Security
Topic
Security
Security is a topic where the defaults are usually wrong and the fixes are rarely advertised. These posts cover JWT misuse, Spring Security's brutal learning curve, and the patterns that hold up once the system is exposed to the open internet.
Backend
OAuth2 Was a Framework Pretending to Be a Protocol
RFC 6749 calls itself a framework, not a protocol, and that one word explains why every OAuth2 integration is bespoke. The footguns, and what OAuth 2.1 fixes.
Read more BackendYour JWT Is Not a Session
JWTs cannot be revoked, permissions inside them go stale, and clocks drift. The failure modes that appear when you treat a signed token like a session.
Read more BackendSpring Boot Security Is Hard and That's Okay
Spring Security has a brutal learning curve. The filter chain is confusing, the docs assume too much, and 403 errors haunt your dreams. But it's worth it.
Read more