Spring Security Architecture Principles

Daniel Garnier-Moiroux - Broadcom

When you need to secure your application, you use Spring Security. It’s the de-facto standard, it’s robust, extensible, and brings sensible defaults to your application. But newcomers can feel lost as soon as they step out of the “Getting Started” guides and need to fine-tune the configuration to their specific use-cases. Developers can find themselves frantically copy-pasting from Stack Overflow until it kinda-sorta works.

Spring Security only uses a handful of core building blocks, and they are present everywhere in the library. Knowing what those are, how they are meant to be used, and how to effectively leverage them will give you the keys you need to implement all your custom needs.

This session aims to provide a useful method for understanding Spring Security’s architecture, and how to customize it. Through some theory (diagrams!) and practice (live coding!), you will get familiar with the general architecture, foundational patterns and common abstractions. No more foraging StackOverflow in despair!