An SQL injection attack consists of insertion or “injection” of a malicious data via the SQL query input from the client to the application. In our example project we have a small Spring Boot based blog application. This application exposes an endpoint to fetch blog articles based on the author:
This third and final part in my Stateless Spring Security series is about mixing previous post about JWT token based authentication with spring-social-security. This post directly builds upon it and focusses mostly on the changed parts. The idea is to substitude the username/password based login with “Login with Facebook” functionality based on OAuth 2, but still use the same token based authentication after that.
The user clicks on the “Login with Facebook” button which is a simple link to “/auth/facebook”, the SocialAuthenticationFilter notices the lack of additional query parameters and triggers a redirect leading the user of your site to Facebook. They login with their username/password and are redirected back, again to “/auth/facebook” but this time with “?code=…&state=…” parameters specified. (If the user previously logged in at facebook and had a cookie set, facebook will even instantly redirect back and no facebook screen is shown at all to the user.) The fun part is that you can follow this in a browsers network log as it’s all done using plain HTTP 302 redirects. (The “Location” header in the HTTP response is used to tell the browser where to go next)
When we want to clone an object there are several ways to do this
For instance we can implement Clonable, which makes it possible to duplicate an object. We also can create a new object manually by calling each setter or use a parameterised constructor.
In case we want to clone a Hibernate object, there is an extra option available which is more elegant: the Hibernate3BeanReplicator. The Hibernate3BeanReplicator is provided by Beanlib (http://beanlib.sourceforge.
For example we want to clone the Student object, including all child (one-to-one) objects.
Student student = studentDao.getStudentById(1);
HibernateBeanReplicator replicator = new Hibernate3BeanReplicator();
Student studentCopy = replicator.deepCopy(student);
When we use auto increment id’s or unique required fields, we manually have to set these values to null or use an unique value. Please note that we also set the Id of the RelatedObject to null.
As can be seen cloning an object can be very simple! More information can be found on http://beanlib.svn.sourceforge.net/viewvc/beanlib/trunk/beanlib-doc/hibernate-bean-replicator.html