I'm honored to be speaking with @starbuxman.joshlong.com at @devnexus.bsky.social about Bootiful #SpringSecurity
For additional information see devnexus.org/events/booti...
I hope to see you there!
#Spring #Java #devnexus
til - Regex special characters like . do not need escaped in character classes e.g. [a.] means a or . not a or anything
www.regular-expressions.info/charclass.ht...
For example this states that the user must have authenticated with a password within the last 30 minutes:
AuthorizationManagerFactories.multiFactor()
.requireFactor( (factor) -> factor
.passwordAuthority()
.validDuration(Duration.ofMinutes(30))
)
.build();
I'm really fond of how you can declare that URLs require authenticating with a password (or other mechanism) within a specified amount of time docs.spring.io/spring-secur...
I've done a lot of cleanup on #SpringSecurity MFA support this past week. The updates (along with improved docs) can be seen in the reference docs.spring.io/spring-secur...
#SpringSecurity 7 added MFA support docs.spring.io/spring-secur...
tldr Add following to require both password and one time token
`@EnableGlobalMultiFactorAuthentication(authorities = {
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
GrantedAuthorities.FACTOR_OTT_AUTHORITY })`
Exciting News! Spring Authorization Server is moving to #SpringSecurity 7.0
spring.io/blog/2025/09...
Ever wanted to be able to change how the built in #SpringSecurity hasRole hasAuthority, etc methods work but continue to use the existing DSL? Enter AuthorizationManagerFactory.... docs.spring.io/spring-secur...
Thanks x.com/sjohnr for your PR github.com/spring-proje...
Neat episode of a Bootiful Podcast from @starbuxman.joshlong.com with @rwinch.github.io , the lead of @spring.io Security. Great insights on how the design and product decisions are made in an OSS project, and the timeframes for these.
podcasts.apple.com/gb/podcast/s...
Just pushed support for Spring Security OAuth + Interface REST Client integration docs.spring.io/spring-secur...
#SpringFramework #SpringSecurity
I'll be presenting "Secure All The Things With Spring Security" with @starbuxman.joshlong.com at #SpringOne #VMwareExplore
I hope to see you there!
event.vmware.com/flow/vmware/...
Thanks for reaching out and sorry for the delay. Can you please reach out via github.com/spring-proje...
Anyone have any realistic use of Java's Scoped Values they can share? Yes, I know it's still a preview feature, but I can hope there are some eager people out there.
Interesting post infosec.exchange/@briankrebs/...
- AI bots are used to commit financial aid fraud at universities
- rise in bots enrolling prevents some students from registering for classes
- teachers worry when the bots drop (after bot gets aid) it might cause them to lose their job
I'm glad to see that funding for the CVE program has been extended www.bleepingcomputer.com/news/securit...
I'm interested to see what happens with the foundation going forward.
tldr - CVE Program funding was going to expire, foundation was setup to preserve it, CVE Program funding was extended
My current setup has been with β+arrow to move to half of screen, β+Enter for full screen, β₯+β+arrow to move displays, β+β₯+β+arrow to move spaces. This collides with navigating a text file
Trying MacOS again Key binding suggestions for moving window left/right/top/bottom half screen, full screen, to next/previous display, & to next/previous "spaces" (desktops or in linux it was workspace)? Ideally bindings use arrows, are similar to each other, and don't collide with default bindings
It's frustrating when authenticating to website (e.g. website.com) to be redirected to an external domain (e.g. website.idp.com) & expect website.com's credentials. Shame on both the website & the IdPs that follow this practice which primes users to be phished.
I'm not speaking @devnexus.bsky.social this year, but I'm going as an attendee. If you will be there, I'd love to meet up. Hope to see you there!
Linux user trying to figure out macos - How can I have the menu bar & doc on all displays AND have "Displays have separate Spaces" unchecked?
NOTE: I do not want separate spaces per display because then I have to switch a space per display. I prefer switch space updates all monitors at once.
I'm very excited that @spring.io is switching from a Contributor License Agreement to a Developer Certificate of Origin!
We're looking forward to seeing more & simplified contributions from you! If you have any questions, reach out to us in our issue trackers.
spring.io/blog/2025/01...
Fantastic news to see the @antora.org collector has hit GA!
Good advice for protecting against / recovering Hijacked Gmail (& other) Accounts
www.forbes.com/sites/daveyw...
- Setup recovery phone & email to your account
- For Gmail, if attacker changes your recovery phone number, then you have7 days to use that original number to regain control
President Biden's deputy natsec advisor for cyber and emerging tech Anne Neuberger told reporters that Chinese hackers got into (at least) 8 U.S. telcos in a broad spying campaign that affected "dozens of countries" since it began.
The latest on All Things Considered: www.npr.org/2024/12/04/n...
That's not me. I renamed my account from robwinch.bsk.social to rwinch.github.io and do not have another account.
Note that the Blue Sky documentation states that atprto-did must return content-type text/plain but it worked for me despite GitHub pages returning application/octet-stream
This is good for me since it doesn't appear that I can change the content-type on GitHub pages docs.github.com/en/pages/get...
Verification can be done using a .well-known URL bsky.social/about/blog/4...
To do that I created a .well-known project that publishes the atproto-did file with the verification to GitHub pages github.com/rwinch/.well...
I changed my username to rwinch.github.io so that I had a verified domain with a username that I'm well known by.
How did I do it?
Chinese is hacking US telco so stop using SMS
- Use 3rd party apps that do end to end encryption (eg WhatsApp)
- RCS iPhone <-> Android is not encrypted
- Use phone that auto updates in timely fashion
- Use MFA
www.forbes.com/sites/zakdof...
HT @starbuxman.joshlong.com
