Tag Archives: security

Fixing PKIX path building issues when using JavaMail and SMTP

Posted on April 29, 2012 by Willie Wheeler

I’m writing this post in support of chapter 8 in my book Spring in Practice, which deals with Spring/JavaMail integration, since it’s not always straightforward to configure an app to use SMTP. The problem Suppose that you’ve configured your JavaMail … Continue reading

Posted in Chapter 08 - Communicating, Troubleshooting | Tagged , , , , , , , | Leave a comment

Quick tip: Spring Security role-based authorization and permissions

Posted on October 27, 2010 by Willie Wheeler

The problem: hardcoded role-based authorization One of the challenges around using Spring Security is that the examples—both in the documentation and on the web—tend to promote an overly-simple approach to role-based authorization, hardcoding roles in the source in a non-configurable … Continue reading

Posted in Chapter 07 - Authorization, Quick Tips | Tagged , , , , | 13 Comments

Spring Security 3 database schemas for MySQL

Posted on July 6, 2010 by Willie Wheeler

In preparation for a DZone Refcard on Spring Security 3 I’m doing, here are the Spring Security database schemas for MySQL. This isn’t intended to be an exhaustive treatment. Rather it’s more a reference for the MySQL dialect version of … Continue reading

Posted in Chapter 06 - Authentication, Chapter 07 - Authorization, Reference | Tagged , , , , | 7 Comments

Hashing and salting passwords with Spring Security 2

Posted on October 11, 2008 by Willie Wheeler

This post was originally written as a recipe for our book Spring in Practice, but we just didn’t have enough room to include it. It’s still (we think, anyway) a great recipe, so we’re making it available here free of … Continue reading

Posted in Chapter 06 - Authentication, Tutorials | Tagged , , , , , | 15 Comments

Storing passwords securely

Posted on August 31, 2008 by Willie Wheeler

When dealing with user account information, there are lots of different security concerns that come up. Some examples include making sure users use strong passwords, preventing automated registrations, helping end users distinguish real sites from phishing sites, transmitting user data … Continue reading

Posted in Chapter 06 - Authentication, Tutorials | Tagged , , , , , | 12 Comments

Setting up public key authentication (PKA) over SSH

Posted on March 19, 2008 by Willie Wheeler

I assume you already know the whys, concepts, and terminology; this is just a statement of the steps involved. I’m using OpenSSH and a DSA key pair. Step 1 Generate a key pair: ssh-keygen -t dsa Generating public/private dsa key … Continue reading

Posted in Quick Tips | Tagged , , , | Leave a comment

How to reCAPTCHA your Java application

Posted on March 13, 2008 by Willie Wheeler

reCAPTCHA is a novel CAPTCHA system developed by the School of Computer Science at my alma mater, Carnegie Mellon University. I won’t explain its coolness here since they do a good job of explaining that coolness themselves. What I will … Continue reading

Posted in Chapter 04 - Web forms, Chapter 08 - Communicating, Tutorials | Tagged , , | 76 Comments

Acegi overview (now Spring Security)

Posted on February 26, 2008 by Willie Wheeler

I wrote this back when Spring Security was called Acegi. Now it’s out of date, but I’m leaving it in the archive. Acegi has been around for a while, but I just recently tried it out and am impressed with … Continue reading

Posted in Chapter 06 - Authentication, Chapter 07 - Authorization, Tutorials | Tagged , , | Leave a comment