Spring Security Architecture Principles by Daniel Garnier-Moiroux @ Spring I/O 2024

Рет қаралды 15,037

2 ай бұрын

Spring I/O 2024 - Barcelona, 30-31 May
Slides: 2024.springio.net/slides/spri...
Repo: github.com/Kehrlann/spring-se...
When you need to secure your application, you use Spring Security. It’s the de-facto standard, it’s robust, extensible, and brings sensible defaults to your application. But newcomers can feel lost as soon as they step out of the “Getting Started” guides and need to fine-tune the configuration to their specific use-cases. Developers can find themselves frantically copy-pasting from Stack Overflow until it kinda-sorta works.
Spring Security only uses a handful of core building blocks, and they are present everywhere in the library. Knowing what those are, how they are meant to be used, and how to effectively leverage them will give you the keys you need to implement all your custom needs.
This session aims to provide a useful method for understanding Spring Security’s architecture, and how to customize it. Through some theory (diagrams!) and practice (live coding!), you will get familiar with the general architecture, foundational patterns and common abstractions. No more foraging StackOverflow in despair!

Пікірлер: 30

@jesprotech Ай бұрын

This session is great because it simplifies and condenses the core of Spring Security in one short session. Love it! Great session!

@ShubhamYadav-lt6dt Ай бұрын

This session is fantastic! It simplifies and condenses the essence of Spring Security into one brief session. Love it!

@johnsandwich6726 Ай бұрын

it is a very interesting presentation of the material, you do not fall asleep in the first minute of the story. That's how the presentation should be! thank you

@aminesafi7261 Ай бұрын

You oversimplified things, many thanks

@TechTalksWeekly Ай бұрын

This is a great talk and it's been featured in the last issue of Tech Talks Weekly newsletter 🎉 Congrats Daniel! 👏

@DanielGarnier-Moiroux Ай бұрын

Thanks a lot, very honored 🤩

@chrizzking Ай бұрын

Great for learning! Thx for sharing

@Ztall0880 Ай бұрын

great session. Thanks.

@huythong3821 Ай бұрын

the most interesting presentation that I have seen.

@knight5970 18 күн бұрын

the best thing about this session is that i learned spring security and Spanish both in best way

@user-gk1sw6tg5g 16 күн бұрын

excellent explanation. been struggling to really get it and this just made it so accessible. the info just passed all my brain's filters and is all sending back 200's! ;)

@deolexx Ай бұрын

Really nice security essentials lecture

@momedalhouma14 Ай бұрын

to the point, thank you.

@theritesh973 Ай бұрын

Nice Talk👏

@scwan-ew8uh Ай бұрын

Great

@djoleezcool Ай бұрын

13:16 a question. If we are using Client Credentials flow, should we put the same filter or ti will be something like BearerTokenAuthenticationFilter?

@ilkou Ай бұрын

my best part is how fast the project is recompiled and can be tested on the browser, vite but for backend dev haha I wonder if it recompiles as fast when the project is massive 🤔

@DanielGarnier-Moiroux Ай бұрын

A combination of "Spring Boot Devtools" which does hot reload when compiled classes change, and "gradle assemble --continuous" which watches for file changes and incrementally rebuilds the project. ⚡⚡⚡

@angloper 8 күн бұрын

what a nice

@alzamer88 26 күн бұрын

at 27:47 he said to pretend that there is no existing solution and built a custom one. so, is there any existing solution?

@maneshipocrates2264 Ай бұрын

Not perfectly easy but good talk

@xdeama Ай бұрын

I don’t get why people hate Spring Security. Whenever I learn a new language, I wish it had something close to Spring Security.

@davidtheprogrammer Ай бұрын

It's simple if you get it and it's not if you don't. This security model is really not beginner friendly. These are a lot of concepts

@marcux83 Ай бұрын

spring security configuration.. shudder

@tashi7160 Ай бұрын

the whole thing is kinda overcomplicated and keep carrying the decades old baggages.

@angelgruevski Ай бұрын

Not really. Once you learn it you realize how much Spring does things for you and makes Security easy.

@abccbaandy Ай бұрын

Agree, it's easy to break things. Most people just pick a class randomly to do their job.

@samuelvishesh Ай бұрын

What about the Reactive web stack? We don’t have a “filter” there right?

@DanielGarnier-Moiroux 28 күн бұрын

There are filters, but the interface is called WebFilter ; they have a "Mono filter(ServerWebExchange exchange, WebFilterChain chain)" method. The exchange encapsulates both the request and the response objects.

@samuelvishesh 28 күн бұрын

@@DanielGarnier-Moiroux thank you for the head start. I’ll look into WebFilters