Ensuring that applications are secure is now high on most "Deploy to Prod" checklists. Spring Security is the de-facto standard in the Spring ecosystem, bringing robust security and sensible defaults to web apps. It is flexible enough to fit any use-case, thanks to a myriad of configuration options and innumerable extension points.
Newcomers to the library can feel lost when they step out of the "Getting Started" guides and need to fine-tune it to their specific use-case. Developers can find themselves frantically copy-pasting from Stack Overflow until it kinda-sorta works.
This talks aims to provide a useful method for understanding how Spring Security works, and where the extension points are. Through a theory (diagrams!) and practice (live coding!), you will get familiar with the general architecture, foundational patterns and common abstraction. You will understand how they are used in the library code, and how you can draw inspiration from them. And you will discover the latest and greatest from Spring Security 6.0!
Daniel Garnier-Moiroux
Spring @ Broadcom
Daniel Garnier is a software engineer at Broadcom, working in the identity space and on SSO for applications. He is an adjunct professor at Mines Paris, where he teaches CS and software engineering classes.
He contributes to Spring Security, and has a keen interest in automation and developer productivity.