Posts by Micah Silverman

4 Challenges to Building Multi-factor Authentication

Multi-factor authentication is the most reliable way to ensure the security of your users PII (personally identifiable information), and with Stormpath it’s easier than ever to implement in your application! Why is MFA super-secure? It’s simple: While a user may have a lousy password, additional factors are inherently immutable. Some common second factors of authentication …

Secure Your Spring Boot App with Stormpath & start.spring.io in 5 Minutes

Have you ever wanted to write a Spring Boot application but are not sure where to start? Spring Initializr makes it easy to get up and running in minutes by generating a fully functional Spring Boot project that includes dependencies and tests. A web version is hosted at https://start.spring.io. From here, you can search for …

Tutorial: Establish Trust Between Microservices with JWT and Spring Boot

If you’ve never heard of JWTs (JSON Web Tokens), well then you didn’t read my last post on CSRF Protection with JWTs. To briefly recap: JWTs can be used wherever you need a stand-in to represent a “user” of some kind (in quotes, because the user could be another microservice). And, they’re used where you …

CSRF Protection with JWTs in Spring Security

If you’ve never heard of JWTs (JSON Web Tokens), well, you don’t work in tech, or you’ve purposely unplugged your computer from the Internet. JWTs are frequently used in OAuth2 as access and refresh tokens as well as a variety of other applications. JWTs can be used wherever you need a stand-in to represent a …

User Authentication in Java 8

Java 8 added many new features that both modernize and simplify the language. Today, I’ll walk you through how some of these new features impact authentication, authorization, and user management. We’ll explore a few of the most important new features, including: Lambdas, method references, and Streams. But first, some background on Stormpath and the code …

Build a Spring Boot API with Hazelcast for Cached User Authentication

By caching API responses and removing the need for a round trip over the wire to a remote API service, you save on future API calls (potentially saving you money) and create a far more responsive API. For these reasons, all of Stormpath’s primary SDKs have a caching layer built in, standard. In this post, …

Identity Management in Spring Boot with Twilio and Stormpath in 15 Minutes

Today, in less than 30 seconds or so, I was able to set up a Twilio account and send myself a text message using httpie. Another few minutes work (fewer than 5) and I had a Spring Boot application doing the same. In about the same five minutes, you can get set up with Stormpath’s …

Spring Boot WebMVC – Spring Boot Technical Concepts Series, Part 3

Spring Boot, with Spring Boot WebMVC, make it easy to create MVC apps with very clear delineations and interactions. The Model represents formal underlying data constructs that the View uses to present the user with the look and feel of the application. A Controller is like a traffic cop. It receives incoming requests (traffic) and …

Announcing Stormpath’s Java SDK 1.0 Release

Big, big news, people: The Stormpath Java SDK has left release candidates behind and is now at 1.0! The goal for any Stormpath SDK has always been to make it super easy for developers to work with Stormpath using the latest in technologies and integrations. With the 1.0 release of our Java SDK, it’s a …

Custom Data Search for Powerful Identity Management in Java

Custom Data is one of the standout features of Stormpath’s authentication and user management API. It allows you to store up to 10 megabytes of unstructured (JSON) data alongside any Stormpath resource. This can be any manner of application-specific user data; our clients use it for everything from custom profile fields to authorization roles, or …