Spring Security
Bouncy Castle
Our great sponsors
Spring Security | Bouncy Castle | |
---|---|---|
10 | 9 | |
8,406 | 2,154 | |
1.6% | 1.9% | |
9.9 | 9.5 | |
7 days ago | 5 days ago | |
Java | Java | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Spring Security
-
Spring Security private_key_jwt with AWS KMS
Spring security has long had great OAuth2.0 support from both the server and client elements. Recently spring security added support for the private_key_jwt client authentication method as part of the authorization code grant flow. Spring Security GitHub ref
- Issue since upgrading to Spring Boot 3 - 2: cannot access H2-console
-
Spring with java vs Spring with kotlin
To be fair there were quite some unexpected surprises in the past with Spring and Kotlin (e.g. the Cachable annotation did not work with suspend functions, not all Spring security annotations were supported with coroutines), but most of them were ironed out already.
-
Spring Security WebSecurityConfigurerAdapter deprecated
They recently updated all the examples in the javadocs if you wanna bump your Spring Security version to 5.7.3 (see here). Otherwise the reference docs all reflect the non-deprecated approach that uses SecurityFilterChain and supporting beans.
-
🎀 Spring Boot 2.7.0 Released
Spring Security 5.7
-
Spring Security without the WebSecurityConfigurerAdapter
Since Spring Security 5.7.0-M2 the use of WebSecurityConfigurerAdapter was deprecated (link to GitHub - https://github.com/spring-projects/spring-security/issues/10822) to move to component-based security configuration.
-
Spring Reactive Oauth2 Webclient not using configured proxy
When i start the flow, no proxy is used and even the WebClient is not used to get access token. And i get a timeout exception for that. The same issue was discussed in Github: https://github.com/spring-projects/spring-security/issues/8966
-
How to ignore Url from Once per request filter
You can extract (and validate) the JWT token into the Principal by implementing the getPreAuthenticatedPrincipal method, and map the claims to user details by providing through a custom implementation of AuthenticationUserDetailsService.
-
Dynamically updating user roles.
Or, maybe simpler, is to create your own filter and add it after the SecurityContextPersistenceFilter. Here, just recreate the authentication token from the database, which is what token based authentication does (token based authentication has to preauthenticated authentication from the token for the actual user authentication with the user details).
Bouncy Castle
-
Show HN: filippo.io/mlkem768 – Post-Quantum Cryptography for the Go Ecosystem
Note that there may be incompatibilities until NIST has published the final revisions. Some specifications are on Round 3 kyber, others are on FIPS 203.
This one will interoperate with Bouncy Castle as we both use FIPS 203 draft, but won't interoperate with OQS that is still on the Round 3 submission.
See also: https://github.com/bcgit/bc-java/issues/1578
-
Java implementation of a quantum computing resistant cryptographic algorithm
The readme mentions a dependency on Bouncy Castle - note that BC already contains several Java-based PQC signature schemes, see https://doc.primekey.com/bouncycastle/interoperability#Inter... and https://github.com/bcgit/bc-java
-
Help with BouncyCastle OpenPGP (Java)
The best official resources are probably the example classes in the bouncycastle repository. They give you a rough idea for how to use the API, although they are a bit minimal unfortunately. You can probably apply a lot of domain knowledge (what algorithms are good/bad) from openpgpjs too, although you'd have to find out how the respective method calls are called on the BC side.
-
Bouncy Castle VS pgpainless - a user suggested alternative
2 projects | 12 Aug 2022
- Any good open-source Java encryption API
-
How can i use the sha256sum tool of my linux-based OS to encript strings?
Why? Bouncy Castle has all you need.
-
Non Spring users what are you using ??
Cryptography? Use Java Cryptography Extensions and Java Secure Socket Extensions with Bouncy Castle
- Java - Bouncy castle - OpenPGP
-
Dozens sue Amazon's Ring after camera hack leads to threats and racial slurs
Recently there was a constant time enhancement in bouncy castle that added a comparison using indexOf instead of charAt. Fairly easy to overlook, although glaring in hindsight, if there are no negative tests covering the functionality.
What are some alternatives?
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
Apache Shiro - Apache Shiro
Nimbus JOSE+JWT - JSON Web Token (JWT) implementation for Java with support for signatures (JWS), encryption (JWE) and web keys (JWK).
jCasbin - An authorization library that supports access control models like ACL, RBAC, ABAC in Java
jjwt - Java JWT: JSON Web Token for Java and Android
Google Keyczar - Easy-to-use crypto toolkit
pac4j - Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Cryptomator - Multi-platform transparent client-side encryption of your files in the cloud