跳至主要内容

博文

Build a Reactive application with Angular 5 and Spring Boot 2.0

I have created a post to describe Reactive programming supports in Spring 5 and its subprojects, all codes of this article are updated the latest Spring 5 RELEASE, check spring-reactive-sample under my Github account.
In this post, I will create a simple blog system, including:
A user can sign in and sign out.An authenticated user can create a post.An authenticated user can update a post.Only the user who has ADMIN role can delete a post.All users(including anonymous users) can view post list and post details.An authenticated user can add his comments to a certain post. The backend will be built with the latest Spring 5 reactive stack, including:
Spring Boot 2.0, at the moment the latest version is 2.0.0.M7Spring Data MongoDB supports reactive operations for MongoDBSpring Session adds reactive support for WebSessionSpring Security 5 aligns with Spring 5 reactive stack The frontend is an Angular based SPA and it will be generated by Angular CLI.
The source code is hosted on Github, …
最新博文

Java EE Security API 1.0: SecurityContext

SecurityContext In Java EE 7 or earlier versions, other specfications, such as Servelt, EJB, JAX-RS, JAX-WS, etc. have their own specific APIs to query current security context.
Servlet - HttpServletRequest#getUserPrincipal, HttpServletRequest#isUserInRoleEJB - EJBContext#getCallerPrincipal, EJBContext#isCallerInRoleJAX-WS - WebServiceContext#getUserPrincipal, WebServiceContext#isUserInRoleJAX-RS - SecurityContext#getUserPrincipal, SecurityContext#isUserInRoleJSF - ExternalContext#getUserPrincipal, ExternalContext#isUserInRoleCDI - @Inject PrincipalWebSockets - Session#getUserPrincipal In Java EE 8, you can use the new SecurityContext introduced in Java EE Security 1.0 instead.
A default implementation should be available at runime, you can inject it in CDI beans.
@InjectSecurityContext securityContext; The new SecurityContext provides similiar methods with the one in other specfications.
Principal getCallerPrincipal(); <T extends Principal> Set<T> getPrincipalsByType(Cl…

Java EE Security API 1.0: IdentityStore

There are two built-in IdentityStore implementations provided in Glassfish v5, Database or Ldap.
An example of using built-in @DatabaseIdentityStoreDefinition to setup database based IdentityStore.
@DatabaseIdentityStoreDefinition( dataSourceLookup="${'java:global/MyDS'}", callerQuery="#{'select password from caller where name = ?'}", groupsQuery="select group_name from caller_groups where caller_name = ?", hashAlgorithm=Pbkdf2PasswordHash.class, priorityExpression="#{100}", hashAlgorithmParameters= { "Pbkdf2PasswordHash.Iterations=3072", "${applicationConfig.dyna}" } // just for test / example ) @ApplicationScoped@NamedpublicclassApplicationConfig { publicString[] getDyna() { returnnewString[]{"Pbkdf2PasswordHash.Algorithm=PBKDF2WithHmacSHA512", "Pbkdf2PasswordHash.SaltSizeBytes=64"}; } } Initializes database with the initial u…

Java EE Security API 1.0: HTTP authentication

HTTP authenticationHttpAuthenticationMechanism allow customsize your own HTTP authentication mechanism.
An examples for custom HttpAuthenticationMechanism.
@ApplicationScopedpublicclassTestAuthenticationMechanismimplementsHttpAuthenticationMechanism { @InjectprivateIdentityStoreHandler identityStoreHandler; @OverridepublicAuthenticationStatusvalidateRequest(HttpServletRequestrequest, HttpServletResponseresponse, HttpMessageContexthttpMessageContext) throwsAuthenticationException { finalString name = request.getParameter("name"); finalString pwd = request.getParameter("password"); if (name !=null&& pwd !=null ) { // Get the (caller) name and password from the request// NOTE: This is for the smallest possible example only. In practice// putting the password in a request query parameter is highly// insecurePassword password =newPassword(pwd); // Delegate the {credentials in -> identity data out} …