Spring Security, demystified by Daniel Garnier Moiroux

No video

Spring Security, demystified by Daniel Garnier Moiroux

Рет қаралды 51,811

Жыл бұрын

How I stopped worrying and learned to love security
Ensuring that applications are secure is now high on most "Deploy to Prod" checklists. Spring Security is the de-facto standard in the Spring ecosystem, bringing robust security and sensible defaults to web apps. It is flexible enough to fit any use-case, thanks to a myriad of configuration options and innumerable extension points.
Newcomers to Spring Security can feel lost when they step out of the "Getting Started" guides and need to fine-tune Spring-Security to their specific use-case. Developers can find themselves frantically copy-pasting from Stack Overflow until it kinda-sorta works.
This deep-dive aims to demystify Spring Security and provide a useful method for understanding how it works, and where the extension points are. Through numerous live coding examples, you will get familiar with the general architecture, foundational patterns and common abstraction. You will understand how they are used in the library code, and how you can draw inspiration from them.
DANIEL GARNIER-MOIROUX
Daniel Garnier is a software engineer at VMware, working in the identity space and on SSO for applications. He is an adjunct professor at Mines Paris, where he teaches CS and software engineering classes.
He contributes to Spring Security, and has a keen interest in automation and developer productivity.
------------------------------------------------------------
INTRO
* visuals & editing by @Mercator
* music : Avocado by Ephixa

Пікірлер: 51

@roman_mf Жыл бұрын

One of the (if not THE) most comprehensive talk about Spring Security. Love the presentation style. Would really like to see Daniel talk about reactive Spring Security as well.

@KuldeepYadav-jw7jn Жыл бұрын

This is the best talk on spring security….kudos to the speaker, he explained it so well. Must watch for people working on spring mvc or boot 👏

@venera01010 11 ай бұрын

I am downloading this video. This knowledge can not be lost.

@IgorChistruga Жыл бұрын

Brilliant presentation!!! Thank you, Daniel!!!

@replicant9611 Жыл бұрын

This is really good presentation, the Spring team should be proud of you! 👏

@starn2000 Жыл бұрын

The best spring security presentation I've seen. Thanks

@fumaremigel Жыл бұрын

Thank you for this. Really great talk, and great examples.

@jirilzala7573 Жыл бұрын

This was really amazing talk. I'm struggling with custom auth setup on my spring boot project and this session came as blessing. Daniel is really amazing at teaching. Big thanks to DEVOXX!

@eckhartpedersen3972 Жыл бұрын

Fantastic presentation, thank you very much!

@TheodoreRavindranath Жыл бұрын

Now this is what I call a Master class!!

@wembleyleach 9 ай бұрын

Wow, this talk was amazing. I learned so much practical information about Spring Security that I feel like I can make any changes I need to or figure out where I need to make a change myself by reading through the code.

@cangozpinar Жыл бұрын

Great content ! Wish spring docs and tutorials were this good too.

@mouradvip7 Жыл бұрын

You're brilliant, man! you really saved my job. Gratitude.

@Kehrlann Жыл бұрын

Wow that is amazing feedback, thanks 🙇‍♂

@liseu4330 Жыл бұрын

Excellent talk! 🎉

@ganeshbabu8263 10 ай бұрын

Thanks a lot, All my doubts were cleared!.

@AlexJavaDev 10 ай бұрын

Very amazing talk, hope you'll add more on same thematic.

@indra8189 Жыл бұрын

Thank you for this amazing talk

@alxvdark Жыл бұрын

Great talk, thank you! I'd love to see something similar for the authorization side of Spring Security.

@Kehrlann Жыл бұрын

I'm trying to cook something up for Devoxx 2023 - let's see if I can come up with a compelling story, and have the talk selected 😊

@dan2thi Жыл бұрын

Awesome stuff! 💯💯

@Joe-qv2jo Жыл бұрын

Great talk. Legend 🎉

@trannam9865 8 ай бұрын

incredible talk, thanks.

@mehrabkor8591 Жыл бұрын

Thank you really really greate explaine please continue about spring

@RyanMoonWalking Жыл бұрын

amazing video ever!

@user-hg1hm6ln1f 10 ай бұрын

Brilliant speaker!

@devprototype 9 ай бұрын

Thanks! It was very helpful!

@Kubkochan Жыл бұрын

this asks for pt.2 with authz explained. BTW best presentation. I wouldn't feel sorry for not visiting Venkat's one.

@songbaiyin7830 Жыл бұрын

Superb!

@TimSchraepen Жыл бұрын

Nice and clear presentation. Hot damn!

@lts8683 Жыл бұрын

Thanks

@justtellthemno 11 ай бұрын

This is fire

@arturk9181 8 ай бұрын

42:03 very useful

@cs80211 Жыл бұрын

00:25:30, some important concepts

@kevin3514 Жыл бұрын

50:34 I now understand why Spring Security always throw a 403 when something goes wrong by default lol

@jeankhechfe1594 Жыл бұрын

anyone knows what this indentation plugin is called, or how to activate it if it's a built in to intellij?

@jackstewart9768 Жыл бұрын

Try Ctrl ALT L

@wijesijp 11 ай бұрын

Anyone knows the plugin he used to insert emojis ?

@DeathBender Жыл бұрын

is there a similar demonstration to springs reactive security ? because he mentioned "it works very differently" or is the "configuration part" just similar or basically the same ?

@Kehrlann Жыл бұрын

The configuration side of things is very very similar, a few of the method names change but that's about it. On the implementation side though things do differ. The filters must implement Spring Framework's WebFilter instead of the javax/jakarte Filter - in a reactive fashion return Monos and such. For authentication, there's no equivalent to the ProviderManager - usually filter have single ReactiveAuthenticationManager. There are other ways of dynamically selection authentication behavior, such as DelegatingReactiveAuthenticationManager and/or ReactiveAuthenticationManagerResolver.

@cs80211 Жыл бұрын

00:33:00 SecurityContext, thread local, static global