Build a Photo Gallery PWA with React, Spring Boot, and JHipster

avatar-matt_raible.jpg Matt Raible

At its core, React is just a UI toolkit, ala GWT, but it has a very healthy ecosystem around it that provides everything you need to build a kick-ass progressive web app (PWA). PWAs are cool because if they’re done right, they can offer a native-like experience for your users, allowing them to install your app, and use it when it’s offline. But, “why React?” is what you’re probably asking yourself right now, right? Well,...

Read more

Use Multi-factor Authentication from the Command Line

avatar-dogeared.jpg Micah Silverman

Multi-factor authentication is an important tool in your security arsenal. If your password is compromised, your account can still be protected by using high quality second factors, such as Authy, Google Authenticator, or Okta Verify. In this tutorial, I’ll show you how to authenticate, enroll in multi-factor authentication with Okta Verify, and process push notifications – all from the command line using a bash shell script. Why would you ever want to do this? A)...

Read more

What Happens If Your JWT Is Stolen?

avatar-rdegges.jpg Randall Degges

All of us know what happens if our user credentials (email and password) are discovered by an attacker: they can log into our account and wreak havoc. But a lot of modern applications are using JSON Web Tokens (JWTs) to manage user sessions—what happens if a JWT is compromised? Because more and more applications are using token-based authentication, this question is increasingly relevant to developers and critical to understand if you’re building any sort of...

Read more

Deploy Your ASP.NET Core Application to Azure

avatar-leebrandt.jpg Lee Brandt

One of the scariest features of Visual Studio is without a doubt right-click to publish. There are very few instances in which you’d actually want to make use of this “feature” and so many more in which it’s a terrible idea. In this post I’ll walk you through the right way to secure and deploy your new ASP.NET Core app to Azure. My method might not be as fast as right clicking to publish, but...

Read more

Deploy Your Secure Spring Boot + Angular PWA as a Single Artifact

avatar-matt_raible.jpg Matt Raible

I’ve written several posts on this blog that show you how to develop an Angular SPA (single-page application) that talks to a Spring Boot API. In almost all of them, I’ve used OAuth 2.0’s implicit flow and built, tested, and deployed them as separate applications. IMHO, this is the way many applications (outside of the Java world) are built and deployed. What if you could combine the two applications for production, and still get all...

Read more

Tutorial: Build a Basic CRUD App with Symfony 4 and Vue

avatar-krasimir.jpg Krasimir Hristozov

If you’re a web developer in 2018, then you already know that the expectations are high and the tools are many. Users want progressive web applications and seamless experiences across every device. The focus is shifting from monolithic code to APIs built as microservices and consumed by multiple frontends, and finding our way through the ecosystem of ever-changing tools can be a daunting task even for the most experienced of us. If you’re looking for...

Read more

Secure Your Spring Boot Application with Multi-Factor Authentication

avatar-moksamedia.jpg Andrew Hughes

OAuth 2.0 has quickly become an industry standard for third party authentication for web applications. It’s a super secure strategy, when implemented properly, but getting it right can be hard. Fortunately, you don’t have to go it alone. Okta has done it for you. This is one place where it’s definitely not worth re-inventing the wheel. And further, with all of the cybersecurity attacks today, just using a password, even a hard password, is not...

Read more

How to Prevent Your Users from Using Breached Passwords

avatar-rdegges.jpg Randall Degges

Not too long ago, the National Institute of Standards and Technology (NIST) officially recommended that user-provided passwords be checked against existing data breaches. Today I’m going to show you how you can easily add this functionality to any website you run using PassProtect, an open-source developer library we created specifically for this purpose. Why Check User Passwords? The new NIST recommendations mean that every time a user gives you a password, it’s your responsibility as...

Read more

Add Authentication to Any Web Page in 10 Minutes

avatar-rdegges.jpg Randall Degges

Adding authentication to web pages can be pretty annoying. While I’d like to say that over the course of my programming tenure I’ve learned to easily add authentication to any app I create, my attempts tend to devolve into me bickering with myself endlessly over a User schema and the most efficient way to share my user data between components. One of the greatest things that’s happened in recent years, however, is the proliferation of...

Read more

Static Sites vs CMS

avatar-rdegges.jpg Randall Degges

There’s a frequent debate amongst development and marketing teams at companies around the world about whether or not their blog or website should be managed through a content management system (CMS) like Wordpress, Drupal, Squarespace, etc. or through a static site generator like Jekyll or Hugo. I’ve been blogging since 2006, writing websites since 2002, and I’ve built just about every possible type of website. Today I’d like to explain why static sites are the...

Read more