Tag: Spring

Hello, in all our previous use cases we secured a whole page, but what if we want to secure only a certain element or part ? Consider a scenario where message displayed on admin login and guest login is different, message is a very simple example, you may want to show different menu to admin.…

In the last post, we used StandardPasswordEncoder for encoding our password. In this tutorial we will use BCryptPasswordEncoder for encoding. This provides more security, you can even specify the strength by default it is 10, and in this post we are using the default configuration, we will see the custom configuration in next post. First…

In the last couple of post Spring Security 3.1 Adding Salt to Password using Custom Database and JSF 2.0 Spring Security 3.1 Group-Based Access Control with Custom Database and JSF 2.0 We added salt to our password and implemented Group-Based Access Control. But our salt was dependent on the username, which is not a very good thing…

In all our previous tutorials, access was given to users directly, which is hardly implemented in real world applications. Most of the security or permissioning system uses “Group-Based Access Control” system including Microsoft Active Directory, LDAP etc. “Group-Based Access Control” means access is given to a group and members of a given group will inherit…

In the last post we successfully secured our password, but there is a problem with that approach. Consider a scenario where two users have same password, our hashing mechanism can lead both password to be hashed with the same value, thus resulting in a security hole. It is now normal to use salt while hashing…

We have already seen how to use Spring Security and custom database for authentication in earlier post. But that implementation is saving password as plaintext, which is not an option at all. Both our user admin and guest are essential for application to run, in a usual scenario when an application is deployed, setting up…

In the last tutorial we used default database configuration required by Spring Security and we moved out of hard coded user credentials. But there is every possibility that their is already a existing database for user management and we cannot create new tables as required by Spring Security default behavior. This can be achieved very…

We will add on to our last remember me tutorial. In this tutorial instead of hard coded username, password we will add JDBC default support provided by Spring. First we will update jsfspring-sec-bean-config.xml and add datasource property. In this tutorial we will use MySQL. jsfspring-sec-bean-config.xml [sourcecode language=”xml”] <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance&quot; xmlns:beans="http://www.springframework.org/schema/beans&quot; xmlns:sec="http://www.springframework.org/schema/security&quot; xsi:schemaLocation="…