Security

[100 Days of Code] Day 053: June 4, 2017

Today’s Progress: Implemented integration-tests for OAuth 2 token retrieval. Things I’ve learned: Learned many details about the different OAuth 2 grant_types and flows. This demonstrates how much you can learn when implementing tests ;) Things I’ve planned for tomorrow: Cleanup the tests and maybe implement some more API endpoints. Link(s) to work: security-server

[100 Days of Code] Day 052: June 3, 2017

Today’s Progress: F-I-N-A-L-L-Y got OAuth 2 and session/UI based authorization with Spring Security working. Things I’ve learned: A lot about Spring Security filters, and security configuration. Things I’ve planned for tomorrow: Improve the api of the server by adding some more features. Link(s) to work: security-server

[100 Days of Code] Day 051: June 3, 2017

By looking deeper into the inner mechanics of Spring Security and OAuth2 I started to get an idea where my problem arises. Basically I’m trying to combine a REST resource secured by an OAuth 2 generated token (implicit grant type) and a “general” web page protected by a login form and session based authentication mechanism. It seems as if all filters that are needed for the different authentication methods require a very special filter combination.
Read more

[100 Days of Code] Day 050: June 1, 2017

Today’s Progress: Another day struggling with OAuth 2 and Spring. Things I’ve learned: Nothing new. Things I’ve planned for tomorrow: I will start over tomorrow. Link(s) to work: Nothing to show

[100 Days of Code] Day 049: May 31, 2017

Today’s Progress: Improved security configuration but still not where I want to be. Things I’ve learned: Spring Security (again). I’m sure there is just one tiny pice missing. Things I’ve planned for tomorrow: Continue working on the authentication. Link(s) to work: security-server

[100 Days of Code] Day 048: May 30, 2017

Today’s Progress: Continued on getting a form based login in the authorization server to work. Obviously I didn’t yet quiet understand the form based login mechanism in Spring. So I will concentrate on that tomorrow. Things I’ve learned: Nothing final yet Things I’ve planned for tomorrow: Invest more time in looking at the form based login mechanism in Spring Security. Link(s) to work: No visible work for today

[100 Days of Code] Day 047: May 29, 2017

Today’s Progress: Continued separating the authentication and user management services from each other. Things I’ve learned: Setting up a Spring Boot project became quite fast for me ;) Things I’ve planned for tomorrow: Implement a simple login form for the auth server. Link(s) to work: security-server

[100 Days of Code] Day 046: May 28, 2017

Security Server While I’ve been tinkering around with Spring Security and all the nice things it offers I became very interested in this domain. Also I know there are a lot of good ready-to-use servers and services out there I wanted to have a field to experiment with the thing that Spring offers. I decided to start this project as an independent server which offers SSO authorization and user management for the other services and clients I plan to build.
Read more