With one of the previous blog posts, we configured a Thymeleaf Spring Boot application for an OAuth 2 Login with Spring Security and AWS Cognito. While this article focussed on the setup and login mechanism, the logout functionality was only half-way implemented. Our end-users are still logged in at the identity provider. Let’s adjust the
Thymeleaf OAuth2 Login with Spring Security and AWS Cognito
Securing your frontend application with a login and managing a user pool is something you can either write for yourself or use an external identity provider for. If you want to move fast with your prototype you usually pick the second option and search for an OpenID Connect (OIDC) and OAuth2 compliant identity provider. AWS
Spring WebClient OAuth2 Integration for Spring Web (Servlet)
In one of my previous blog posts, I gave an example of how to configure the Spring WebClient for OAuth2 using Spring WebFlux. As most of the applications today are using Spring Web (Tomcat) and are not fully reactive, I also want to provide an example for this setup. In most cases, you just add
Spring WebClient OAuth2 Integration for Spring WebFlux
With OAuth2 being the current de-facto authorization framework, a lot of vendors use it to secure their APIs. Furthermore, you can use OAuth2 to enable social logins (e.g. Google or Facebook) and don’t need your own user management. As the WebClient from Spring WebFlux is the preferred client for Spring applications, I want to provide
MicroProfile JWT Authentication with Keycloak and React
For securing your enterprise applications you have several choices that require different configuration setups. Lately, the stateless approach is the de-facto standard for securing your microservice-based landscape. With the choice, your applications don’t store session data. The client mostly sends a JWT token with each request and thus the applications access metadata like groups and
JAX-RS user-based rate-limiting with JSR-375
Recently I had the requirement for rate-limiting access to specific JAX-RS endpoints and to keep track of the user’s current amount of API calls. To solve this problem I asked Adam Bien (@AdamBien) in his monthly Airhacks Q&A about this requirement and he gave me a hint for a possible solution while using the ContainerRequestFilter interface
