Spring Security: The Good Parts by Daniel Garnier-Moiroux
How I stopped worrying and learned to love security
Ensuring that applications are secure is now high on most "Deploy to Prod" checklists. Spring Security is the de-facto standard in the Spring ecosystem, bringing robust security and sensible defaults to web apps. It is flexible enough to fit any use-case, thanks to a myriad of configuration options and innumerable extension points.
Newcomers to Spring Security can feel lost when they step out of the "Getting Started" guides and need to fine-tune Spring-Security to their specific use-case. Developers can find themselves frantically copy-pasting from Stack Overflow until it kinda-sorta works.
This talks aims to provide a useful method for understanding how Spring Security works, and where the extension points are. Through a theory (diagrams!) and practice (live coding!), you will get familiar with the general architecture, foundational patterns and common abstraction. You will understand how they are used in the library code, and how you can draw inspiration from them. And you will discover the latest and greatest from Spring Security 6.0!
Пікірлер: 23
The most clear presentation on Spring Security. Thank you so much Daniel
What a great presentation, perfect english, very legible, congrat.
Awesome content and presentation. Thanks for putting it together and making it happen Daniel! Really appreciated it!
Wow, very good described Daniel! Thank you.👍
Awesome presentation, learned a lot, even some coding practices not related to Spring Security, thanks!!
Great presentation on Spring Security. Thanks.
Awesome presentation. Thank you very much.
Amazing bro! I´d like to see more videos about this topic !
Great presentation👏👏👏
Very good talk!
Awesome presentation dude❤
I really liked it
Perfectionist
beep boop Daniel 😊
Vielen Dank!
Excellent presentation!! I have a question, if controller would never see the password, then if i want a controller to register an user, how could i do it? I mean, for registration user, the user has to send his credentials, I supossed that is in the controller, then do I have to create a filter for it?
@Kehrlann
10 ай бұрын
Hey @rodanmuro! In that case, for user registration, it does makes sense to do it in a Controller - it's not performing "authentication", but actually some business logic for "creating" a user.
Great, great presentation. I have a question.
@Kehrlann
Жыл бұрын
How may I help you? 😊
@maneshipocrates2264
Жыл бұрын
@@Kehrlann Thanks alot :) I am working on a mutli-module app and want to ask if it is okay to: 1) Use a single login for down stream services hoping to extract useful claims such as roles or username and use this to assign tasks at controller level? Or do you think it is okay to define a security filter chain in the a) spring cloud gateway (and enable oauth2 login) and b) tdefine another security filter chain at the down stream services?
@maneshipocrates2264
Жыл бұрын
In case I have say serviceA (moduleA) which manages user login and serviceB (moduleB) which manages another typer of users......in case I want to assign different roles to serviceA user to perform specific actions on serviceC, is it okay to extract claims or tokens (in a particular way) and use this to authorize users managed via serviceA? I can create a minimal example or a diagram. Thanks your talk really (if your a Daniel).
Where's the link to the slides and repo?
@beryalex1798
3 ай бұрын
stop the video where he shows the linnks!