OAuth 2.0 Webapp Flow Overview

In my last few blogs I’ve been talking about accessing Software as a Service (SaaS) providers such as Facebook and…

Read More »

Anti cross-site scripting (XSS) filter for Java web apps

Here is a good and simple anti cross-site scripting (XSS) filter written for Java web applications. What it basically does…

Read More »

JBoss AS 7: Custom Login Modules

JBoss AS 7 is neat but the documentation is still quite lacking (and error messages not as useful as they…

Read More »

Servlet Basic Auth in an OSGi environment

You will first need to get a reference to the OSGI HTTP Service. You can do this through a declarative…

Read More »

Preventing CSRF in Java web apps

Cross-site request forgery attacks (CSRF) are very common in web applications and can cause significant harm if allowed. If you…

Read More »

Google Services Authentication in App Engine, Part 2

In the first part of the tutorial I described how to use OAuth for access/authentication for Google’s API services. Unfortunately, as…

Read More »

Google Services Authentication in App Engine, Part 1

This post will illustrate how to build a simple Google App Engine (GAE) Java application that authenticates against Google as…

Read More »

Where do Security Requirements come from?

One of the problems in building a secure application is that it’s not always clear what the security requirements are…

Read More »

Key Exchange Patterns with Web Services Security

When we have message level security with web services – how we achieve integrity and confidentiality is through keys. Keys…

Read More »