Migrate From Travis CI to GitHub Actions

This post walks through migrating a build from Travis CI to GitHub Actions.

bdemers

Recently, a colleague pointed out that I was still configuring Travis-CI on new GitHub repos and suggested I used GitHub Actions instead. I had given Actions the ol’ five-minute test when it was still in beta, but ran into a few problems and gave up. After all, I’ve been a fan of Travis-CI for a while and I had enough new things to learn at the time.

Build a Secure Java Application with Apache Shiro and OAuth 2.0

This tutorial will show you how to build a secure Java application with Apache Shiro and OAuth 2.0.

bdemers

Apache Shiro is a Java security framework that can perform authentication, authorization, session management, along with a host of other features for building secure applications. In this tutorial, you will build a simple Java REST application using JAX-RS. JAX-RS, like many Java APIs, is a set of interfaces, and you will need to pick an implementation

OpenID Connect Logout Options with Spring Boot

This tutorial demonstrates the logout options you have when developing Spring applications and helps you pick the right one for you!

bdemers

On the Okta blog, we spend much of our time talking about logging in. That is because once you configure your application to log in, the log out just works. But there are a few things you should consider when you’re thinking about your app’s logout configuration. In this post, I’ll walk through examples of the two logout options you have with Spring Security: the “default” session clearing logout, and relying party initiated logout.

A Developer Guide to Reporting Vulnerabilities

This post explains how to report a vulnerability and why it's important to do so responsibly.

bdemers

Many of us are not familiar with vulnerability reporting and how it is different from reporting a regular bug. Frequently, I’ve seen people report vulnerabilities or potential security issues incorrectly. A public bug tracker or Stack Overflow is NOT the right tool; developers need to handle vulnerabilities differently and should not disclose them until the project/vendor fixes them.

Create and Verify PASETO Tokens in Java

Tutorial: Learn how to create and parse PASETO tokens in Java with JPaseto.

bdemers

PASETO is the latest trend in security token formats. Its primary goal is to reduce the problems the JSON Web Token (JWT) related specifications introduce. In this post, I’ll give you a brief introduction to PASETO tokens and then jump into an example that creates and parses tokens using in Java using JPaseto.