security

How to test Keycloak authentication in Spring Boot application?

拈花ヽ惹草 提交于 2020-07-05 10:38:08
问题 In a Spring Boot project we enabled Spring Security and applied Keycloak authentication with bearer token like described in the following articles: https://www.keycloak.org/docs/3.2/securing_apps/topics/oidc/java/spring-security-adapter.html https://www.keycloak.org/docs/3.2/securing_apps/topics

How to secure own backend API which serves only my frontend?

情到浓时终转凉″ 提交于 2020-07-05 02:52:11
问题 I'm setting up a webapp with a frontend and a backend that communicates with the frontend soley through RESTful methods. How do I make sure that the backend endpoints are only accessed by my own frontend, and not anyone else? I cannot find much information on this. 回答1: How do I make sure that

Is it possible to predict future 2FA values given older values with timestamps?

百般思念 提交于 2020-07-03 10:01:14
问题 Is it safe to share 2FA codes? I'm talking about TOTP like Google Authenticator or Authy . For example, if i have code and generation time, is it possible to predict new codes? What if i have more than 1 pair of code+time? I think it's possible to predict new codes based on old information (code

adding httponly and secure flag for set cookie in java web application

允我心安 提交于 2020-06-28 14:40:30
问题 I want to add the httponly and secure flags for Cookies. To implement it, I am using Filters which are configured in web.xml . The code for adding flags is as below: package com.crisil.dbconn; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax

adding httponly and secure flag for set cookie in java web application

我只是一个虾纸丫 提交于 2020-06-28 14:33:20
问题 I want to add the httponly and secure flags for Cookies. To implement it, I am using Filters which are configured in web.xml . The code for adding flags is as below: package com.crisil.dbconn; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax