Build a Secure Java Application with Apache Shiro and OAuth 2.0

This tutorial will show you how to build a secure Java application with Apache Shiro and OAuth 2.0.


Apache Shiro is a Java security framework that can perform authentication, authorization, session management, along with a host of other features for building secure applications. In this tutorial, you will build a simple Java REST application using JAX-RS. JAX-RS, like many Java APIs, is a set of interfaces, and you will need to pick an implementation

A Developer Guide to Reporting Vulnerabilities

This post explains how to report a vulnerability and why it's important to do so responsibly.


Many of us are not familiar with vulnerability reporting and how it is different from reporting a regular bug. Frequently, I’ve seen people report vulnerabilities or potential security issues incorrectly. A public bug tracker or Stack Overflow is NOT the right tool; developers need to handle vulnerabilities differently and should not disclose them until the project/vendor fixes them.

Create and Verify PASETO Tokens in Java

Tutorial: Learn how to create and parse PASETO tokens in Java with JPaseto.


PASETO is the latest trend in security token formats. Its primary goal is to reduce the problems the JSON Web Token (JWT) related specifications introduce. In this post, I’ll give you a brief introduction to PASETO tokens and then jump into an example that creates and parses tokens using in Java using JPaseto.

Five Tools to Improve Your Java Code

Five great tools to reduce bugs and make your Java code more secure!


Writing quality code takes practice. To write better code, you need to know what should improve. Code quality and what makes code easy to read are very subjective; ask five different developers, you will get six different answers. For this post, I’ll avoid most of the subjective and focus on ways to detect real issues and potential bugs.

Watch GraalVM Turn Your Java Into Binaries

Tutorial: Learn how to build native binaries from a Java application with GraalVM's native-image tool.


There has been much buzz about GraalVM and what it means for the Java world. GraalVM is a Java distribution from Oracle that adds a bunch of features, most notably a new JIT compiler, polyglot capabilities, an LLVM runtime… and the ability to turn your Java application into a native binary.