Code for this blog can be found on github at

Monday, November 28, 2011

Using Groovy as a Transformer with Spring Integration

Working with XML can be "difficult" in a lot of different situations.  But consider the case where your internal system is using JSON for generic data capture, but the external system you need to integrate with is using SOAP?  What could be more convoluted that parsing JSON in order to express XML?  Well, our group found an elegant way to hide all that complexity.

Sunday, November 6, 2011

The right way to hash passwords with Spring Security

When storing passwords, OWASP recommends using a strong salted hash and applying the hash a minimum of 1000 times.  Unfortunately, Spring Security's classes like DaoAuthenticationProvider come out of the box configured to use the PlaintextPasswordEncoder - no hash, no salt, no iterations.  To do this right, we need to reconfigure a bit.