Securing Ajax endpoints inside a Web project with Spring Security

Sometime, you have to host the API inside the same project where you serve your HTML pagesOr probably a more usual case which may happen when you use JQuery with a framework like Spring MVC, the web pages are protected with a login form but you have also some URLs used by Ajax requests coming… Continue reading Securing Ajax endpoints inside a Web project with Spring Security

Remove null values from JSON object and ignore unavailable properties

The definition of web services using Spring is quite easy (see here for details), based on Jackson, the data marshalling/unmarshalling is totally hidden to the developer and it works perfectly. But I encountered performance issues with the null values, I had to manage some classes with a lot of data, and they often contain empty… Continue reading Remove null values from JSON object and ignore unavailable properties

Implementing CSRF protection with Angular-js

After 2 articles on the security, I continue with the set up of the CSRF protection using Spring security. The main idea behind is to prevent some one else to create (forge) a request without our authorization. Imagine that a page uses JavaScript to send something like https://my.bank.com/pay/15000/cayman_account, if you are connected to your bank… Continue reading Implementing CSRF protection with Angular-js

Angular-js and Restful web services access

Following my previous article about the integration of Spring Security with web services, I will now explain how I integrate it with an Angular-js project. For that purpose, I am a little bit lazy and I use a project I already written instead of building a completely new one. The project is a “funny” pet-store… Continue reading Angular-js and Restful web services access

Securing Restful web services using Spring-Security

After several months of silent, I woke up… With some security interests! The security is a common requirement on many web projects, and fortunately, Spring helps us to implement it. The most common way to do it is just defining a set of rules and letting Spring manage the login and so on. In this… Continue reading Securing Restful web services using Spring-Security

Oracle proxy user with Spring

The standard solution to manage the database connections in a web application is to let the server manage it, and use Spring to inject it wherever it is needed. By doing so, we can let also the transaction management to be done by a third party API, Spring fits perfectly this need. But this option… Continue reading Oracle proxy user with Spring

Multithreading and Spring Security

I manage a Spring project where I need to create a new thread to launch an asynchronous task. This project uses Spring Security and an Oracle proxy user (I will describe it in a future post), which means that, for each starting transaction, a call is made to the security context to get the current… Continue reading Multithreading and Spring Security

Add global exception management in Rest web service

Since I adopted a Restful architecture, I need also a simple way for the exceptions management. With Spring, it can be easily set-up with in a central class, avoiding a painful management per service. To do this, we need to define a class with the @ControllerAdvice annotation, this class will be automatically associated to our… Continue reading Add global exception management in Rest web service

Define Restful web services using Spring

In one of my project, I had the difficult decision to switch to another technology: I replaced JSF with Angular-JS. Our goal was to speed up the development by removing the painful part implied with JSF, as a lot of server requests to manage, some view state issues, the refresh management, the need to implement… Continue reading Define Restful web services using Spring

Define configuration file outside of the classpath

Here I describe the way I use to configure my applications. The main idea is to define a property file outside of the application, doing this, it is possible to deploy the same application in several environments (dev/test/prod) without any changes. First of all, the property file: net.classnotfound.app.jdbc.server=db-server net.classnotfound.app.jdbc.port=1521 net.classnotfound.app.jdbc.sid=xe net.classnotfound.app.jdbc.user=scott net.classnotfound.app.jdbc.password=koala The tips is… Continue reading Define configuration file outside of the classpath