{"id":108419,"date":"2021-01-14T10:00:00","date_gmt":"2021-01-14T08:00:00","guid":{"rendered":"https:\/\/www.javacodegeeks.com\/?p=108419"},"modified":"2021-01-11T19:48:40","modified_gmt":"2021-01-11T17:48:40","slug":"content-security-policy-nonce-with-spring-security","status":"publish","type":"post","link":"https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html","title":{"rendered":"Content-Security-Policy Nonce with Spring Security"},"content":{"rendered":"<p><a href=\"https:\/\/content-security-policy.com\/\">Content-Security-Policy<\/a>&nbsp;is important for web security. Yet, it\u2019s not mainstream yet, it\u2019s syntax is hard, it\u2019s rather prohibitive and tools rarely have flexible support for it.<\/p>\n<p>While Spring Security does have a built-in Content Security Policy (CSP) configuration, it allows you to specify the policy a a string, not build it dynamically. And in some cases you need more than that.<\/p>\n<p>In particular, CSP discourages the user of inline javascript, because it introduces vulnerabilities. If you really need it, you can use&nbsp;<a href=\"https:\/\/content-security-policy.com\/unsafe-inline\/\"><code>unsafe-inline<\/code><\/a>&nbsp;but that\u2019s a bad approach, as it negates the whole point of CSP. The alternative presented on that page is to use&nbsp;<code>hash<\/code>&nbsp;or&nbsp;<code>nonce<\/code>.<\/p>\n<p>I\u2019ll explain how to use nonce with spring security, if you are using\u00a0<code>.and().headers().contentSecurityPolicy(policy)<\/code>. The policy string is static, so you can\u2019t generate a random nonce for each request. And having a static nonce is useless. So first, you define a CSP nonce filter:<\/p>\n<pre class=\"brush:java\">\npublic class CSPNonceFilter extends GenericFilterBean {\n    private static final int NONCE_SIZE = 32; \/\/recommended is at least 128 bits\/16 bytes\n    private static final String CSP_NONCE_ATTRIBUTE = \"cspNonce\";\n \n    private SecureRandom secureRandom = new SecureRandom();\n \n    @Override\n    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {\n        HttpServletRequest request = (HttpServletRequest) req;\n        HttpServletResponse response = (HttpServletResponse) res;\n \n        byte[] nonceArray = new byte[NONCE_SIZE];\n \n        secureRandom.nextBytes(nonceArray);\n \n        String nonce = Base64.getEncoder().encodeToString(nonceArray);\n        request.setAttribute(CSP_NONCE_ATTRIBUTE, nonce);\n \n        chain.doFilter(request, new CSPNonceResponseWrapper(response, nonce));\n    }\n \n    \/**\n     * Wrapper to fill the nonce value\n     *\/\n    public static class CSPNonceResponseWrapper extends HttpServletResponseWrapper {\n        private String nonce;\n \n        public CSPNonceResponseWrapper(HttpServletResponse response, String nonce) {\n            super(response);\n            this.nonce = nonce;\n        }\n \n        @Override\n        public void setHeader(String name, String value) {\n            if (name.equals(\"Content-Security-Policy\") && StringUtils.isNotBlank(value)) {\n                super.setHeader(name, value.replace(\"{nonce}\", nonce));\n            } else {\n                super.setHeader(name, value);\n            }\n        }\n \n        @Override\n        public void addHeader(String name, String value) {\n            if (name.equals(\"Content-Security-Policy\") && StringUtils.isNotBlank(value)) {\n                super.addHeader(name, value.replace(\"{nonce}\", nonce));\n            } else {\n                super.addHeader(name, value);\n            }\n        }\n    }\n}\n<\/pre>\n<p>And then you configure it with spring security using:&nbsp;<code>.addFilterBefore(new CSPNonceFilter(), HeaderWriterFilter.class)<\/code>.<div style=\"display:inline-block; margin: 15px 0;\"> <div id=\"adngin-JavaCodeGeeks_incontent_video-0\" style=\"display:inline-block;\"><\/div> <\/div><\/p>\n<p>The policy string should containt&nbsp;<code>`nonce-{nonce}`<\/code>&nbsp;which would get replaced with a random nonce on each request.<\/p>\n<p>The filter is set before the&nbsp;<code>HeaderWriterFilter<\/code>&nbsp;so that it can wrap the response and intercept all calls to setting headers. Why it can\u2019t be done by just overriding the headers after they are set by the HeaderWriterFiilter, using response.setHeader(..) \u2013 because the response is already committed and overriding does nothing.<\/p>\n<p>Then in your pages where you for some reason need inline scripts, you can use:<\/p>\n<pre class=\"brush:bash\">\n<script nonce=\"{{ cspNonce }}\">...<\/script>\n<\/pre>\n<p>(I\u2019m using the Pebble template syntax; but you can use any template to output the request attribute \u201ccsp-nonce\u201d)<\/p>\n<p>Once again, inline javascript is rarely a good idea, but sometimes it\u2019s necessary, at least temporarily \u2013 if you are adding a CSP to a legacy application, for example, and can\u2019t rewrite everything).<\/p>\n<p>We should have CSP everywhere, but building the policy should be aided by the frameworks we use, otherwise it\u2019s rather tedious to write a proper policy that doesn\u2019t break your application and is secure at the same time.<\/p>\n<div class=\"attribution\">\n<table>\n<tbody>\n<tr>\n<td>Published on Java Code Geeks with permission by Bozhidar Bozhanov, partner at our <a href=\"\/\/www.javacodegeeks.com\/join-us\/jcg\/\" target=\"_blank\" rel=\"noopener\">JCG program<\/a>. See the original article here: <a href=\"https:\/\/techblog.bozho.net\/content-security-policy-nonce-with-spring-security\/\" target=\"_blank\" rel=\"noopener\">Content-Security-Policy Nonce with Spring Security<\/a><\/p>\n<p>Opinions expressed by Java Code Geeks contributors are their own.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Content-Security-Policy&nbsp;is important for web security. Yet, it\u2019s not mainstream yet, it\u2019s syntax is hard, it\u2019s rather prohibitive and tools rarely have flexible support for it. While Spring Security does have a built-in Content Security Policy (CSP) configuration, it allows you to specify the policy a a string, not build it dynamically. And in some cases &hellip;<\/p>\n","protected":false},"author":55,"featured_media":240,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[30,125],"class_list":["post-108419","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-enterprise-java","tag-spring","tag-spring-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Content-Security-Policy Nonce with Spring Security - Java Code Geeks<\/title>\n<meta name=\"description\" content=\"Content-Security-Policy&nbsp;is important for web security. Yet, it\u2019s not mainstream yet, it\u2019s syntax is hard, it\u2019s rather prohibitive and tools rarely\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Content-Security-Policy Nonce with Spring Security - Java Code Geeks\" \/>\n<meta property=\"og:description\" content=\"Content-Security-Policy&nbsp;is important for web security. Yet, it\u2019s not mainstream yet, it\u2019s syntax is hard, it\u2019s rather prohibitive and tools rarely\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html\" \/>\n<meta property=\"og:site_name\" content=\"Java Code Geeks\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/javacodegeeks\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-14T08:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"150\" \/>\n\t<meta property=\"og:image:height\" content=\"150\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Bozhidar Bozhanov\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@javacodegeeks\" \/>\n<meta name=\"twitter:site\" content=\"@javacodegeeks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Bozhidar Bozhanov\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2021\\\/01\\\/content-security-policy-nonce-with-spring-security.html#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2021\\\/01\\\/content-security-policy-nonce-with-spring-security.html\"},\"author\":{\"name\":\"Bozhidar Bozhanov\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/person\\\/1eaacbb8d159c99fd32e6b51198a1e79\"},\"headline\":\"Content-Security-Policy Nonce with Spring Security\",\"datePublished\":\"2021-01-14T08:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2021\\\/01\\\/content-security-policy-nonce-with-spring-security.html\"},\"wordCount\":389,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2021\\\/01\\\/content-security-policy-nonce-with-spring-security.html#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/spring-logo.jpg\",\"keywords\":[\"Spring\",\"Spring Security\"],\"articleSection\":[\"Enterprise Java\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.javacodegeeks.com\\\/2021\\\/01\\\/content-security-policy-nonce-with-spring-security.html#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2021\\\/01\\\/content-security-policy-nonce-with-spring-security.html\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2021\\\/01\\\/content-security-policy-nonce-with-spring-security.html\",\"name\":\"Content-Security-Policy Nonce with Spring Security - Java Code Geeks\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2021\\\/01\\\/content-security-policy-nonce-with-spring-security.html#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2021\\\/01\\\/content-security-policy-nonce-with-spring-security.html#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/spring-logo.jpg\",\"datePublished\":\"2021-01-14T08:00:00+00:00\",\"description\":\"Content-Security-Policy&nbsp;is important for web security. Yet, it\u2019s not mainstream yet, it\u2019s syntax is hard, it\u2019s rather prohibitive and tools rarely\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2021\\\/01\\\/content-security-policy-nonce-with-spring-security.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.javacodegeeks.com\\\/2021\\\/01\\\/content-security-policy-nonce-with-spring-security.html\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2021\\\/01\\\/content-security-policy-nonce-with-spring-security.html#primaryimage\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/spring-logo.jpg\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/spring-logo.jpg\",\"width\":150,\"height\":150,\"caption\":\"spring-interview-questions-answers\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2021\\\/01\\\/content-security-policy-nonce-with-spring-security.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Java\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/category\\\/java\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Enterprise Java\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/category\\\/java\\\/enterprise-java\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Content-Security-Policy Nonce with Spring Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#website\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\",\"name\":\"Java Code Geeks\",\"description\":\"Java Developers Resource Center\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\"},\"alternateName\":\"JCG\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.javacodegeeks.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\",\"name\":\"Exelixis Media P.C.\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/exelixis-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/exelixis-logo.png\",\"width\":864,\"height\":246,\"caption\":\"Exelixis Media P.C.\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/javacodegeeks\",\"https:\\\/\\\/x.com\\\/javacodegeeks\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/person\\\/1eaacbb8d159c99fd32e6b51198a1e79\",\"name\":\"Bozhidar Bozhanov\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/bozhidar.bozhanov.jpg\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/bozhidar.bozhanov.jpg\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/bozhidar.bozhanov.jpg\",\"caption\":\"Bozhidar Bozhanov\"},\"description\":\"Senior Java developer, one of the top stackoverflow users, fluent with Java and Java technology stacks - Spring, JPA, JavaEE, as well as Android, Scala and any framework you throw at him. creator of Computoser - an algorithmic music composer. Worked on telecom projects, e-government and large-scale online recruitment and navigation platforms.\",\"sameAs\":[\"http:\\\/\\\/techblog.bozho.net\\\/\"],\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/author\\\/bozhidar-bozhanov\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Content-Security-Policy Nonce with Spring Security - Java Code Geeks","description":"Content-Security-Policy&nbsp;is important for web security. Yet, it\u2019s not mainstream yet, it\u2019s syntax is hard, it\u2019s rather prohibitive and tools rarely","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html","og_locale":"en_US","og_type":"article","og_title":"Content-Security-Policy Nonce with Spring Security - Java Code Geeks","og_description":"Content-Security-Policy&nbsp;is important for web security. Yet, it\u2019s not mainstream yet, it\u2019s syntax is hard, it\u2019s rather prohibitive and tools rarely","og_url":"https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html","og_site_name":"Java Code Geeks","article_publisher":"https:\/\/www.facebook.com\/javacodegeeks","article_published_time":"2021-01-14T08:00:00+00:00","og_image":[{"width":150,"height":150,"url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","type":"image\/jpeg"}],"author":"Bozhidar Bozhanov","twitter_card":"summary_large_image","twitter_creator":"@javacodegeeks","twitter_site":"@javacodegeeks","twitter_misc":{"Written by":"Bozhidar Bozhanov","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html#article","isPartOf":{"@id":"https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html"},"author":{"name":"Bozhidar Bozhanov","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/person\/1eaacbb8d159c99fd32e6b51198a1e79"},"headline":"Content-Security-Policy Nonce with Spring Security","datePublished":"2021-01-14T08:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html"},"wordCount":389,"commentCount":1,"publisher":{"@id":"https:\/\/www.javacodegeeks.com\/#organization"},"image":{"@id":"https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html#primaryimage"},"thumbnailUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","keywords":["Spring","Spring Security"],"articleSection":["Enterprise Java"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html","url":"https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html","name":"Content-Security-Policy Nonce with Spring Security - Java Code Geeks","isPartOf":{"@id":"https:\/\/www.javacodegeeks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html#primaryimage"},"image":{"@id":"https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html#primaryimage"},"thumbnailUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","datePublished":"2021-01-14T08:00:00+00:00","description":"Content-Security-Policy&nbsp;is important for web security. Yet, it\u2019s not mainstream yet, it\u2019s syntax is hard, it\u2019s rather prohibitive and tools rarely","breadcrumb":{"@id":"https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html#primaryimage","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/spring-logo.jpg","width":150,"height":150,"caption":"spring-interview-questions-answers"},{"@type":"BreadcrumbList","@id":"https:\/\/www.javacodegeeks.com\/2021\/01\/content-security-policy-nonce-with-spring-security.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.javacodegeeks.com\/"},{"@type":"ListItem","position":2,"name":"Java","item":"https:\/\/www.javacodegeeks.com\/category\/java"},{"@type":"ListItem","position":3,"name":"Enterprise Java","item":"https:\/\/www.javacodegeeks.com\/category\/java\/enterprise-java"},{"@type":"ListItem","position":4,"name":"Content-Security-Policy Nonce with Spring Security"}]},{"@type":"WebSite","@id":"https:\/\/www.javacodegeeks.com\/#website","url":"https:\/\/www.javacodegeeks.com\/","name":"Java Code Geeks","description":"Java Developers Resource Center","publisher":{"@id":"https:\/\/www.javacodegeeks.com\/#organization"},"alternateName":"JCG","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.javacodegeeks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.javacodegeeks.com\/#organization","name":"Exelixis Media P.C.","url":"https:\/\/www.javacodegeeks.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","width":864,"height":246,"caption":"Exelixis Media P.C."},"image":{"@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/javacodegeeks","https:\/\/x.com\/javacodegeeks"]},{"@type":"Person","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/person\/1eaacbb8d159c99fd32e6b51198a1e79","name":"Bozhidar Bozhanov","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/12\/bozhidar.bozhanov.jpg","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/12\/bozhidar.bozhanov.jpg","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/12\/bozhidar.bozhanov.jpg","caption":"Bozhidar Bozhanov"},"description":"Senior Java developer, one of the top stackoverflow users, fluent with Java and Java technology stacks - Spring, JPA, JavaEE, as well as Android, Scala and any framework you throw at him. creator of Computoser - an algorithmic music composer. Worked on telecom projects, e-government and large-scale online recruitment and navigation platforms.","sameAs":["http:\/\/techblog.bozho.net\/"],"url":"https:\/\/www.javacodegeeks.com\/author\/bozhidar-bozhanov"}]}},"_links":{"self":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts\/108419","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/comments?post=108419"}],"version-history":[{"count":0,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts\/108419\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/media\/240"}],"wp:attachment":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/media?parent=108419"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/categories?post=108419"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/tags?post=108419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}