Spring Security, demystified by Daniel Garnier Moiroux

How I stopped worrying and learned to love security Ensuring that applications are secure is now high on most "Deploy to Prod" checklists. Spring Security is the de-facto standard in the Spring ecosystem, bringing robust security and sensible defaults to web apps. It is flexible enough to fit any use-case, thanks to a myriad of configuration options and innumerable extension points. Newcomers to Spring Security can feel lost when they step out of the "Getting Started" guides and need to fine-tune Spring-Security to their specific use-case. Developers can find themselves frantically copy-pasting from Stack Overflow until it kinda-sorta works. This deep-dive aims to demystify Spring Security and provide a useful method for understanding how it works, and where the extension points are. Through numerous live coding examples, you will get familiar with the general architecture, foundational patterns and common abstraction. You will understand how they are used in the library code, and how you can draw inspiration from them. DANIEL GARNIER-MOIROUX Daniel Garnier is a software engineer at VMware, working in the identity space and on SSO for applications. He is an adjunct professor at Mines Paris, where he teaches CS and software engineering classes. He contributes to Spring Security, and has a keen interest in automation and developer productivity. ------------------------------------------------------------ INTRO * visuals & editing by @Mercator * music : Avocado by Ephixa