Integrating ROSA Applications with AWS Services (CS221)

In today's rapidly evolving cloud-native landscape, enterprises are looking for scalable, secure, and fully managed Kubernetes solutions that work seamlessly with existing cloud infrastructure. Red Hat OpenShift Service on AWS (ROSA) meets that demand by combining the power of Red Hat OpenShift with the scalability and flexibility of Amazon Web Services (AWS).

In this blog post, we’ll explore how you can integrate ROSA-based applications with key AWS services, unlocking a powerful hybrid architecture that enhances your applications' capabilities.

📌 What is ROSA?

ROSA (Red Hat OpenShift Service on AWS) is a managed OpenShift offering jointly developed and supported by Red Hat and AWS. It allows you to run containerized applications using OpenShift while taking full advantage of AWS services such as storage, databases, analytics, and identity management.

🔗 Why Integrate ROSA with AWS Services?

Integrating ROSA with native AWS services enables:

Seamless access to AWS resources (like RDS, S3, DynamoDB)

Improved scalability and availability

Cost-effective hybrid application architecture

Enhanced observability and monitoring

Secure IAM-based access control using AWS IAM Roles for Service Accounts (IRSA)

🛠️ Key Integration Scenarios

1. Storage Integration with Amazon S3 and EFS

Applications deployed on ROSA can use AWS storage services for persistent and object storage needs.

Use Case: A web app storing images to S3.

How: Use OpenShift’s CSI drivers to mount EFS or access S3 through SDKs or CLI.

yaml

Copy

Edit

apiVersion: v1

kind: PersistentVolumeClaim

metadata:

  name: efs-pvc

spec:

  accessModes:

    - ReadWriteMany

  storageClassName: efs-sc

  resources:

    requests:

      storage: 5Gi

2. Database Integration with Amazon RDS

You can offload your relational database requirements to managed RDS instances.

Use Case: Deploying a Spring Boot app with PostgreSQL on RDS.

How: Store DB credentials in Kubernetes secrets and use RDS endpoint in your app’s config.

env

Copy

Edit

SPRING_DATASOURCE_URL=jdbc:postgresql://<rds-endpoint>:5432/mydb

3. Authentication with AWS IAM + OIDC

ROSA supports IAM Roles for Service Accounts (IRSA), enabling fine-grained permissions for workloads.

Use Case: Granting a pod access to a specific S3 bucket.

How:

Create an IAM role with S3 access

Associate it with a Kubernetes service account

Use OIDC to federate access

4. Observability with Amazon CloudWatch and Prometheus

Monitor your workloads using Amazon CloudWatch Container Insights or integrate Prometheus and Grafana on ROSA for deeper insights.

Use Case: Track application metrics and logs in a single AWS dashboard.

How: Forward logs from OpenShift to CloudWatch using Fluent Bit.

5. Serverless Integration with AWS Lambda

Bridge your ROSA applications with AWS Lambda for event-driven workloads.

Use Case: Triggering a Lambda function on file upload to S3.

How: Use EventBridge or S3 event notifications with your ROSA app triggering the workflow.

🔒 Security Best Practices

Use IAM Roles for Service Accounts (IRSA) to avoid hardcoding credentials.

Use AWS Secrets Manager or OpenShift Vault integration for managing secrets securely.

Enable VPC PrivateLink to keep traffic within AWS private network boundaries.

🚀 Getting Started

To start integrating your ROSA applications with AWS:

 Deploy your ROSA cluster using the AWS Management Console or CLI

 Set up AWS CLI & IAM permissions

 Enable the AWS services needed (e.g., RDS, S3, Lambda)

 Create Kubernetes Secrets and ConfigMaps for service integration

 Use ServiceAccounts, RBAC, and IRSA for secure access

🎯 Final Thoughts

ROSA is not just about running Kubernetes on AWS—it's about unlocking the true hybrid cloud potential by integrating with a rich ecosystem of AWS services. Whether you're building microservices, data pipelines, or enterprise-grade applications, ROSA + AWS gives you the tools to scale confidently, operate securely, and innovate rapidly.

If you're interested in hands-on workshops, consulting, or ROSA enablement for your team, feel free to reach out to HawkStack Technologies – your trusted Red Hat and AWS integration partner.

💬 Let's Talk!

Have you tried ROSA yet? What AWS services are you integrating with your OpenShift workloads? Share your experience or questions in the comments!

For more details www.hawkstack.com 

Mastering Full Stack Development: A Comprehensive Guide to Becoming a Web Developer

Certainly! I'm excited to embark on the full-stack development journey with you. Over time, my expertise in this field has significantly grown. Selenium is now widely acknowledged and extensively employed across various industries. Take your Full-Stack Developer career to the next level by enrolling in a top-tier institution in Chennai, like ACTE Technologies.

Becoming a proficient full-stack web developer involves mastering both front-end and back-end technologies.

Follow These General Steps To Embark On Your Journey:

1. Learn the Basics of Web Development:

Start with fundamental web technologies: HTML for structure, CSS for styling, and JavaScript for interactivity. Grasp the essentials of how browsers render web pages and the fundamentals of client-server communication.

2. Front-End Development:

Dive deeper into front-end technologies by mastering a framework like React, Angular, or Vue.js for creating dynamic and responsive user interfaces.

3. Version Control System:

Familiarize yourself with version control systems, especially Git, to effectively manage and track changes in your codebase.

4. Command Line and Unix:

Acquire proficiency in basic command line usage and Unix commands, crucial for streamlined development workflows.

5. Back-End Language:

Choose a back-end programming language from options like JavaScript (Node.js), Python (Django, Flask), Ruby (Ruby on Rails), Java (Spring), or PHP (Laravel).

6. Back-End Framework:

Learn a back-end framework associated with your chosen language, such as Express.js, Django, Ruby on Rails, Spring Boot, or Laravel.

7. Database Knowledge:

Gain expertise in databases, encompassing both relational databases (e.g., PostgreSQL, MySQL) and NoSQL databases (e.g., MongoDB).

8. APIs (RESTful and GraphQL):

Understand the design, construction, and consumption of APIs. Familiarize yourself with both RESTful APIs and explore GraphQL.

9. Server Deployment and Cloud Services:

Learn to deploy applications to servers and utilize cloud services like AWS, Azure, or Google Cloud Platform.

10. Web Application Architecture:

Grasp common web application architectures, including client-server models, MVC/MVVM patterns, and the principles of microservices.

11. Testing and Debugging:

Master testing techniques and employ debugging tools to ensure the reliability and functionality of your applications.

12. Containerization and Orchestration:

Acquaint yourself with containerization using Docker and container orchestration using tools like Kubernetes.

13. Build Tools and Package Managers:

Familiarize yourself with build tools (e.g., Webpack) and package managers (e.g., npm, yarn) to streamline the development process.

14. Web Security Practices:

Understand best practices for web development security, covering aspects like authentication, authorization, and secure coding practices.

15. Continuous Integration/Continuous Deployment (CI/CD):

Implement CI/CD pipelines to automate testing and deployment processes.

Remember, continuous learning is pivotal in the rapidly evolving field of web development. Your choice of specific technologies should align with your interests, industry trends, and project requirements.

Certainly! If you’re contemplating the pursuit of a Full-Stack Developer course in Chennai, I highly recommend exploring esteemed institutions such as ACTE Technologies. They offer comprehensive certification programs and opportunities for job placement, guided by experienced instructors to enrich your learning journey. These resources are accessible both online and in person. Opting for a gradual, step-by-step course enrollment can prove to be a prudent decision if it aligns with your interests.

I trust this adequately addresses your inquiry. For further questions or clarification, feel free to ask in the comments section.

If you’ve found this information beneficial, I encourage you to follow me on this platform and give it an upvote to foster more discussions and insights about Full-Stack Development. Your time and engagement are genuinely appreciated, and I wish you a wonderful day ahead.

Spring Boot Application Development Company Helps You Create Very Useful and Dynamic Apps

If you are not familiar with software development, then you may want to hire a spring boot development company. A reputable and experienced spring development company will offer a variety of benefits for your business, which may be well worth considering. These advantages include: Professionalism. When hiring a spring developmental company, you need to carefully consider how they will behave in a professional business setting. You want them to provide honest answers and to provide you with a clear and well-defined contract. You also want them to offer the highest quality work so that you do not have to change your mind after the project is complete.

Reliability. Any project needs the necessary tools to perform well and a spring based development company has all of the skilled developers it needs. In addition to having the most talented and experienced developers on board, they have access to the latest development tools and technology to ensure that your web-application development services are performed quickly and flawlessly. A reliable spring-based development company has developed its own in-house platform so that any new or upcoming version of the technologies can be quickly deployed to users across the globe.

Ease of use. A Java application is very straight-forward to use which makes it ideal for most new or small businesses. Spring-based web application development services includes a large number of simple, easy to use, Java frameworks such as: Bean, Apache, Sun Java Beans, Struts, JSP and Thrash which make working with a java application very straightforward and easy.

Security. Your application's database and user interface security can be easily provided by any Java servlet development framework. Many organizations now have full-fledged security measures in place after detecting high level of risk which comes from the combination of unsecured web applications and weakly secured interfaces. A reliable spring boot development company will thoroughly test your application to make sure that you do not fall into the same trap.

Easy to use and quick to develop. Working with a Java servlet development company means that your first project will be extremely straight forward, with your specific business requirements being the only point of discussion. The best developers will always have your business requirements before any other point during the project. Once the basic requirements have been covered, they will start working on your specific requirements. They will use the tools at their disposal to design a robust and secure application which can be customized according to your specific business requirements. This ensures that a large number of small steps are taken every time your application is developed.

Flexibility. You can get an efficient and highly scalable team to work on your project, without having to leave the comfort of your office or home. You can give them access to all the resources and information about the project including feedback and bug reports. There is a lot of support provided to the developers as well as the client during the entire project process. Spring framework provides a large number of components such as routers, XML resources, XML validators, servlets, authentication, extensions and a lot more. All these features make it easy for the developers to create custom and fully functional Java applications.

Simplicity and ease of use. This is one of the most important aspects of hiring a reliable and expert spring based app development company. Your requirements for developing your applications will be entirely defined by the professionals, so you can get rid of a lot of things you don't need and simplify the whole development process to a great extent. The programmers use very simple language, which makes the usage of the java language very easy.

Many companies across the globe are using java development technology and are providing their services at extremely reasonable costs. Some of the companies have been around for many years and provide their customers with the best services. If you are looking for an affordable and reliable service then you can easily hire any one of the experienced professionals and get your required work done in a timely manner. You should always try to choose a company which has a lot of experience in Java development and has a lot of updated tools for making your Java apps productive and effective.

Spring boot security custom login page example

If you are here, means you know how to configure spring boot security in an application. Spring security provides a default login form shown below as a part of its auto-configuration.

But many times you don't need want to go with default login page, probably custom design is the primary requirement or the application might have a login form and you want to reuse it. This article will explain how to display a custom login page with spring boot security. Creating a custom configuration In Spring boot security, if you want to deviate from any of its auto configuration, then you have to define a class which 1. extends WebSecurityConfigurerAdapter, and 2. has @EnableWebSecurity annotation applied to it. When you write a class with above 2 attributes, you are telling Spring security that I will not be using default security configuration but customizing it according to my requirements. Configuring custom login page By providing a custom configuration security class, you can override methods provided by Spring security. One of these methods is protected void configure(HttpSecurity http) throws Exception { } If you do not override this method, then default implementation is http. authorizeRequests(). anyRequest(). authenticated(). and(). formLogin(). and(). httpBasic(); which says authenticate all requests based on a form login. It is after formLogin() method that we will be instructing Spring security to display our own login form as shown highlighted below. package com.codippa.security; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http. authorizeRequests(). anyRequest(). authenticated(). and(). formLogin(). loginPage("/login"). permitAll(); } } Above code tells Spring security to invoke "/login" URL before displaying login form. It is not mandatory for the URL to be "/login", could be anything. In the above code, 1. authorizeRequests() : Tells Spring security to check for authentication of requests. This method is required for calling all other subsequent methods. 2. anyRequest().authenticate() : Asks Spring security to authenticate every request and allow only authenticated requests to pass through. 3. permitAll() after loginPage("/login") instructs Spring security to allow all users(even unauthenticated), access to this URL. In the absence of permitAll(), you will not be able to see login page. We also need to provide a mapping for this URL in our application in a controller class as given below. package com.codippa.controller; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.PostMapping; @Controller public class AppController { @GetMapping("/login") public String login() { return "login"; } } When Spring calls this URL, it returns a String. Now it searches for the appropriate view matching this String as per the view technology configured. This example uses Thymeleaf. If you are not familiar with Spring boot and Thymeleaf integration, refer this article. Thymeleaf uses html templates so the String returned from controller method mapped to "/login" URL refers to a template called login.html template. This template can be placed in src/main/resources/templates folder which is the default template location for Spring boot or you can change thymeleaf template location as required. It will pick up from there. Template code for login page is given below.

Please Login!

Please Login Username Password Log in Note the th:action attribute, this is Thymeleaf specific. This form when submitted will invoke a URL "/authenticate" so we also need to create a method mapped to this URL in our controller as shown below. @PostMapping("/authenticate") public String authenticate() { return "welcome"; } This method will only be called when you enter correct username and password. You can write your own authentication logic inside authenticate method. But if you write nothing, then this username and password will be authenticated by Spring. Now the question arises, what is the username and password. There are multiple ways to create a username and password in Spring boot security. For now, add below entries in application.properties file regarding username and password. Read the full article

Localization of Spring Security Error Messages in Spring Boot

Spring Security is a framework for easily adding state-of-the-art authentication and authorization to Spring applications. When used in conjuction with Spring Boot, adding basic authentication to a web application is straightforward. Although Spring Boot will take care of configuring Spring Security, localization of Springs Security’s error messages is not autoconfigured. In this blog post I will show how to add localization to Spring Security and show some pitfalls while doing so.

Example

I’ve implemented a very simple application with basic authentication as an example for this blog post. The application has a @RestController handling GET requests to /hello, which returns a “Hello World” message. Furthermore I’ve configured Spring Security with basic authentication and set up an in-memory user with user name “user” and password “password”. All code can be found at GitHub.

When I start the application and try to access the hello resource without authentication, I get:

$> curl -i http://localhost:8080/hello HTTP/1.1 401 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: DENY Set-Cookie: JSESSIONID=3E1B7F48E35AC7FEF0A5A66CEAF843D5; Path=/; HttpOnly WWW-Authenticate: Basic realm="Realm" Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Date: Tue, 22 Aug 2017 06:00:37 GMT { "timestamp":1503381637553, "status":401, "error":"Unauthorized", "message":"Full authentication is required to access this resource", "path":"/hello" }

Trying to access the resource with wrong credentials also yields an error (headers omitted this time):

$> curl -u user:wrongPassword http://localhost:8080/hello { "timestamp":1503381723115, "status":401, "error":"Unauthorized", "message":"Bad credentials", "path":"/hello" }

Only if I provide correct authentication, I can access the resource:

$> curl -u user:password http://localhost:8080/hello { "message": "Hello World!" }

As you can see, the error messages returned are all in Englisch. Since I’m developing software for German customers, I sometimes want my application to return German error messages. Let’s see how we can achieve that.

Loading Messages

Localization in Spring relies heavily on the MessageSource facilities. A MessageSource is an abstraction over how to access messages for an application with support for parameterization and localization of those messages. A common way to define a MessageSource is to use a ResourceBundleMessageSource or a ReloadableResourceBundleMessageSource both resolving messages using Java resource bundles. To sum this up: If we want localized Spring Security error messages, we need to provide a message source, which loads the resource bundles defining Spring Security’s error messages.

The Spring Security documentation only describes how to do this with XML configuration. Since we’re writing a Spring Boot application, we want to configure everything using Java config:

@Bean public MessageSource messageSource() { ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource(); messageSource.addBasenames("classpath:org/springframework/security/messages"); return messageSource; }

It is important to call the @Bean method “messageSource”. This will replace the existing message source with ID “messageSource” in the application context bootstrapped by Spring Boot, thereby using it throughout the application. If we don’t replace the existing message source and instead configure a new one (for example by calling my @Bean method “myMessageSource”), the configured messages will not be used.

After adding Spring Security’s error messages to my message source, I can retry my request:

$> curl -u user:wrongPassword http://localhost:8080 { "timestamp":1503383024741, "status":401, "error":"Unauthorized", "message":"Ungültige Anmeldedaten", "path":"/hello" }

We’ve loaded the Spring Security error messages and the German message is now returned. Great!

Setting a default Locale

Well, almost great, but not completely. The problem is that now the server’s locale decides which language will be returned. This is because a MessageSource always needs a Locale parameter to resolve a message. If none can be found, Spring falls back to Locale.getDefault(). I have two problems with this:

You never know how the system locale will be set in your production environment running docker containers on Kubernetes in AWS. My guess is that it will be English, but I won’t count on it.

Far more people speak English than German.

For this reasons it’s better to use English as default language and let the client decide which language it can accept. The former can be configured by setting the default Locale, preferably in the messageSource method:

@Bean public MessageSource messageSource() { Locale.setDefault(Locale.ENGLISH); ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource(); messageSource.addBasenames("classpath:org/springframework/security/messages"); return messageSource; }

The latter is achieved by setting the Accept-Language header in the client. This changes the request to:

$> curl -u user:wrongPassword http://localhost:8080 { "timestamp":1503381723115, "status":401, "error":"Unauthorized", "message":"Bad credentials", "path":"/hello" } $> curl -u user:wrongPassword -H 'Accept-Language: de-DE' http://localhost:8080/hello { "timestamp":1503383940064, "status":401, "error":"Unauthorized", "message":"Ungültige Anmeldedaten", "path":"/hello" }

There are a lot of languages already shipped with Spring Security. If yours is missing or if you want to change some translations, you can easily do this by following these steps:

copy the english message.properties file from Spring Security to your project.

translate or change the messages you’re interested in.

In your messageSource method, add the new properties file to your message source.

Shortcomings

Remember that we also tried to access the hello resource without any authentication in our first example? Let’s try that again using the Accept-Language header:

$> curl -H 'Accept-Language: de-DE' http://localhost:8080/hello { "timestamp":1503383125672, "status":401, "error":"Unauthorized", "message":"Full authentication is required to access this resource", "path":"/hello" }

Sad but true, this is a shortcoming of Spring Security’s localization. The reason is that the “Bad credentials” message is returned by AbstractUserDetailsAuthenticationProvider from spring-security-core, while the “Full authentication required” message is returned by ExceptionTranslationFilter from spring-security-web. spring-security-core ships with message bundles, and therefore can be localized using a MessageSource. The error messages in ExceptionTranslationFilter are hard coded with no way of using a MessageSource for localization. I think this should be configurable using resource bundles the same way as it is for the messages from spring-security-core. For this reason I created a pull request for Spring Security that will hopefully be merged soon.

Conclusion

By loading Spring Security message bundles using a MessageSource it is pretty easy to add localization to Spring Security error messages. One thing to look for is how the default system Locale is involved while determining the language for localization. My suggestion is to make sure the default is English and let the client decide explicitly using the Accept-Language header. Furthermore, there are still some messages in Spring Security that cannot be localized this way, but hopefully will be in the future.

The post Localization of Spring Security Error Messages in Spring Boot appeared first on codecentric AG Blog.

Localization of Spring Security Error Messages in Spring Boot published first on http://ift.tt/2vCN0WJ

Localization of Spring Security Error Messages in Spring Boot

Spring Security is a framework for easily adding state-of-the-art authentication and authorization to Spring applications. When used in conjuction with Spring Boot, adding basic authentication to a web application is straightforward. Although Spring Boot will take care of configuring Spring Security, localization of Springs Security’s error messages is not autoconfigured. In this blog post I will show how to add localization to Spring Security and show some pitfalls while doing so.

Example

I’ve implemented a very simple application with basic authentication as an example for this blog post. The application has a @RestController handling GET requests to /hello, which returns a “Hello World” message. Furthermore I’ve configured Spring Security with basic authentication and set up an in-memory user with user name “user” and password “password”. All code can be found at GitHub.

When I start the application and try to access the hello resource without authentication, I get:

$> curl -i http://localhost:8080/hello HTTP/1.1 401 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: DENY Set-Cookie: JSESSIONID=3E1B7F48E35AC7FEF0A5A66CEAF843D5; Path=/; HttpOnly WWW-Authenticate: Basic realm="Realm" Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Date: Tue, 22 Aug 2017 06:00:37 GMT { "timestamp":1503381637553, "status":401, "error":"Unauthorized", "message":"Full authentication is required to access this resource", "path":"/hello" }

Trying to access the resource with wrong credentials also yields an error (headers omitted this time):

$> curl -u user:wrongPassword http://localhost:8080/hello { "timestamp":1503381723115, "status":401, "error":"Unauthorized", "message":"Bad credentials", "path":"/hello" }

Only if I provide correct authentication, I can access the resource:

$> curl -u user:password http://localhost:8080/hello { "message": "Hello World!" }

As you can see, the error messages returned are all in Englisch. Since I’m developing software for German customers, I sometimes want my application to return German error messages. Let’s see how we can achieve that.

Loading Messages

Localization in Spring relies heavily on the MessageSource facilities. A MessageSource is an abstraction over how to access messages for an application with support for parameterization and localization of those messages. A common way to define a MessageSource is to use a ResourceBundleMessageSource or a ReloadableResourceBundleMessageSource both resolving messages using Java resource bundles. To sum this up: If we want localized Spring Security error messages, we need to provide a message source, which loads the resource bundles defining Spring Security’s error messages.

The Spring Security documentation only describes how to do this with XML configuration. Since we’re writing a Spring Boot application, we want to configure everything using Java config:

@Bean public MessageSource messageSource() { ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource(); messageSource.addBasenames("classpath:org/springframework/security/messages"); return messageSource; }

It is important to call the @Bean method “messageSource”. This will replace the existing message source with ID “messageSource” in the application context bootstrapped by Spring Boot, thereby using it throughout the application. If we don’t replace the existing message source and instead configure a new one (for example by calling my @Bean method “myMessageSource”), the configured messages will not be used.

After adding Spring Security’s error messages to my message source, I can retry my request:

$> curl -u user:wrongPassword http://localhost:8080 { "timestamp":1503383024741, "status":401, "error":"Unauthorized", "message":"Ungültige Anmeldedaten", "path":"/hello" }

We’ve loaded the Spring Security error messages and the German message is now returned. Great!

Setting a default Locale

Well, almost great, but not completely. The problem is that now the server’s locale decides which language will be returned. This is because a MessageSource always needs a Locale parameter to resolve a message. If none can be found, Spring falls back to Locale.getDefault(). I have two problems with this:

You never know how the system locale will be set in your production environment running docker containers on Kubernetes in AWS. My guess is that it will be English, but I won’t count on it.

Far more people speak English than German.

For this reasons it’s better to use English as default language and let the client decide which language it can accept. The former can be configured by setting the default Locale, preferably in the messageSource method:

@Bean public MessageSource messageSource() { Locale.setDefault(Locale.ENGLISH); ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource(); messageSource.addBasenames("classpath:org/springframework/security/messages"); return messageSource; }

The latter is achieved by setting the Accept-Language header in the client. This changes the request to:

$> curl -u user:wrongPassword http://localhost:8080 { "timestamp":1503381723115, "status":401, "error":"Unauthorized", "message":"Bad credentials", "path":"/hello" } $> curl -u user:wrongPassword -H 'Accept-Language: de-DE' http://localhost:8080/hello { "timestamp":1503383940064, "status":401, "error":"Unauthorized", "message":"Ungültige Anmeldedaten", "path":"/hello" }

There are a lot of languages already shipped with Spring Security. If yours is missing or if you want to change some translations, you can easily do this by following these steps:

copy the english message.properties file from Spring Security to your project.

translate or change the messages you’re interested in.

In your messageSource method, add the new properties file to your message source.

Shortcomings

Remember that we also tried to access the hello resource without any authentication in our first example? Let’s try that again using the Accept-Language header:

$> curl -H 'Accept-Language: de-DE' http://localhost:8080/hello { "timestamp":1503383125672, "status":401, "error":"Unauthorized", "message":"Full authentication is required to access this resource", "path":"/hello" }

Sad but true, this is a shortcoming of Spring Security’s localization. The reason is that the “Bad credentials” message is returned by AbstractUserDetailsAuthenticationProvider from spring-security-core, while the “Full authentication required” message is returned by ExceptionTranslationFilter from spring-security-web. spring-security-core ships with message bundles, and therefore can be localized using a MessageSource. The error messages in ExceptionTranslationFilter are hard coded with no way of using a MessageSource for localization. I think this should be configurable using resource bundles the same way as it is for the messages from spring-security-core. For this reason I created a pull request for Spring Security that will hopefully be merged soon.

Conclusion

By loading Spring Security message bundles using a MessageSource it is pretty easy to add localization to Spring Security error messages. One thing to look for is how the default system Locale is involved while determining the language for localization. My suggestion is to make sure the default is English and let the client decide explicitly using the Accept-Language header. Furthermore, there are still some messages in Spring Security that cannot be localized this way, but hopefully will be in the future.

The post Localization of Spring Security Error Messages in Spring Boot appeared first on codecentric AG Blog.

Localization of Spring Security Error Messages in Spring Boot published first on http://ift.tt/2fA8nUr

93% off #Learn OAuth 2.0 – Theory and Hands On – $10

Learn with Java, Spring Boot, Spring Security, Spring OAuth, Bootstrap and more

All Levels,  – 3 hours,  21 lectures 

Average rating 3.9/5 (3.9 (19 ratings) Instead of using a simple lifetime average, Udemy calculates a course’s star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.)

Course requirements:

Basic knowledges on java, html/css, javascript, spring framework

Course description:

This is the Only course covering OAuth 2.0 with theory and hands-on in Udemy. 

New Course for 2016 … The best way to learn is through hands-on practice. 

Join the family of thousands of students, who have enrolled in my courses.

Bonus Section includes all the courses that I teach and promotions. Make sure you don’t miss them.

MONEY BACK GUARANTEE

Udemy provides 30-day money back guarantee. No reason needed! If you are not satisfied with the course, you can always get your money back. No Risk Involved! So sign up and I’ll see you in the course!

What is OAuth?

If you are a software developer, you’ve probably heard of OAuth. OAuth provides to clients a “secure delegated access” to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials. Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server.

What is OAuth 2.0?

OAuth 2.0 is the latest version of OAuth Framework. It is not backwards compatible with OAuth 1.0, as OAuth 1.0 has a variety of issues. Instead,  OAuth 2.0 provides specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. Facebook’s Graph API only supports OAuth 2.0. Google supports OAuth 2.0 as the recommended authentication mechanism for all of its APIs. The OAuth 2.0 Framework and Bearer Token Usage were published in October 2012.

Why OAuth 2.0?

OAuth 2 is almost everywhere on the web today and nearly everyone has used it in some form or another. As an open standard for authorization, it has been adopted by a lot of big companies such as Google, Facebook, Microsoft,Twitter and etc. 

Why this course?

There are plenty of materials you can find online on this hot topic but a lot of times, when you finish reading those materials, you still feel vague in your head what OAuth 2.0 is and why and how to use it. This could be due to the nature of OAuth 2.0 framework, as itself is a relatively complex thing to understand. This course tries to tackle the problem from theory and hands on perspective. 

First, We will be starting from the basics on OAuth 2.0 and then going to details of roles and workflows. 

Second, we will build a demo app using OAuth for Single Sign-On (SSO). We will be leveraging Facebook as the service and identity provider.

Third, we will use Spring Framework to implement each role in the OAuth 2.0 framework. Specifically, they are Client App, Authorization Server and Resource Server. This will give you a deeper understanding on how OAuth 2.0 framework works.

Full details Understand What OAuth 2.0 Framework is about. Understand why we need to use OAuth 2.0 Framework. Understand the workflow of OAuth 2.0. Know how to develop SSO using third parties like facebook, google with Spring Framework Know how to develop Client, Authorization Server and Resource Server with Spring Framework

Full details Anyone who is interested in OAuth 2.0

Reviews:

“Great Course!!!” (Anas Banun)

“interesting subject, competent teacher. good working examples” (Thomas Fanto)

“Pretty simple and explanatory so far. The guy that talks is also easy to understand for non-native english speakers like me” (Ariel Pertile)

  About Instructor:

Le Deng

Le Deng was first exposed to programming when he was at elementary school and his first language was Logo, a 2D drawing programming language. He received his BS in Electrical Engineering in China and his MS in Electrical Engineering at RIT in US. He has been both a learner and a teacher through the course. In the past few years, he has been interested in web technologies and working on his own path to become an entrepreneur. He’s life philosophy is to contribute a hand on better shaping this world and he is willing to spend just a life-time to fulfill it. He is currently living in Boston US.

Instructor Other Courses:

Learn MySQL and Solve 42 Practical Problems Le Deng, ldeng.net/courses, consultant, thousands of students (2) $10 $155 Build A Web App with VueJS, Spring Framework and MongoDB Build An Online Bank With Java, Angular 2, Spring and More …………………………………………………………… Le Deng coupons Development course coupon Udemy Development course coupon Web Development course coupon Udemy Web Development course coupon Learn OAuth 2.0 – Theory and Hands On Learn OAuth 2.0 – Theory and Hands On course coupon Learn OAuth 2.0 – Theory and Hands On coupon coupons

The post 93% off #Learn OAuth 2.0 – Theory and Hands On – $10 appeared first on Course Tag.

from Course Tag http://coursetag.com/udemy/coupon/93-off-learn-oauth-2-0-theory-and-hands-on-10/ from Course Tag https://coursetagcom.tumblr.com/post/157658206058