Secure Actuator HTTP Endpoints Here you will see example on securing HTTP endpoints in Spring Boot application. Like other sensitive URLs, you should take care to secure HTTP endpoints. If Spring Security is present, endpoints are secured by default using Spring Security’s content-negotiation strategy. If you wish to configure custom security for HTTP endpoints, for example, only allow users with…

Introduction The tutorial, Python login and logout example will show you how to login and logout a user using session in Python 3. You may need users to authenticate/authorize using credentials when there are protected areas in web application. For example, you need to authenticate when you are accessing your savings account details using netbanking. Prerequisites Python 3.6.6 – 3.9.5,…

EnableEncryptableProperties – Jasypt Spring EnableEncryptableProperties with Jasypt shows an example how to avoid clear text password for database connection’s credentials in properties file. Jasypt means Java simplified encryption. Here I am going to use Spring Boot with Jasypt (Java simplified encryption). Here I am also going to use Spring Data JPA to perform the data layer activities with database. If…

Introduction The tutorial, SOAP over HTTPS with client certificate authentication, will show you how we can use client certificate to handshake with server along with basic authentication for consuming the service. We have also seen how to authenticate by sending authentication information over http headers in SOAP web service but here we will use client certificate (jks file) as a…

Spring Security Pre Authentication Here you will see an example on Spring Security Pre-authentication. There are situations where you want to use Spring Security for authorization, but the user has already been reliably authenticated by some external system prior to accessing the application. In such situations where Spring Security Pre-authentication comes into picture I refer to these situations as “pre-authenticated”…

Introduction In this tutorial I will discuss how SiteMinder works as an SSO authentication system. This tutorial will give you technical insights of the working principle of SiteMinder system. The Web Application Firewall may integrate with SiteMinder to provide single sign-on and centralized management of web applications using the predefined security policies. It uniquely identifies a user before the user…

Spring Security Remember Me with Persistent Token This tutorial will show you how to remember your credentials for a specific time period for auto-login without providing any login credentials into the login form. Remember-me or persistent-login authentication refers to web sites being able to remember the identity of a principal between sessions. This is typically accomplished by sending a cookie…

Spring Security Remember Me This tutorial will show you how to remember your credentials for a specific time period for auto-login without providing any login credentials (next time onward when a user tries to login) in the login form. Remember-me or persistent-login authentication refers to web sites being able to remember the identity of a principal between sessions. This is…

Spring Authentication – UserDetailsService In my previous tutorials, I have shown few authentications mechanisms, such as, Spring Security Form based Authentication – XML Configuration , Spring Security Form based Authentication – Annotations , Spring Security – JDBC Authentication but in this tutorial I will show you how to authenticate users using Spring JDBC UserDetailsService and Spring MVC web application to secure pages….

Spring JDBC Authentication In my previous tutorials, I have shown in-memory authentications Spring Security Form based Authentication – XML Configuration , Spring Security Form based Authentication – Annotations but in this tutorial I will show you how to authenticate user using Spring JDBC and Spring MVC web application to secure pages. I will create spring mvc based web application and I…