Dropwizard Deep Dive – Part 2: Authorization

Welcome back! This is Part 2 of a three-part series on extending Dropwizard to have custom authentication, authorization, and multitenancy. In Part 1, we set up custom authentication. When we left off, we had just used the Java annotations @RolesAllowed and @PermitAll to authenticate our resource methods, so they will only run for credentialed users. In this part, we’ll cover Dropwizard authorization. We are going to extend the code we added to check the role assigned to a user and further restrict our methods based on whether that matches.
Read more on Dropwizard Deep Dive – Part 2: Authorization…

Authentication and Authorization: OpenID vs OAuth2 vs SAML

My current project at AO has provided a lot of opportunity to learn about web security and what’s going on when you click that ubiquitous “Sign in with Google/Facebook” button. As both a computer developer and an end user, I want applications that are secure without being too difficult to use.

Read more on Authentication and Authorization: OpenID vs OAuth2 vs SAML…

Dynamic Rails Routes with Warden Devise and Constraints

My rails application has a variety of users, and I want to make the root of my app load something different based on the needs of each user after log in. For example, if a student logs in, I want to load the students/dashboard page. If a Teacher logs in, I want to load the teachers/dashboard etc.

Read more on Dynamic Rails Routes with Warden Devise and Constraints…

Authentication and CouchDB

I needed to expose an internal CouchDB server to the outside world. When it was only accessible behind a firewall, it was not a big deal to throw an Admin Party. But opening it up to the outside world meant having to figure out how to lock down the CouchDB server. This post collects some of the articles and code snippets I tracked down while researching how to secure a CouchDB server.

Read more on Authentication and CouchDB…

System Test Active Directory Authentication in Ruby

I recently added support for authenticating users against an Active Directory server from a Ruby on Rails web application. I came across a few Ruby libraries for connecting to Active Directory, but in the end my needs were met with the net-ldap gem, the environment_configurable gem and a few lines of code:

Read more on System Test Active Directory Authentication in Ruby…