Trifork Blog

Posts Tagged ‘springmvc’

Session Timeout and Concurrent Session Control with Spring Security and Spring-MVC

February 28th, 2014 by


A web application me and my team are building recently underwent a security review. As usual, because you haven’t yet had time to put any real effort into it, some security risks did surface. We use Spring Security and Spring-MVC and I will talk about implementing a session timeout and concurrent session control: nice subjects from the trenches.

In general, sessions should be managed as restrictively as possible for your web application. Category number two on OWASP top ten security threats of 2013 is broken authentication and session management. Here you can find some nice examples of the problem never lying with the internet, but with the human mistakes in using it.


Read the rest of this entry »

Combining java and node.js

July 28th, 2011 by

I just wrote a new blogpost about a sample application I have created. The sample is combining a node.js front-end application with a axonframework java based backend. The following image gives you a good idea.


The front end contains a node.js application that uses the http library to obtain and send data a rest based application. Next to that it receives messages using the redis pub/sub mechanism from the the java backend. Using the now.js library these events are pushed by the server to all connected clients. The java backend is build using the springmvc rest capabilities. Commands are send to the Axonframework based business logic. Listeners for the events are registered and messages based on these events are published to the redis pub/sub mechanism.

If this got you interested, head over to my blog post.