Explore
76-91 of 91
Session configuration: Cookies: Set Secure flag to true
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Web
- OWASP Top 10
Session Configuration: Invalidate the HttpSession after logout
Delete all sessions after logout
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web
Session management: Avoid CSRF: Use narrow mapping for state-changing methods
Non-specified RequestMapping method will map to any HTTP request
- error
- java
- Spring
- security
- framework specific
- web
- Spring Web
- CSRF
Should use requiresSecure
Use of HTTP instead of HTTPS is insecure
- error
- java
- Spring
- security
- framework specific
- web
- Spring Security
- OWASP Top 10
Spring recommendation: @(Rest)Controller, @Service, @Repository should be singletons
Classes annotated with @(Rest)Controller, @Service, @Repository should have a singleton scope
- warning
- java
- web
- framework specific
- Spring Boot
- Spring
- quality
Spring Security: race condition: SecurityContextHolder.getContext.setAuthentication
It is important to create a new SecurityContext instance to avoid race conditions across multiple threads.
- error
- java
- Spring
- security
- framework specific
- web
- Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices
DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating
- info
- java
- Spring
- security
- framework specific
- Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices (BCrypt)
DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating
- info
- java
- Spring
- security
- framework specific
- Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices (Bean)
DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating
- info
- java
- kotlin
- Spring
- security
- framework specific
- Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices (Bean - BCrypt)
DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating
- info
- java
- kotlin
- Spring
- security
- framework specific
- Spring Security
Suffix Matching: UseRegisteredSuffixPatternMatch set to false to prevent suffix pattern matching
Prevent suffix pattern matching by setting UseRegisteredSuffixPatternMatch to false
- warning
- java
- Spring
- security
- framework specific
- web
- Spring Web
Suffix Matching: UseSuffixPatternMatch set to false to prevent suffix pattern matching
Prevent suffix pattern matching by setting UseSuffixPatternMatching to false
- warning
- java
- Spring
- security
- framework specific
- web
- Spring Web
Use composed requestmapping annotations
Improve readability by using Spring's composed annotations
- info
- java
- Spring
- framework specific
- web
- Spring Web
- quality
Use .delux() for a 'stronger' password-based encryption
Encryptors.delux() uses a 'stronger' password-based encryption
- warning
- java
- Spring
- security
- framework specific
- Spring Security
Use requestMapping on public methods
RequestMapping should not be used on non-public methods
- warning
- java
- Spring
- framework specific
- web
- Spring Web
- quality
Use .stronger() for a more secure alternative
Encryptors.stronger() is more secure than Encryptors.standard()
- warning
- java
- Spring
- security
- framework specific
- Spring Security