Category: Java

How to Create and verify JWTs in Java

Java support for JWT (JSON Web Tokens) is in its infancy – the prevalent libraries can require customization around unresolved dependencies and pages of code to assemble a simple JWT. We recently released an open-source library for JWTs in Java. JJWT aims to be the easiest to use and understand library for creating and verifying …

Java Web App Example: User Login with Servlet, JSP, and Stormpath

Update 5/12/2016: Watch Stormpath CTO Les Hazlewood’s presentation on REST + JSON API design best practices. We just released a major upgrade of our Java SDK, which now includes Java Webapp (Servlet 3.1+) support with a ton of user automation. Just drop our Servlet plugin into your Java web application and boom – instant user …

How CleverAnalytics Uses Stormpath for Token-Based Authentication in Java

This blogpost was written by the team at CleverAnalytics about their use of Stormpath and is reprinted from them with permission (and our thanks!). The updated Java SDK now includes token based authentication, and more! CleverAnalytics is a location intelligence cloud platform. It allows you to easily create interactive and highly responsive business-oriented maps based …

Manage your API Keys with Java, Jersey, and Stormpath

If you are a Java developer, then you are undoubtedly familiar with frameworks such as Spring, Play!, and Struts. While all three provide everything a web developer wants, I decided to write a RESTful web application using the Jersey framework. This sample app uses Java + Jersey on the back-end and Angular JS on the …

Spring Security Plugin for Stormpath

End-to-End Application Security for Spring Developers Not so long ago, securing a Java app meant weeks of work and plenty of custom code. Today, tools like Spring Security make secure development far less painful. We’re thrilled to simplify security for Java apps even more with the new Spring Security plugin for Stormpath, available now.

User Management for Java Web Apps with Stormpath and Apache Shiro

Update 5/12/2016: Building a single page app and need user management for Java? Read more about building application security the right way (and the hurdles you’ll need to overcome) in our post: The Problem with Securing Single Page Applications.   Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management with …

How to Secure an API – Tips for REST + JSON Developers

Update June 2014: Stormpath now secures authentication to your API- without code! At the Silicon Valley Java Users Group, our CTO Les Hazlewood gave a presentation on API Design. Since we get so many questions about API Security, we thought developers might want to see the excerpted section covering: Sessions Recommended authentication protocols 401 vs …

Spring MVC REST Exception Handling Best Practices (part 2)

In part 1 of this 2-part series, we discussed a best-practice error representation (format) that should be returned to a REST API caller when an error is encountered. In this article (part 2), we’ll show how to produce those representations from a REST API written using Spring MVC. Spring Exception Handling Spring MVC has two …

Spring MVC REST Exception Handling Best Practices (part 1)

If you’re already using Spring to build your application, and you need to serve a ReST API, Spring MVC can be a good choice to write your REST endpoints. However, representing errors or problems cleanly in a RESTful way may not be immediately obvious since Spring MVC is so often referenced for building user interfaces. …