There is a duality between the use of PKI when performing asymmetric encryption and signing. As very nicely summarized here, encryption (enables one way private communication in case there is only one pair in place) uses the public key to encrypt and private key (there is only one holder) to decrypt, and signing uses the private key to encrypt and public key to decrypt. The former provides more of confidentiality while the latter provides authenticity (origin confirmation), integrity (no modification introduced) and non-repudiation (prevent denial cases : only receiver can open with sender's public key and only from the sender must come because of her private key.
This tutorial is a good one for XML signatures and this tutorial is good to JSON Web signature...
There is also this tutorial on the use of keytool (from Java runtime) to manage keys, certificates, keystores etc...
Stay tuned...
Saturday, October 14, 2017
Monday, October 2, 2017
Content Negotiation in Spring Web Applications
Here are some links about the issues related to the use of RequestMapping (PostMapping, GetMapping etc) : Stack Exchange Link
The main issue is when a client (e.g. through Apache HTTP client) sends requests to a servlet with the relevant parameters (here be careful where parameter is posted: in the header or the body, see here and here) the servlet will receive/process the parameters according to a pre-agreement...
Spring framework provides useful functionality and annotations (e.g. PostMapping) to automate/shorten all content negotiation related stuff. See here.
The main issue is when a client (e.g. through Apache HTTP client) sends requests to a servlet with the relevant parameters (here be careful where parameter is posted: in the header or the body, see here and here) the servlet will receive/process the parameters according to a pre-agreement...
Spring framework provides useful functionality and annotations (e.g. PostMapping) to automate/shorten all content negotiation related stuff. See here.
Subscribe to:
Posts (Atom)
