Architecture Deep Dive in Spring Security

Рет қаралды 47,453

Күн бұрын

Пікірлер

@cpandit803 6 жыл бұрын

For all the folks asking for Spring Security Architecture Slides here you go... github.com/jgrandja/presentations/blob/master/SpringIO-Barcelona2017-JoeGrandja.pdf

@ramakotiah 2 жыл бұрын

Thank you

@jhonatanorz 7 жыл бұрын

For those looking for the slides: files.meetup.com/6015342/Spring%20Toronto%20-%20Joe%20Grandja.pdf.

@shashankmanitripathi7335 8 жыл бұрын

Anyhow it is fine session, but properly displaying the screen would have been a lot more helpful. please update the Slideshare link..

@swaritagarwal5816 6 жыл бұрын

Use above link

@drizzyDreF 8 жыл бұрын

Slides link pls?

@privettoli 8 жыл бұрын

Afe dare +

@anaclaraesponda132 7 жыл бұрын

@prasaddixit 8 жыл бұрын

This is an excellent presentation. Gives a good understanding of spring security basics. Video has an issue though. Its very difficult to read the slides on the tv as its rendered pretty much white blob on small screen devices (phones). Would you be able to share the slides ?

@anmoldeep0123 5 жыл бұрын

Wonderful talk Mr Joe . Thank you .

@linecode6860 4 жыл бұрын

Very good explanation and the questions were very helpful to understand more !!

@madhurgwa 7 жыл бұрын

Great session with nice information, but this video needs to be edited where slides should run in any side of the the speaker.

@nilesh8481 7 жыл бұрын

Detail can be found here docs.spring.io/spring-security/site/docs/3.0.x/reference/technical-overview.html

@ankushkale1 6 жыл бұрын

Presentation: files.meetup.com/6015342/Spring%20Toronto%20-%20Joe%20Grandja.pdf

@bCool-sl5cy 3 жыл бұрын

I awaited you to show us the big picture first: the web-app without security, what's happening when an http request comes in. After that, just by adding the spring-security dependecie the "magic" is security begins. The one important filter that welcomes the request and how the security process involves. I must admit that I have just seen the first 11 minutes.

@vinothkumar1791 8 жыл бұрын

can I get slides very difficult to see the monitor

@sanjaybharatiya5074 8 жыл бұрын

Excellent video. Joe gave a lot of useful information. Thanks a lot for this vidoe.

@AvinashJ21 3 жыл бұрын

Not able to read anything from screens

@sinamehrad5721 4 жыл бұрын

How can I download the slides?

@terrycollins7549 8 жыл бұрын

Please share the slides

@sunilkumarkota6847 6 жыл бұрын

I learnt a lot today ,because before this I am totally confused about spring security..Thank you..But Slides are difficult to view and no clarity.

@saikasyapdamerla7550 7 жыл бұрын

It was really helpful to get high level view on spring security..

@_mvr_ 5 жыл бұрын

SpringBoot developers seem generally very tired I hope their projects are working fine

@privettoli 8 жыл бұрын

what about 1080p?

@paulmimicry9147 4 жыл бұрын

I cant see the presentation :(

@aakoss 8 жыл бұрын

Are there slides available to go with this? Slideshare perhaps?

@hrvojecrnjak9225 7 жыл бұрын

Wonderful talk! Too bad slides are not provided

@यवधेशसांचीहरसंस्कृत 4 жыл бұрын

मैं टीवी पर कुछ देख नहीं पाया। पर कार्यशाला अच्छी थी।

@liamzhang6126 6 жыл бұрын

Only after the video I understand how Spring Security works. However I still don't understand how Spring Security remembers the Authenticated User. Because after the request is done SecurityContextHolder clears the Authentication from the ThreadLocal. So what happens on next request from user? How SecurityContext know that the request come from the same user?

@pauldibenedetto6711 6 жыл бұрын

Great question!

@liamzhang6126 6 жыл бұрын

I found an answer in the Spring Security Reference documentation at 9.4.4 Storing the SecurityContext between requests. Depending on the type of application, there may need to be a strategy in place to store the security context between user operations. In a typical web application, a user logs in once and is subsequently identified by their session Id. The server caches the principal information for the duration session. In Spring Security, the responsibility for storing the SecurityContext between requests falls to the SecurityContextPersistenceFilter, which by default stores the context as an HttpSession attribute between HTTP requests. It restores the context to the SecurityContextHolder for each request and, crucially, clears the SecurityContextHolder when the request completes. You shouldn’t interact directly with the HttpSession for security purposes. There is simply no justification for doing so - always use the SecurityContextHolder instead.

@AvinashGA 8 жыл бұрын

Excellent presentation. A link to the slides might have added even more excellence for the cause :)

@rajatagrawal141 5 жыл бұрын

where is the link for the github repo

@nemoduff1371 6 жыл бұрын

Please share the slides!

@anubhavgoel7922 6 жыл бұрын

plz share the slides link

@kpt2048 7 жыл бұрын

slides please

@morvenhuang1499 7 жыл бұрын

the monitor behind him is so fuzzy, cannot see nothing.

@SarathAnnareddy 7 жыл бұрын

neat talk. thanks a bunch.

@davidafsilva 8 жыл бұрын

Properly displaying the screen would have been a lot more helpful. At least here, on youtube. Oh well..

@GuilhermeCesarMedeiros 5 жыл бұрын

Please put the subtitles, these automatically generated are not good.

@ihateidiots1316 4 жыл бұрын

Spring Security definitely sucks because: 1) a very awful design decisions 2) overengineered concepts for simple things, for example http.addHeaderWriter(new DelegatingRequestMatcherHeaderWriter(new AntPathRequestMatcher("/login"), new XFrameOptionsHeaderWriter(new WhiteListedAllowFromStrategy(Arrays.asList("www.facebook.com", "www.google.com"))))) 3) expressions in annotations like @AuthenticationPrincipal(expression = "@jpaEntityManager.merge(#this)") 4) SecurityContext.getInstance() static method to retrieve security context while using DI-container at the same time 5) SecurityContextHolder sucks 6) horrible code