🔐 Day 10 of Learning Spring Boot — Spring Security! Today I configured Spring Security from scratch using a custom SecurityFilterChain. Here's what I built: @Configuration @EnableWebSecurity public class SecurityConfig {  @Bean  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {   return http    .authorizeHttpRequests(auth -> auth     .requestMatchers("/").permitAll()     .requestMatchers("/students/**").authenticated())    .formLogin(Customizer.withDefaults())    .build();  } } 🧠 Key things I learned today: ✅ @EnableWebSecurity disables Spring Boot's default security — you're in full control now ✅ SecurityFilterChain intercepts every HTTP request before it hits your controller ✅ permitAll() vs authenticated() — simple but powerful access control ✅ Spring auto-generates a login page at /login — zero HTML needed ✅ Rule order matters — first match wins! The thing that clicked for me today: Spring Security is just a chain of filters. Once you understand that every request flows through this chain top-to-bottom, everything else makes sense. Github Repo : https://lnkd.in/gZAXur34 Day 10 down. Authentication, roles, and JWT are next. 🚀 If you're also learning Spring Boot, drop a comment — let's connect! #SpringBoot #SpringSecurity #Java #100DaysOfCode #LearningInPublic #BackendDevelopment

🔑 Day 12 of Learning Spring Boot — JWT Authentication! Today I built a complete JWT-based authentication system from scratch. No sessions, no cookies — pure stateless security. Here's the core flow I implemented: // 1. Signup — encode password, save user userRepo.save(new Users(   username,   passwordEncoder.encode(password) // BCrypt! )); // 2. Login — Spring verifies, we generate token Authentication auth = authManager.authenticate(   new UsernamePasswordAuthenticationToken(username, password) ); Users user = (Users) auth.getPrincipal(); String token = authUtil.generateAccessToken(user); // 3. JWT token — valid for 10 minutes Jwts.builder()   .subject(user.getUsername())   .claim("userID", user.getId())   .expiration(new Date(now + 1000*60*10))   .signWith(secretKey)   .compact(); 🧠 Key lessons from today: ✅ JWT = Header.Payload.Signature — 3 parts, dot separated ✅ SessionCreationPolicy.STATELESS — server stores nothing ✅ CSRF disabled with JWT — no session means no CSRF risk ✅ getAuthorities() must return emptyList(), never null ✅ getPassword() must return the field, never null ✅ PasswordEncoder in separate AppConfig to avoid circular dependency ✅ DTOs need @Data — without getters, Jackson returns {} The bug that took me longest: My Users entity implemented UserDetails but getPassword() was returning null. Spring was loading the user correctly but couldn't match the password. One line fix — but it took real debugging to find it. That's how real learning works. 🚀 Github Repo : https://lnkd.in/gZfqz43B Day 12 done. Next up — JWT Filter to validate tokens on every request! Are you also building Spring Boot projects? Drop a comment! #SpringBoot #JWT #SpringSecurity #Java #100DaysOfCode #LearningInPublic #BackendDevelopment #WebDevelopment

🚀 My Backend Learning Journey – Spring Security 🔐 Today I explored the fundamentals of Spring Security, one of the most important modules in the Spring ecosystem for building secure applications. 🔹 What I Learned: ✅ Overview of Spring Security It provides authentication and authorization for Java applications Helps protect APIs and web apps from unauthorized access Works seamlessly with Spring Boot projects ✅ CSRF Token (Cross-Site Request Forgery) Protects applications from malicious requests sent without user consent Generates a unique token for each session/request Ensures that only trusted requests are processed by the server 💡 Key Takeaway: Security is not just an add-on, it’s a core part of backend development. Even a simple application needs proper authentication and protection mechanisms. 📌 Next Step: Implementing authentication with JWT and role-based access control. #SpringBoot #SpringSecurity #BackendDevelopment #Java #LearningJourney #WebDevelopment #CSRF

Jargon Buster #Applet Applet A program capable of running on any computer regardless of the operating system. ■Commentary ▪︎Technically, above statement is correct becuase that was the core philosophy behind Java Applets. However, there is a bit of "fine print" regarding how that worked in practice and the current state of the technology. ▪︎Historically, the Applet was the poster child for Java’s "Write Once, Run Anywhere" (WORA) motto. Here is the breakdown of why that statement is correct and where the limitations lie. ▪︎Why the statement is correct °The independence from the operating system is achieved through a layer of abstraction called the Java Virtual Machine (JVM). °Bytecode, not Machine Code: When a developer writes an Applet, it isn't compiled into code that a specific CPU (like Intel or ARM) understands. Instead, it is compiled into Java Bytecode. °The JVM as a Translator: To run that Applet, the host computer only needs a JVM installed. The JVM acts as an intermediary; it takes the universal bytecode and translates it into instructions the specific operating system (Windows, macOS, Linux) can execute. °Platform Neutrality: Because the Applet itself doesn't "talk" directly to the OS, the same .class file can run on a PC, a Mac, or a Unix workstation without being rewritten. •The "Fine Print" °While the program is OS-independent, its ability to run depends on two major factors: °The Presence of a JVM: If a computer doesn't have the Java Runtime Environment (JRE) installed, the Applet cannot run. °Browser Support: Applets were designed to run inside a web browser. Today, Applets are essentially obsolete. Most modern browsers (Chrome, Firefox, Edge, and Safari) have removed support for the NPAPI plugin required to run them due to significant security vulnerabilities. ■To Summarise ▪︎Applets are platform-independent because they run on the JVM. ▪︎In a modern real-world context, however, they are no longer used. They have been replaced by web technologies like JavaScript, WebAssembly, and HTML5, which achieve the same cross-platform goals much more securely and without requiring a heavy plugin.

After 30 years, JDK 26 officially removes the Applet API. This isn't nostalgia—it's Java embracing its cloud-first, server-side identity and killing off security nightmares from the desktop era. What you'll learn: • Why applets made Java famous in 1995 but never succeeded beyond initial browser hype • Security risks of teams still running applets on JDK 6/7/8 without modern browser support • How browser plugin discontinuation in JDK 11 made applet support obsolete • What legacy code removal signals about Java's commitment to cloud-native and microservices architectures Guest: Simon Ritter, Deputy CTO, Azul "Applets are never going to get used in the cloud. It makes perfect sense to remove the Applet API because nobody in their right mind is going to try to write an applet using JDK 26. There are still plenty of people running applets on older versions of the JDK, but you're really running on a very old system, which you should be looking to move away from because there are issues of security and potential vulnerabilities." In this clip, Simon explains why applet removal reflects Java's evolution from desktop-focused origins to its current server-side, cloud-native dominance. Check out the discussion on our YouTube page: https://lnkd.in/gVsztTCw #AppletAPI #JDK26 #JavaEvolution #CloudNative #ServerSideJava #LegacyCode #Security #EnterpriseJava #Microservices #Azul

🚀 Day 86/100 - Spring Boot - Build & Deployment Creating Executable JAR Spring Boot makes deployment super simple by packaging your app as a standalone executable JAR. - No need for external servers like Tomcat - Everything is embedded ➡️ JAR Packaging (Default) In most cases, Spring Boot uses JAR packaging by default: <packaging>jar</packaging> ➡️ Build the Application mvn clean package 🔹Compiles code 🔹Runs tests 🔹Creates a ready-to-run JAR ➡️ Run the Application java -jar target/myapp-0.0.1-SNAPSHOT.jar Your app starts with an embedded server (like Tomcat) Previous post: https://lnkd.in/d-Nshbfx #100Days #SpringBoot #Deployment #Java #Maven #BackendDevelopment #WebDevelopment #SoftwareEngineering

🔐 Day 9 of Learning Spring Security — CSRF, Sessions & REST API Config Today I finally understood why POST requests fail when you enable Spring Security — and how to fix it the right way. The problem: When Spring Security is enabled, it blocks all POST/PUT/DELETE requests by default. Only GET works. The culprit? CSRF Protection. What I tried (both approaches): Approach 1 — Manual CSRF Token Hit a GET endpoint → grab the CSRF token → add it as X-CSRF-TOKEN header → POST works ✓ Approach 2 — Custom Security Config (better for REST APIs): @Configuration @EnableWebSecurity public class SecurityConfig {  @Bean  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {   return http    .csrf(c -> c.disable())    .authorizeHttpRequests(r -> r.anyRequest().authenticated())    .httpBasic(Customizer.withDefaults())    .sessionManagement(s -> s     .sessionCreationPolicy(SessionCreationPolicy.STATELESS))    .build();  } } The key insight — when to enable vs disable CSRF: ✅ Keep CSRF ENABLED when: - Browser-based web apps - Session / Cookie-based authentication - Server-side rendered (Thymeleaf, JSP) ❌ Safe to DISABLE CSRF when: - REST APIs with JWT authentication - Stateless APIs (no sessions) - Mobile app backends - Service-to-service communication Rule of thumb: Auth in a Cookie → Enable CSRF. Auth in an Authorization Header → Safe to disable. Why STATELESS session? SessionCreationPolicy.STATELESS means the server never stores sessions. Every request is independent — scales horizontally with zero shared state. What's next? → JWT Authentication to replace Basic Auth completely. Building in public, one concept at a time. If you're on a similar Spring journey, let's connect! #SpringSecurity #SpringBoot #Java #BackendDevelopment #REST #LearningInPublic #100DaysOfCode #WebDevelopment #Developer #CSRF

 Spring Boot 3 Http Interfaces + Security = less boilerplate, more “it just works” energy. If your HTTP clients still feel like they were assembled during a caffeine outage, this one’s for you. In this video: Spring Boot 3 Http Interfaces Security   https://lnkd.in/eezjkkQs Clean APIs, secure calls, fewer opportunities to invent your own distributed-system horror story. #SpringBoot #Java #Backend #SoftwareDevelopment #Security #WebDevelopment #DeveloperTools

Install and Run Your Own Image and Video Sharing Platform on #Ubuntu #VPS This article provides a guide for how to install and run your own image and video sharing platform on Ubuntu VPS. What is Chevereto? Chevereto is a self-hosted image hosting script that allows users to create their own image-sharing website. It provides features similar to popular image hosting services like Imgur but with complete control over the platform. Key ... Keep Reading 👉 https://lnkd.in/ghshyCZ5 #selfhosting #installguide #opensource #social #mariadb #vpsguide #imagehosting #certbot #letsencrypt #apache #selfhosted #python