10 Excellent Ways to Secure Your Spring Boot Application
Spring Boot is one of the most popular Java frameworks. If you’re developing Spring Boot apps that handle sensitive data, you should make sure they’re secure. This article gives you some tips on how to build more secure Spring Boot applications.
Eleduwa
Thanks for the nice post… I learnt new stuffs
Stephane
Hi Matt,
A very good and useful article!! In order to make our application more secure, we are trying to enable the CSRF protection with a Spring Boot back-end and an Angular application for the front-end based on what you wrote. However we are getting the following error “Could not verify the provided CSRF token because your session was not found in spring security”. What could be the reason? Could different sub-domains between the two compact have an impact?
Thank you in advance for your answer.
-Stephane
Matt Raible
Yes, you’re likely to have issues if you try to host your apps on separate domains. This is because Spring Boot will send the CSRF token as a cookie and you won’t be able to read the cookie (to send it back in a header) if you’re on a different domain.
keomorakort man
Thank Matt, your article is very helpful to me.
Igor K
Where can I get the “I find your lack of security disturbing” t-shirt?
Matt Raible
Hello Igor,
It’s not currently available for sale publicly. You can see where our developer advocates are speaking at oktadev.events. If you happen to be going to one of these events, let me know, and I’ll make sure we have a t-shirt for you! We’d also be happen to ship you one if you contribute a PR to one of our SDKs and/or blog posts to fix something.
Saurabh Singh
hi matt
I wan to know how to hide production env properties from developer
Matt Raible
The easiest way is to not allow your developers to access your production environment!
This guide suggestions using Vault by HashiCorp. We’re working on a post now that shows how to use Spring Vault. If you follow @oktadev on Twitter, you’ll get a notification when we publish it.
Aftab Ahmed
Hi Matt, Thanks for Sharing wonderful Article, Would you please share how encrypt Application properties?
Thanks
Matt Raible
Our blog post on using Spring Vault should help. https://developer.okta.com/…
Hassan Waris
Matt, Thank you after reading this , I am feeling secured (: