Spring Security with JSF 2 and custom login form