0 views collected around this technical thread.
This article introduces the core concepts and roles of OAuth 2.0, explains its four grant types, and provides a step‑by‑step Spring Boot implementation with complete configuration classes, dependency setup, and testing procedures for both authorization and resource servers.
This guide explains how to protect a SpringBoot-based e‑commerce project from source leakage by using code obfuscation or the ClassFinal Maven plugin, detailing configuration, startup options, decompilation results, and machine‑binding to ensure the packaged jar runs only on authorized servers.
This guide explains why and how to encrypt sensitive information in Spring Boot configuration files using Spring Cloud's built‑in encryption, Jasypt, command‑line parameters, and demonstrates the underlying implementation classes for secure application deployment.
Fastjson versions up to 1.2.80 contain a deserialization vulnerability that can bypass autoType restrictions, posing significant remote attack risk; users are advised to upgrade to the latest 1.2.83 release, enable safeMode or use the noneautotype builds, and consider migrating to Fastjson 2.0 for enhanced security.
This article breaks down the widely publicized Log4j2 (Log4Shell) flaw, explaining the underlying JNDI and LDAP lookup mechanisms, how malicious payloads are executed through log messages, the massive impact across Java ecosystems, and the steps needed to remediate the issue.
This extensive guide explains Apache Shiro's core concepts, demonstrates how to set up simple authentication, configure various Realm types, apply multi‑realm authentication strategies, encrypt passwords with hashing and salting, implement custom authorization, integrate Shiro with Spring MVC, explore different login methods, use JSP tags for UI control, and enable caching with Ehcache, providing complete code examples throughout.
This article introduces Apache Shiro as a powerful Java security framework, explains its core components such as Subject, SecurityManager, Authenticator, Authorizer, Realm, SessionManager, CacheManager and Cryptography, and provides step‑by‑step integration instructions with Maven, XML configuration, custom realm code, controller logic and JSP tag usage.
This article provides a step‑by‑step tutorial on using Apache Shiro for authentication, authorization, session management and encryption in a Java web project, covering Maven dependencies, custom Realm implementation, Spring XML configuration, servlet filter setup, controller logic, JSP login page, demo screenshots and common pitfalls.