Security

The Dangers of Self-Signed Certificates

Self-Signed certificates are free, but not without cost. In this post you'll learn all about the dangers of self-signed certificates.

bdemers

How many times have you started a new job, and the first thing you see on the company intranet is a “Your connection is not private” error message? Maybe you asked around and were directed to a wiki page. Of course, you probably had to click through the security warnings before actually viewing that page. If you are security-minded, this probably bothers you, but because you have a new job to do, you accept the warning and proceed to jump through the hoops of installing the…

bdemers

Security is probably the most important thing for your application, but it doesn’t have to be the hardest thing. Today I’ll show you how to use Shiro’s wildcard permissions to enable fine grained Role-Based Access Control (RBAC) which makes granting user permissions trivial (a single line). This will also make your application’s security policy more flexible, so when your business rules change (and you know they will) your code does not have to. You can read more about RBAC and Roles vs…

bdemers

Welcome to the new Apache Shiro Stormpath integration! This new release features a servlet plugin, plus deeper support for Spring and Spring Boot. Until now, we have only had a basic Apache Shiro realm for Stormpath. While sufficient, this basic realm never granted access to the full suite of Stormpath services. Today, that changed!

bdemers

Last week we released Apache Shiro 1.3, and I shared a tutorial on the new Hazelcast support. Today, I’d like to introduce you to the new EventBus system and show you a couple different ways to use it. Shiro’s EventBus is implemented very similar to Guava’s EventBus, if you are already familiar with that, you already know how to use it.