Spring Security Patterns

Great talk with many valuable background information on underlying patterns and decisions. Also great idea to paste those code blocks using code templates during the talk.

great talk and very easy to follow along the code provided. Thanks guys!

Great video. And right from the source!

Great work, please more of this :)

Great work...👏👏👏👏

Gold level talk

Great talk :))

Thanks bro

bom demais!

I am wondering if one can have one version of git code with security and one without? If yes, is it easy to be maintained in parallel?

do you guys have any video for authorization based on roles in spring security

28:44 If Only Java had expressions (Expression in this case) like C# so we could use it to specify what field of auth object we want instead of using magic string.

I wish spring security does not include a default filter chain, they are useless. Every time I had to disable csrf here and disable stateful session there. I would be thinking: why don't we have a RestApiFilterChain. becoz rest api is the main stream now. Also could spring security be more opinionated and less flexible? Just have one way to do things and do things right. The spring security will be much much easier then.

The DSL... the HTTP Security DSL is the biggest failures of Spring Framework. It is absolutely horrible. It is unreadable spaghetti code. It absolutely needs block level elements which the fluent inferface does not have. Fluent works and is readable when it ALWAYS returns the same type.
NO one knows how to get the HttpSecurity to work. Every time is is just random stabs in the dark until it suddenly kind-of works and then they to make your app support what ever you got to work that is close enough of what you wanted.