What can Spring do to help me secure my application? — Audience This article is aimed at developers with a solid understanding of the basics of Spring and web security. It marries up the two concepts, concluding with a worked example of using Spring Security with Spring Boot. Argument Spring Security is centred round two core concepts: Authentication: Verifying you are who you…

An introduction to caching principles — Audience This article is aimed at developers with a reasonable understanding of how the internet functions, contemporary application architectures and AWS. It will cover what caching is in a more general sense, the motivation behind using it, and then deep dive into specific implementations. Argument A cache stores previously used or computed…

An introduction to Kinesis using Apache Camel and Spring Cloud Stream — Audience This article is aimed at developers with a reasonable understanding of Java and Spring, but no experience whatsoever with AWS Kinesis, Apache Camel or Spring Cloud Stream. It will explain the role of message brokers, introduce Kinesis and conclude with a worked example based on Twitter data. Argument Message Brokers Message brokers act…

Creating an amazing space for audience participation! — At the BBC, we put audiences at the heart of everything we do, so it’s important they feel they have a safe space to interact with all of our online products. …

That’s right, it’s something to do with OAuth2.0! — Audience In this article we will explain the usage of the Authorization: Bearer xxx-yyy-zzz style header. I feel it’s one of those things that you might use a fair bit without perhaps fully understanding the implications. This article is a crash course in understanding where it comes from, how it works…

The Authorisation Server giveth, and it taketh away — Audience This article will require a solid understanding of HTTP and the OAuth2.0 core standard. For the latter you can read through my ordered list of articles found here. In the following article we will explore two different RFCs: Token introspection: If you remember, in the OAuth2.0 Core RFC, tokens are…

Authentication (OIDC) vs Authorization (OAuth2.0) — Audience This article is aimed at developers looking to understand the Open ID Connect authentication protocol, which is an extension of the OAuth2.0 authorisation framework. Readers will need a reasonable understanding of HTTP and a solid understanding of OAuth2.0, which they can gain by looking at my articles here and here. Argument …

Authorization for input-constrained devices — Audience This article is aimed at developers looking to understand authorising input-constrained devices such as consoles, TVs, picture frames, smart devices etc. Readers will need a solid understanding of HTTP and the existing core OAuth standards. My other articles on the subject can be found collected in the list here. We…

Authorisation for the Nation! — Audience This article is aimed at developers looking to get a better understanding of how OAuth2.0 works with Native Apps. It will require a solid understanding of HTTP, and the OAuth2.0 framework. To better understand the latter you can read my previous articles on the subject here. You will also need…