Thomas Vitale | Software Engineer | Spring & Java EE | AppSec

Getting Started With Jakarta EE - A Sample Application

Jakarta EE 8 has officially been released last Tuesday. It's the beginning of what it's been promised as "the Future of Cloud Native Java". Let's look at a sample application in Jakarta EE, using Wildfly, Gradle and Docker.

Keycloak

Keycloak Authentication Flows, SSO Protocols and Client Configuration

In this article, I'm going to introduce the concept of authentication flows. Then, I'll briefly mention the two protocols Keycloak can use to provide its services: OpenID Connect (on top of OAuth 2.0) and SAML. Finally, I'll show you how to configure Keycloak clients.

Blog

New Blog, New Platform, New Goal

Starting a blog is easy. Keep writing is not. This time, I'm confident it's going to be different. I'll be writing about security, Keycloak, Spring and software development on my brand new blog, just migrated from WordPress to Ghost.

Security

Access Control: Identification, Authentication, and Authorization

Unauthorized access to data and resources is one of the most significant and dangerous risks of the digital world. The OWASP Foundation, in their project about the Top 10 Application Security Risks - 2017, placed “Broken Authentication” as second, “Broken Access Control” as fifth.

Keycloak

Securing a Spring Boot Application with Keycloak - A First Look

In this article, we're going to learn how to: set up a Spring Boot application for a public library, define the application resources, add access policies based on user roles. We're going to use OAuth 2.0 and OpenID Connect, specifically the standard Authorization Code Flow.

Keycloak

Keycloak Basic Configuration for Authentication and Authorization

Managing authentication and authorization is an essential task in every good-designed web application or service. Keycloak makes it very easy and practical, letting us focus on the application business logic rather than on the implementation of security features.

Keycloak

Introducing Keycloak for Identity and Access Management

This article is the first of a series where I'd like to introduce Keycloak as a solution to manage authentication and authorization, how to install it and which are the fundamental concepts and configurations.

Development

Highlights from HL7® FHIR® DevDays 2018 in Amsterdam

Last week I attended the HL7 FHIR DevDays 2018 in Amsterdam, the "most important and largest FHIR only event in the world" organised by Firely. It's been awesome: a lot of interesting and inspiring sessions, exciting projects and a vibrant and friendly community.

Talks

WordCamp London 2018: "Security Is a Process, Not a Plugin" (Talk)

This weekend, I attended the WordCamp London 2018 and talked about the process to secure web applications based on WordPress. Here you can find my slides and the video from my talk.

Talks

WordCamp Torino 2018: "Security Is a Process, Not a Plugin" (Talk)

After organising it last year and delivered a talk about getting started with plugin development, this year I've been to WordCamp Torino 2018 to talk about the process to secure web applications based on WordPress.

Talks

WordCamp Oslo 2018: "Security Is a Process, Not a Plugin" (Talk)

How many times have you considered your WordPress application security only once completed? How many times have you installed a security plugin and thought it was enough? Securing a web application doesn’t mean installing a plugin just before deployment.

WordPress

Working on a WordCamp Website: Tips and Tricks

Last winter, I joined the team organising the WordCamp Torino 2017 as the lead for the website group. In this post, I'd like to write some tips and tricks for managing a WordCamp website: set up an environment, choose and customise a theme, manage speakers, sessions, tickets and content.

WordPress

My First 2 Years as WordPress Contributor

Exactly two years ago, at this same time, I was coming home from Milan after attending the first Italian WordPress Contributor Day. I didn't know then what it would have meant to me, but it was the beginning of something awesome.

Spring

How to enable HTTPS in a Spring Boot Java application

Setting up HTTPS for Spring Boot requires two steps: getting an SSL certificate and configuring SSL in Spring Boot. Whether you're going to generate a self-signed certificate or you have already got one by a CA, I'll show you how to enable HTTPS in a Spring Boot application.

Spring

Spring Data JPA using Hibernate and Java Configuration with Annotations

Spring Data JPA makes it very easy to implement JPA-based repositories. In this tutorial, I’ll show you how to use it to integrate a relational database (PostgreSQL in my example) with a Spring Boot application.

Spring

Getting Started with Spring Data MongoDB using Java Configuration

In this tutorial, I'll show you how to use Spring Data MongoDB to integrate a MongoDB NoSQL database into a Spring Boot application. Spring lets you use either Java configuration or XML configuration or a mix of the two. I'll use a pure Java configuration.

Talks

WordCamp Torino 2017: "Getting Started With WordPress Plugin Development" (Talk)

This morning I gave a talk about how to get started with WordPress Plugin Development at WordCamp Torino 2017. Here you can find the video and the slides of my talk.

Development

How to setup gdb and Eclipse to debug C++ files on macOS Sierra

Using gdb debugger on macOS is no longer straightforward since Xcode stopped using it and replaced it with lldb. Starting from macOS Sierra, there are several steps to follow to make it work. In this article, I'll show you how.

WordPress

WordPress Meetup Torino: "Sviluppare Plugin per WordPress" (Talk)

Le slide e il video del mio talk al WordPress Meetup Torino sui Plugin in WordPress: cosa sono, perché si usano e come svilupparli.

Talks

WordPress Meetup Torino: "I Temi in WordPress" (Talk)

Le slide e il video del mio talk al WordPress Meetup Torino sui Temi in WordPress: cosa sono, come svilupparli, come personalizzarli.

Digital Revolution

Il Web ci rende liberi? Gianni Riotta e la dialettica della rivoluzione digitale

Il Web ci rende liberi? è l’ultimo saggio scritto dal professor Gianni Riotta, che s’interroga sulla domanda che dà il titolo al libro e prova a fornire una risposta soddisfacente.

Digital Revolution

Il "Mito della Caverna" e l'educazione digitale

Internet, nel corso degli anni, ha permesso di accumulare milioni di informazioni visualizzabili da tutti coloro che hanno accesso a questa tecnologia. Con il Web si possono leggere le ultime notizie di attualità, si può consultare un’enciclopedia...

Digital Revolution

Il Web come l'Isola che non c'è, ovvero le Reti della Libertà

Due dei Diritti Inviolabili dell'Uomo sono la libertà di pensiero e la libertà di espressione. Questi diritti sono riconosciuti dalle moderne democrazie e sembrano quasi qualcosa di ovvio.

Digital Revolution

Il Web è accessibile a tutti: e in Italia?

Da uno studio eseguito nel 2012 dall'Istat, emerge che a disporre dell'accesso a Internet è il 54,5% delle famiglie italiane ("Cittadini e nuove tecnologie"). È un dato molto importante e che deve essere tenuto in considerazione in varie situazioni.