The first line of defense for many applications and pieces of software is a simple username/password type of authentication protocol. And, as developers, you have most likely been tasked, at some point in your career, with creating this functionality. So, this month, we explore some great articles on authentication from DZone and around the web.
Yeah... I'm Gonna Need to See Some ID
Advanced Microservices Security With Spring and OAuth2 by Piotr Minkowski. This article walks you through the process of setting up a sample security architecture for microservices and an authorization server behind API gateways.
The HTTP Series (Part 4): Authentication Mechanisms by Vladimir Pecanac. The author provides a detailed look at the types of HTTP authentication available, and how to implement each of them in order to secure your web application or network.
Steps to Building Authentication and Authorization for RESTful APIs by Derric Gilling. A guide to the difference between authentication and authorization, and why JSON web tokens are so useful for RESTful APIs.
Implement JWT Authentication on Spring Boot APIs by Bruno Krebs. This article shows you how to implement JSON Web Tokens in order to authenticate the users of your applications, and how to secure the endpoints exposed by RESTful APIs.
Top 5 REST API Security Guidelines by Guy Levin. Can you guess the first two? Authorization and validation! Read on to see the rest of these great security tips.
Authentication News From Around the Web
- Two-Factor Authentication Is a Mess by Russell Brandom. The author explores the promise and ultimate disappointment that two-factor authentication has brought to personal cybersecurity.
- Forget Everything You Know About Passwords, Says Man Who Made Password Rules by Ben Popken. This article explores the repercussions that security standards have had on the passwords users create, and why these old authentication standards don't make us any more secure.
Debate: Do Passwords Have a Future in Cybersecurity? by Steve McCaskill. Cybersecurity experts debate whether the password format for authentication can still meet the needs of today's technology consumers and if it can continue to meet those needs going forward.
Find Your Next Great Sec Gig
Experience: This role is responsible for running the day-to-day security functions at JFrog, including vulnerability scans and pen testing, reviewing policies and procedures, and evaluating new technologies and standards in the security domain. The ideal candidate will have 5+ years in a hands-on security engineering role, strong understanding of network fundamentals, and experience using a wide range of security tools (vulnerability scanners, forensics software, malware analysis and protection, content filtering, etc.).
A Deeper Dive Into Authentication With DZone Refcardz
Java EE Security Essentials: Specification Level Security by Arjan Tijms and Masoud Kalali. The Java EE security specification supports a set of required security functionalities including authentication, authorization, data integrity, and transport security. This Refcard begins by introducing some common terms and concepts related to Java EE security such as identity stores and authentication mechanisms. We then explore authentication authorization, web module security, EJB module security, and application client security with in-depth examples.