Working on a WordCamp Website: Tips and Tricks

Last winter, I joined the team organising the WordCamp Torino 2017 as the lead for the website group. In this post, I’d like to write some tips and tricks for managing a WordCamp website, considering the challenges that we had to face.

A screenshot of the header of WordCamp Torino 2017 website, with logo and picture of Torino
The website for WordCamp Torino 2017. The logo has been realised by Carmen Tortorella.

The reference is the Web Presence section of the WordCamp Organizer Handbook.

Setting Up the Environment

The first thing to do when starting working on a WordCamp website is setting up a local environment. WordCamp.org is part of the WordPress Meta Environment. You can choose to install either the whole Meta project or just the WordCamp website.

Here you can find some useful resources:

Continue reading “Working on a WordCamp Website: Tips and Tricks”

Securing a Spring Boot Application with Keycloak

In this article, I’m going to show you how to secure a Spring Boot application using Keycloak.

Securing Spring Boot with Keycloak - ThomasVItale.com

Before doing that, I’d like to briefly recall what I’ve done so far.

First, I highlighted the main features of Keycloak used in this series and explained how to install and boot the Keycloak server.

Then, I set Keycloak with some basic configurations to use it for securing a web application (providing it with authentication and authorisation).

In this article, I’ll talk about how to:

    1. Create a client in Keycloak;
    2. Set up the Spring Boot application;
    3. Define the application resources;
    4. Add access policies based on user roles.

You can check out the full source code of the demo project I’m going to build on GitHub.

Let’s get started! Continue reading “Securing a Spring Boot Application with Keycloak”

My First 2 Years as WordPress Contributor

Exactly two years ago, at this same time, I was coming home from Milan after attending the first Italian WordPress Contributor Day. I didn’t know then what it would have meant to me, but it was the beginning of something awesome.

I started using WordPress as a CMS in 2009, but it was just in 2015, in Milan, that I found out the Community and the several opportunities to contribute to this successful open source project. Have a look at the Make area to read more about the different teams working on WordPress.

Contributor Day for WordCamp Torino 2017 - Thomas Vitale is presenting
Contributor Day Torino 2017 – Photo by Gianni Vascellari

Continue reading “My First 2 Years as WordPress Contributor”

Keycloak Basic Configuration for Authentication and Authorisation

In the previous article, I introduced Keycloak, an open source project for identity and access management developed by the RedHat Community. I went through how to install it, boot it and how to access the Keycloak Admin Console for the first time.

Continuing from where I left, in this new article I’d like to talk about how to configure Keycloak so that you can later use it for managing authentication and authorisation for a web application as well as for a web service. I’ll show you how to create a new realm, define roles and add users.

Throughout this series, you’re going to see more features and details about Keycloak, but I suggest you check the helpful and detailed official documentation for any doubt or curiosity.

Access Control, Authentication and Authorisation

Managing authentication and authorisation is an essential task in every good-designed web application or service. Keycloak makes it very easy and effective, letting you focus on the application business logic rather than on the implementation of security features.

Before going on, it is worth briefly recalling the definition of some fundamental security properties (from NIST glossary):

  • Access Control: “the process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., federal buildings, military establishments, border crossing entrances)”.
  • Authentication: “verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system”.
  • Authorisation: “access privileges granted to a user, program, or process or the act of granting those privileges”.

A typical error is considering authorisation and access control as synonyms when the second one is included in the first one. If you are interested in exploring this difference, you can read this article by ICANN. Continue reading “Keycloak Basic Configuration for Authentication and Authorisation”

Introducing Keycloak for Identity and Access Management

Lately, I’ve been working with Keycloak, so I decided to better delve into it and write about it.

This article is the first of a series where I’d like to introduce Keycloak as a solution to manage authentication and authorisation, how to install it and which are the fundamental concepts and configurations.

Then I’d like to explain how to use it to secure Spring Boot, Spring Security and AngularJS applications and services, analyse the implementation when using a relational database to store users and finally how to manage users from Java thanks to the Admin REST API.

A preview of the Keycloak official website
Keycloak Website – Open Source Identity and Access Management

What is Keycloak?

Keycloak is an open source project developed and maintained by the RedHat Community.

“Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.”

It offers a broad set of features; I suggest you check the official documentation to get all the details.

Throughout this series I’ll explore the following features:

  • Admin Console to configure the Keycloak server and create realms, roles, users and clients;
  • Single Sign-On (SSO) using the Open ID Connect (OIDC) authentication and authorisation protocol;
  • Client Adapters to integrate Spring Boot, Spring Security and AngularJS with Keycloak;
  • Admin REST API for user management.

Continue reading “Introducing Keycloak for Identity and Access Management”

How to enable HTTPS in a Spring Boot Java application

Setting up HTTPS for Spring Boot requires two steps:

  1. Getting an SSL certificate;
  2. Configuring SSL in Spring Boot.

We can generate an SSL certificate ourselves (self-signed certificate). Its use is intended just for development and testing purposes. In production, you should use a certificate issued by a trusted Certificate Authority (CA). Whether you’re going to generate a self-signed certificate or you have already got one by a CA, I’ll show you how to enable HTTPS in a Spring Boot application.

how to enable HTTPS in Spring Boot - Thomas Vitale

In this tutorial I’ll explain how to:

  1. Get an SSL certificate
    • Generate a self-signed SSL certificate
    • Use an existing SSL certificate
  2. Enable HTTPS in Spring Boot
  3. Redirect HTTP requests to HTTPS
  4. Distribute the SSL certificate to clients.

Continue reading “How to enable HTTPS in a Spring Boot Java application”

Spring Data JPA using Hibernate and Java Configuration with Annotations

In this tutorial, I’ll show you how to use Spring Data JPA to integrate a relational database (PostgreSQL in my example) into a Spring Boot application.

Spring Data JPA using Hibernate and Java Configuration - Thomas Vitale

I’ll use these technologies and tools:

  • Spring Tool Suite (STS) 3.8.4.RELEASE
  • Java 8
  • Spring Boot 1.5.3.RELEASE
  • Maven 3.3.9
  • PostgreSQL 9.6.2

Continue reading “Spring Data JPA using Hibernate and Java Configuration with Annotations”

Getting Started With WordPress Plugin Development

"Harry Plugin & The Power of WordPress" written in the style of Harry Potter

This morning I gave a talk about how to get started with WordPress Plugin Development at WordCamp Torino 2017.

Here you can find the video and the slides of my talk, enjoy 🙂


WordPress Plugins are powerful tools that let us extend WordPress and turn it into whatever we want. What’s their secret? Join me if you want to know more about them and get started developing your own Plugin! I’ll tell you a story about magic, dangerous pirates, brave bowmen and ancient castles…

Introduction to WordPress Plugins

49 472 WordPress Plugins are available in the official repository. That’s a huge number! And they are just the Plugins available on wordpress.org. They are much more. For example, think about vendors that sell their own Plugins on their platforms or the thousands of Plugins loaded on GitHub, but never submitted to the official repository.

For many people Plugins are surrounded by mystery. It seems that WordPress provides us with a powerful magic wand to get anything we want. To turn WordPress into whatever we want.

What is a Plugin?

The shortest answer is a package of code. More specifically, a package of PHP code. That’s it.

The most straightforward Plugin is made up of a single unique PHP file. For example Hello Dolly, a Plugin that you’ve probably never used, but you have seen it at least once since it is delivered together with WordPress.

It’s important to understand how Plugins are related to WordPress itself. There are three major components: Core, Themes and Plugins. The Core is the application itself. Themes allow to display some data to users and to choose the look and presentation of your website. Finally, we have Plugins.

Plugins are used to extend WordPress functionalities or to add new ones. At this point, you can ask why not to modify the WordPress Core directly. Continue reading “Introduction to WordPress Plugins”