For a long time, Spring Security has provided support to limit the number of sessions a single user can have concurrently. This prevents users from being logged in from many different devices at the same time, for example to ensure that they won’t share their credentials to a paid site with their friends and family. […]
Session Timeout and Concurrent Session Control with Spring Security and Spring-MVC
A web application me and my team are building recently underwent a security review. As usual, because you haven’t yet had time to put any real effort into it, some security risks did surface. We use Spring Security and Spring-MVC and I will talk about implementing a session timeout and concurrent session control: nice subjects […]
Declarative multi-tenant security with Spring Security and Spring-MVC
It’s been a while since our last ‘from the trenches’ entry, and as I’ve found I am better at authoring blogs than convincing colleagues to do the same I figured I’d write you another installment. This time I’d like to focus on an easy yet powerful approach that we used to secure a multi-tenant Spring-MVC […]
Adding user info to log entries in a multi-user app using Mapped Diagnostic Context
Have you ever been in the situation where you were looking at one of your production log files and had a hard time seeing what log entries belonged to what requests? In a multi-user web application many requests are handled in parallel, so without additional context it becomes almost impossible to see how a single […]
Authenticate against a hippo repository using spring security
Within a number of my projects we use Hippo to create a website. Hippo contains a JackRabbit repository that has capabilities for authenticating and authorizing users. Hippo builds on this functionality for its own security model. In most of these projects we create an integration component to store content in the repository from other systems […]
Creating an Android app for your website with Spring Android and REST
As Android is really hot at the moment (and I have an Android phone), I wanted to create an Android app for my website. In this blog post I will explain the changes I had to make on the part of my web application and how I used Spring Android to interact from Android to […]