crystalhansen

Discussions on code language development and projects associated with it.

Building Sovereign Social Automation with Meta's System Users

A technical guide on bypassing session flakes using Meta System Users for multi-tenant SaaS.

3 min read · 2026

React Login Series - Building a Login Feature | 7 Part Series

A production-style authentication system built with React, Tailwind, using localStorage, API abstraction, and full testing coverage.

6 min read · 2025

Building a Studio Booking App

Ever want to build a booking app and see what is under the hood of such a system?

4 min read · 2025

Layer 5 — Spring Security: Role-Based Authorization and CORS

A deep dive into Spring Security's authorization layer — covering @PreAuthorize, tenant-scoped roles, CORS configuration mistakes, and the integration tests that validate the full security chain.

16 min read · May 12, 2026

2026 · spring-security authorization cors roles java spring-boot · architecture
Layer 4 — API Key Authentication: Securing Machine-to-Machine Requests

A deep dive into API key authentication in a Spring Boot multi-tenant API — covering when to use keys vs JWTs, hashing at rest, the session passthrough bug, and a complete test matrix.

14 min read · May 12, 2026

2026 · api-key authentication spring-boot security automation java · architecture
Layer 2 — Tenant Resolution: How a Single API Instance Serves Multiple Customers Safely

A deep dive into multi-tenant data isolation using Host-header-based tenant resolution, thread-local context, and Hibernate filters — including the failure modes that cause data leakage.

13 min read · May 12, 2026

2026 · multi-tenant spring-boot hibernate security saas data-isolation · architecture
Layer 1 — nginx as Your Security Perimeter: SSL Termination and Access Logging

A deep dive into using nginx as the outermost security layer in a multi-tenant SaaS — covering TLS configuration, Let's Encrypt automation, access log design, and rate limiting.

11 min read · May 12, 2026

2026 · nginx ssl tls security devops lets-encrypt · architecture
Setting Up Transactional & Marketing Email with AWS SES

A developer's guide to configuring AWS SES for transactional email, DNS authentication, multi-tenant templates, and marketing nurture sequences.

9 min read · May 12, 2026

2026 · aws ses email devops smtp spring-boot · engineering infrastructure

crystalhansen

Discussions on code language development and projects associated with it.

Building Sovereign Social Automation with Meta's System Users

React Login Series - Building a Login Feature | 7 Part Series

Building a Studio Booking App

Layer 5 — Spring Security: Role-Based Authorization and CORS

Layer 4 — API Key Authentication: Securing Machine-to-Machine Requests

Layer 2 — Tenant Resolution: How a Single API Instance Serves Multiple Customers Safely

Layer 1 — nginx as Your Security Perimeter: SSL Termination and Access Logging

Setting Up Transactional & Marketing Email with AWS SES