Using Spring Boot’s inbuilt OAuth2 Resource Server with security best practices for JWT based authentication

Image by vishnu vijayan from Pixabay

TL;DR

  • More Secure — Use an RSA private key instead of a single secret token (symmetric key) to sign JWTs and RSA public key for signature verification.
  • Convenient — An endpoint (“/login”) to obtain a signed JWT in exchange for valid user credentials.
  • Authorization — Spring Security’s method security can be used since the JWT information is available as Authentication at controller level; Can use “@PreAuthorize”, “@PostAuthorize” annotations with SPEL


A simple guide to generate signed certificates using OpenSSL and import them into a Java Key Store (JKS)

Photo by Lewis Keegan on Unsplash
  1. Generate a new key pair
  2. Generate a CSR (certificate signing request) for the public key certificate
  3. Get the CSR signed by a CA (certificate authority)
  4. Install the signed certificate obtained from CA and the private key in the server

How to setup jenkins with docker-in-docker to build your docker based projects

Jenkins Logo (jenkins.io)
  • Your project is distributed/built as docker image(s) — Has associated Dockerfiles
  • Your project is small — small team / small code base like a pet project, startup
  • You are in need of setting up CI/CD without a lot of complexity like setting up jenkins agents
  • If setting up a jenkins cloud with docker or docker build agent is too much effort

Simply with this approach, you…


A slideshow explaining the internals of containers including LXC, cgroups, namespaces and copy-on-write file systems

source: https://www.docker.com
  • LXC (Linux Containers) — Namespaces and cgroups (control groups)
  • copy-on-write file system — AuFS (Advanced Multi-Layered Unification File system)

Processes executing in a Docker container are isolated from processes running on the host OS or in other Docker containers.

— Nevertheless, all processes are executing in the same kernel

— Containers sandbox processes from each other


A real-time method to analyze time synchronized video feeds obtained from multiple fixed cameras in a monitored environment to generate human movement analytics with respect to ground plane.

A map view of resultant map generated by AugurSense by processing two time synchronized videos from PETS2009 tracking dataset. Paths taken by individuals are shown shown in the map. Circle represents the current location and the small line drawn within the circle represents the head directions


My GSoC 2017 Experience with Apache OODT

What is Apache OODT?

  • A File Manager which is responsible for file management, meta data management…


A glance into AdroitLogic Ultra Studio and UltraESB-X


A comparison between distributed coordination giants etcd3 and Apache Zookeeper


How distributed systems reach consensus


OpenCV’s Deep Neural Networks for gender recognition with JavaCV

What is JavaCV?

Source: http://2.bp.blogspot.com/-9XrSqKZjmZs/ULoiLgFx-5I/AAAAAAAAAPI/yIoJH5TPZf0/s1600/opencv.png

Imesha Sudasingha

Software Engineer | VP @ApacheOODT | Member @TheASF

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store