Welcome to the first Security Roundup of 2018! In the last roundup, we covered Cloud Security. Today, however, we'll be focusing on AppSec by looking at how developers can add various security protocols, such as authentication, to their Spring/Spring Boot-based applications. So get ready to spring into the new year with security!
And, as a quick side note, if you're interested in writing for DZone, but don't have a topic in mind, come check out our Bounty Board, where you can win prizes for providing great content, and our Writer's Zone which has plenty of prompts, tips, and tricks!
DZone Articles on Spring Security
Advanced Mircroservices Security With Spring and OAuth2 by Piotr Minkowski. The main purpose of this article is to show a sample security architecture for microservices and an authorization server behind API gateways.
Simple Attribute-Based Access Control With Spring Security by Mostafa Eltaher. Have you ever worked on software where the access rules are based not only on user's role but also on the specific entity that role was granted? You will probably find Attribute-Based Access Control very useful — this article will tell you how.
Example of Multiple Login Pages With Spring Security and Spring Boot by Bartlomiej Slota. A developer shows how to define separate security constraints for different URL path patterns, and how to test the configuration using Spring Boot and Typeleaf.
Secure REST Services and Web Applications With Spring Boot Security Starter by Ranga Karanam. Learn how to quickly set up a Spring Boot-based web app, create a REST service, and then secure this web application using Spring Boot Starter Security.
Spring Security: Basic Authentication Example by Gaurav Rai Mazra. We go through the basics of adding authentication to your application by adding dependencies, configuring our app for Basic Authentication, enabling Basic Authentication and configuring its properties, and implementing XML-based configuration for Basic Authentication.
DZone Publications on Spring Security
DZone's Guide to Proactive Security: Apps, Environments, and Messaging featuring articles by Boaz Shunami, Jeff Williams, Kaie Strzempka, Chris Lamb, James Wickett, Ivan Dwyer, and Tom Smith. With the rise of high-profile ransomware and DDoS attacks comes a greater need than ever for powerful application security. The 2017 Guide to Proactive Security discusses the actions that experts are taking to combat the growing list of threats, and what developers can do to be proactive in securing their apps and processes.
- Refcard #248, Java Application Vulnerabilities: What They Are and How to Fix Them by Ryan O'Leary. Java Applications, like any other, are susceptible to gaps in security. This Refcard focuses on the top vulnerabilities that can affect Java applications and how to combat them.