Spring Security: The Good Parts by Daniel Garnier-Moiroux
Vložit
- čas přidán 16. 05. 2024
- How I stopped worrying and learned to love security
Ensuring that applications are secure is now high on most "Deploy to Prod" checklists. Spring Security is the de-facto standard in the Spring ecosystem, bringing robust security and sensible defaults to web apps. It is flexible enough to fit any use-case, thanks to a myriad of configuration options and innumerable extension points.
Newcomers to Spring Security can feel lost when they step out of the "Getting Started" guides and need to fine-tune Spring-Security to their specific use-case. Developers can find themselves frantically copy-pasting from Stack Overflow until it kinda-sorta works.
This talks aims to provide a useful method for understanding how Spring Security works, and where the extension points are. Through a theory (diagrams!) and practice (live coding!), you will get familiar with the general architecture, foundational patterns and common abstraction. You will understand how they are used in the library code, and how you can draw inspiration from them. And you will discover the latest and greatest from Spring Security 6.0! - Věda a technologie
The most clear presentation on Spring Security. Thank you so much Daniel
Awesome presentation, learned a lot, even some coding practices not related to Spring Security, thanks!!
What a great presentation, perfect english, very legible, congrat.
Great presentation on Spring Security. Thanks.
Very good talk!
Awesome presentation. Thank you very much.
Wow, very good described Daniel! Thank you.👍
Awesome content and presentation. Thanks for putting it together and making it happen Daniel! Really appreciated it!
Great presentation👏👏👏
Awesome presentation dude❤
Amazing bro! I´d like to see more videos about this topic !
Vielen Dank!
Perfectionist
beep boop Daniel 😊
I really liked it
Excellent presentation!! I have a question, if controller would never see the password, then if i want a controller to register an user, how could i do it? I mean, for registration user, the user has to send his credentials, I supossed that is in the controller, then do I have to create a filter for it?
Hey @rodanmuro!
In that case, for user registration, it does makes sense to do it in a Controller - it's not performing "authentication", but actually some business logic for "creating" a user.
Great, great presentation. I have a question.
How may I help you? 😊
@@Kehrlann Thanks alot :) I am working on a mutli-module app and want to ask if it is okay to: 1) Use a single login for down stream services hoping to extract useful claims such as roles or username and use this to assign tasks at controller level? Or do you think it is okay to define a security filter chain in the a) spring cloud gateway (and enable oauth2 login) and b) tdefine another security filter chain
at the down stream services?
In case I have say serviceA (moduleA) which manages user login and serviceB (moduleB) which manages another typer of users......in case I want to assign different roles to serviceA user to perform specific actions on serviceC, is it okay to extract claims or tokens (in a particular way) and use this to authorize users managed via serviceA? I can create a minimal example or a diagram. Thanks your talk really (if your a Daniel).
Where's the link to the slides and repo?
stop the video where he shows the linnks!