facebook noscript

How to Achieve PCI Compliance with 3 Lines of Code Using the Spring Framework

August 20, 2018
engineering-default

If you have an API that interacts with credit card data, before using your API in the wild you'll need to make sure it is secure and PCI compliant.

One straightforward solution for this is to redact every credit card number that goes through your API. If you have a Java-based web application that uses the Spring framework, what would you do? Would you use a third party or find your own way to solve this problem?

spring-vgs-java
Usually, implementing systemic security functionality requires non-trivial resources and extensive planning. An easier and more efficient method is utilizing a fast, well-tested, and stable solution. This is where VGS comes into play.

What exactly is VGS? VGS is a data security and compliance platform that enables you to interact with sensitive data without the liability of securing it. If you use VGS, it's easy to maintain your application functionality as you move sensitive data off of your system and ensure that it stays off. You remove your company from the flow of sensitive data while preserving your ability to operate on it. And since you’re not touching or holding the data anymore, it can't be leaked.

Let's dive into the integration process.

Installation

Before you begin, you'll need to add this library as a dependency to your project.
For Maven:

<repositories>
    <repository>
        <id>vgs-oss</id>
        <name>vgs-oss</name>
        <url>https://dl.bintray.com/vg/vgs-oss</url>
    </repository>
</repositories>
<dependency>
    <groupId>com.verygoodsecurity</groupId>
    <artifactId>vgs-proxy-spring</artifactId>
    <version>1.0.0</version>
</dependency>

For Gradle:

repositories {
    maven {
        url "https://dl.bintray.com/vg/vgs-oss"
    }
}

compile 'com.verygoodsecurity:vgs-proxy-spring:1.0.0'

Usage

First, set the vgs.proxy.url property in the application context for the vault you want to integrate with. Look for the Outbound Route URL on the Integration tab within the VGS dashboard. It should look similar to this one: https://USvWJyqzunxnW1pDKxgvPLmf:3da78204-e566-4e03-a03a-d84e3d1d4d1b@tntabeiyol.SANDBOX.verygoodproxy.com:8080

Next, follow the steps to configure a RestTemplate. In order for it to use the VGS forward proxy, you need to:

  • Declare a bean annotated with @VgsProxied.
  • Annotate any configuration class with @EnableVgsProxy

Here's an example configuration you may end up with:

@Configuration
@EnableVgsProxy
public class AppConfig {

    @Bean
    @VgsProxied
    public RestTemplate restTemplate() {
        return new RestTemplate();
    }
}

At this point you've used only 3 lines of additional code. Once you configure the routes on your VGS dashboard, you are instantly able to secure your traffic.

Not every HTTP request should be proxied, so you may also want a RestTemplate that is not configured to use the proxy. For this, simply declare another bean and inject it as normal:

@Configuration
@EnableVgsProxy
public class AppConfig {

    @Bean
    @VgsProxied
    public RestTemplate vgsProxied() {
        return new RestTemplate();
    }

    @Bean
    @Primary
    public RestTemplate restTemplate() {
        return new RestTemplate();
    }
}

Here's an example of a simple HTTP client you might have in your code:

@Component
public class MySecureClient {

  private final RestTemplate vgsProxied;

  @Autowired
  public MySecureClient(@VgsProxied RestTemplate vgsProxied) {
    this.vgsProxied = vgsProxied;
  }

  public void doSecureStuff(String json) {
    vgsProxied.postForObject("https://httpbin.verygoodsecurity.io/post", json, String.class);
  }
}

Don't miss the next Developer Office Hours with our CTO

Join Us

Conclusion

Since most solutions aren't easily integrated or are outdated, there's often pushback on projects interacting with sensitive information. Either these projects may be blocked on explicit compliance issues like PCI or GDPR, or there may be concerns on the engineering work and management overhead required just to secure the data. The implementation behind our 3 lines of code is simple, reliable, secure, and multifunctional. Try it out!

For the full example with source code, check out the sample project.

If you have questions about Very Good Security, our product functionality, or our compliance solutions, please get in touch.

Want to jump right in? Check out our getting started guide. It will take you about 15 minutes to fully integrate.

Oleg Yatskiv Oleg Yatskiv

Backend Engineer at VGS

Share

You Might also be interested in...

data-security-default

A Very Good Approach to Security

Marshall Jones August 28, 2018

news-default

VGS Completes 2018 PCI-DSS 3.2

Marshall Jones July 26, 2018

engineering-default

Quick 3-Click Integration with VGS

Ulyana Falach July 9, 2018