REST over Https with Client certificate Authentication

Introduction The tutorial, REST over HTTPS with client certificate authentication, will show you how we can use client certificate to handshake with server along with basic authentication for consuming the service. Even you can use header authentication along with client certificate to make more secure. I will create Spring Boot application on Spring REST API and build the application using both maven and gradle build tools. I will show here both server side code and client side code using Spring Boot framework so that server expects client to establish communication…

Continue

Securing REST API: JWT Authentication using Python Flask

Introduction In this post we will see how to secure REST API with JWT authentication using Python Flask. JWT is an acronym for JSON Web Token. In previous example we have seen how to secure REST API using HTTP Basic Authentication which is not recommended for most of the time. Recommended Reading REST API CRUD Example using Python Flask and MySQL REST API CRUD Example using Python Flask and MongoDB

Continue

Securing REST API: Python Flask HTTP Basic Authentication

Introduction We will see an example on how to secure REST API using Python Flask. We will create a Python Flask HTTP Basic Authentication. Most of the web services that require authentication accept HTTP Basic Authentication. This is the simplest one, and request supports it straight out of the box. This HTTP basic authentication is not recommended as it is vulnerable to security threats. Recommended reading Securing Python Flask REST API with JWT

Continue

Gmail SMTP and Security settings for sending email

Introduction Here I am going to show you how to do Gmail SMTP and Security settings for sending email using programming language. You can use any server side technology for sending email using Gmail SMTP server. This example will show you only what configurations you need in order to send email and it does not show any concrete example for sending email. This post will also show you how to reduce the security level in Gmail settings to send email otherwise you will get an error even if you use…

Continue

SOAP over HTTPS with Client Certificate Authentication

Introduction The tutorial, SOAP over HTTPS with client certificate authentication, will show you how we can use client certificate to handshake with server along with basic authentication for consuming the service. We have also seen how to authenticate by sending authentication information over http headers in SOAP web service but here we will use client certificate (jks file) as a security mechanism. Even you can use header authentication along with client certificate to make more secure. I will show here both server side code or service and client side code…

Continue

@PreAuthorize annotation – hasPermission example in Spring Security

Introduction In this tutorial I will show you an example on @PreAuthorize annotation – hasPermission() example in Spring Security. The most useful annotation @PreAuthorize, which decides whether a method can actually be invoked or not based on user’s role and permission. hasRole() method returns true if the current principal has the specified role and hasPermission() method returns true if the current user’s role has the specific permission such as READ, WRITE, UPDATE or DELETE. By default if the supplied role does not start with ROLE_, then it will be added.…

Continue

@PreAuthorize annotation – hasRole example in Spring Security

Introduction In this tutorial I will show you an example on @PreAuthorize annotation – hasRole() example in Spring Security. @PreAuthorize is the most useful annotation that decides whether a method can actually be invoked or not based on user’s role. hasRole() method returns true if the current principal has the specified role. By default if the supplied role does not start with ROLE_ will be added. This can be customized by modifying the defaultRolePrefix on DefaultWebSecurityExpressionHandler. We will authenticate user using in-memory credentials as well as database credentials. We will…

Continue

How Siteminder works

Introduction In this tutorial I will discuss how SiteMinder works. This tutorial will give you technical insights of the working principle of SiteMinder system. The Web Application Firewall may integrate with SiteMinder to provide single sign-On and centralized management of web applications using the predefined security policies. It uniquely identifies a user before he/she is authenticated as named user, and manages user’s privileges to ensure that the user access only authorized applications or operations. In SiteMinder single sign-on (SSO), a user successfully authenticates through one agent and does not need…

Continue

Spring Security Form based Authentication – Annotations

In my previous tutorial, I have shown Spring Security Form based Authentication – XML Configuration but in this tutorial I will show you annotations way to configure Spring Security with Spring MVC web application to secure pages. I will create spring mvc based web application and I will configure Spring Security to protect a page from outside access. Spring Security allows to you to integrate security features with JEE web application easily, it takes care about all incoming HTTP requests via servlet filter, and implements “user defined” security checking. In this…

Continue