Spring Security, demystified by Daniel Garnier Moiroux
Vložit
- čas přidán 11. 10. 2022
- How I stopped worrying and learned to love security
Ensuring that applications are secure is now high on most "Deploy to Prod" checklists. Spring Security is the de-facto standard in the Spring ecosystem, bringing robust security and sensible defaults to web apps. It is flexible enough to fit any use-case, thanks to a myriad of configuration options and innumerable extension points.
Newcomers to Spring Security can feel lost when they step out of the "Getting Started" guides and need to fine-tune Spring-Security to their specific use-case. Developers can find themselves frantically copy-pasting from Stack Overflow until it kinda-sorta works.
This deep-dive aims to demystify Spring Security and provide a useful method for understanding how it works, and where the extension points are. Through numerous live coding examples, you will get familiar with the general architecture, foundational patterns and common abstraction. You will understand how they are used in the library code, and how you can draw inspiration from them.
DANIEL GARNIER-MOIROUX
Daniel Garnier is a software engineer at VMware, working in the identity space and on SSO for applications. He is an adjunct professor at Mines Paris, where he teaches CS and software engineering classes.
He contributes to Spring Security, and has a keen interest in automation and developer productivity.
------------------------------------------------------------
INTRO
* visuals & editing by @Mercator
* music : Avocado by Ephixa - Věda a technologie
One of the (if not THE) most comprehensive talk about Spring Security. Love the presentation style. Would really like to see Daniel talk about reactive Spring Security as well.
This is the best talk on spring security….kudos to the speaker, he explained it so well. Must watch for people working on spring mvc or boot 👏
I am downloading this video. This knowledge can not be lost.
Fantastic presentation, thank you very much!
Thank you for this. Really great talk, and great examples.
Brilliant presentation!!! Thank you, Daniel!!!
Now this is what I call a Master class!!
Thank you for this amazing talk
This is really good presentation, the Spring team should be proud of you! 👏
The best spring security presentation I've seen. Thanks
Great content ! Wish spring docs and tutorials were this good too.
Excellent talk! 🎉
Thanks a lot, All my doubts were cleared!.
Wow, this talk was amazing. I learned so much practical information about Spring Security that I feel like I can make any changes I need to or figure out where I need to make a change myself by reading through the code.
incredible talk, thanks.
This was really amazing talk. I'm struggling with custom auth setup on my spring boot project and this session came as blessing. Daniel is really amazing at teaching. Big thanks to DEVOXX!
Very amazing talk, hope you'll add more on same thematic.
Great talk. Legend 🎉
Thanks! It was very helpful!
amazing video ever!
Brilliant speaker!
Awesome stuff! 💯💯
Thank you really really greate explaine please continue about spring
Superb!
You're brilliant, man! you really saved my job.
Gratitude.
Wow that is amazing feedback, thanks 🙇♂
Great talk, thank you! I'd love to see something similar for the authorization side of Spring Security.
I'm trying to cook something up for Devoxx 2023 - let's see if I can come up with a compelling story, and have the talk selected 😊
this asks for pt.2 with authz explained. BTW best presentation. I wouldn't feel sorry for not visiting Venkat's one.
Nice and clear presentation. Hot damn!
This is fire
Thanks
00:25:30, some important concepts
42:03 very useful
50:34 I now understand why Spring Security always throw a 403 when something goes wrong by default lol
00:33:00 SecurityContext, thread local, static global
Anyone knows the plugin he used to insert emojis ?
is there a similar demonstration to springs reactive security ? because he mentioned "it works very differently" or is the "configuration part" just similar or basically the same ?
The configuration side of things is very very similar, a few of the method names change but that's about it.
On the implementation side though things do differ. The filters must implement Spring Framework's WebFilter instead of the javax/jakarte Filter - in a reactive fashion return Monos and such.
For authentication, there's no equivalent to the ProviderManager - usually filter have single ReactiveAuthenticationManager. There are other ways of dynamically selection authentication behavior, such as DelegatingReactiveAuthenticationManager and/or ReactiveAuthenticationManagerResolver.
can Someone plz tell me , does this video come with JWT also?
ANywhere we can get the slides?
How can I have only one Authentication provider in the entire filter chain?
anyone knows what this indentation plugin is called, or how to activate it if it's a built in to intellij?
Try Ctrl ALT L
00:39:00 about filter,
how does he get the content of the clipboard? so amazing
windows + v
I use the Flycut app on macOs
@Devoxx team, Very small code window and so as fonts..
15:10
Great presentation Daniel @devoxx