Speaker Topics - No Fluff Just Stuff

Spring Security Rebooted

Security is an important aspect of any application. For many years, Spring Security has been the go-to framework for securing Spring-based application. But historically Spring Security has been cumbersome to work with, involving an enormous amount of XML configuration to shape an application's security scheme.

In recent versions of Spring Security, however, XML-based configuration has taken a backseat to a powerful Java-based configuration option. Spring Security's Java-based configuration offers a fluent API for defining the security constraints for an application which is easy to read and eliminates the need for klunky XML configuration. On top of Spring Security's own configuration improvements, Spring Boot autoconfiguration makes it incredibly easy to get started securing your application, minimizing even the amount of Java configuration required.

In this session, we'll take a look at what's involved in securing a Spring application with Spring Security. In doing so, we'll take full advantage of Spring Boot to autoconfigure as much security as we can get away with and then rely solely on Spring Security's Java-based configuration to shape the security aspect of an application. We'll also briefly look at how to use Spring Security when securing microservices.


About Craig Walls

Craig Walls is a Principal Engineer, Java Champion, Alexa Champion, and the author of Spring AI in Action, Spring in Action, and Build Talking Apps. He's a zealous promoter of the Spring Framework, speaking frequently at local user groups and conferences and writing about Spring. When he's not slinging code, Craig is planning his next trip to Disney World or Disneyland and spending as much time as he can with his wife, two daughters, 1 bird and 2 dogs.

More About Craig »