it is a very interesting presentation of the material, you do not fall asleep in the first minute of the story. That's how the presentation should be! thank you
excellent explanation. been struggling to really get it and this just made it so accessible. the info just passed all my brain's filters and is all sending back 200's! ;)
I’ve tried to understand this for the fourth time, and I find many tutorials unhelpful. Most just show someone writing code without explaining why or what else I can do. I end up copying the code like a kid copying homework, without grasping the concepts.
my best part is how fast the project is recompiled and can be tested on the browser, vite but for backend dev haha I wonder if it recompiles as fast when the project is massive 🤔
A combination of "Spring Boot Devtools" which does hot reload when compiled classes change, and "gradle assemble --continuous" which watches for file changes and incrementally rebuilds the project. ⚡⚡⚡
is @Configuration annotation still needed in the SecurityConfig class when @EnableWebSecurity already has @Configuration in it? At around 6:38 in the video. Edit: it's needed.
Yes, there are many solutions. For example, you can do mutual TLS (mTLS), where the client presents a certificate when making requests. Or if you're doing oauth, you can use the client_credentials grant. You could even imagine something like HTTP-basic auth.
There are filters, but the interface is called WebFilter ; they have a "Mono filter(ServerWebExchange exchange, WebFilterChain chain)" method. The exchange encapsulates both the request and the response objects.
This session is great because it simplifies and condenses the core of Spring Security in one short session. Love it! Great session!
it is a very interesting presentation of the material, you do not fall asleep in the first minute of the story. That's how the presentation should be! thank you
This is a great talk and it's been featured in the last issue of Tech Talks Weekly newsletter 🎉
Congrats Daniel! 👏
Thanks a lot, very honored 🤩
This session is fantastic! It simplifies and condenses the essence of Spring Security into one brief session. Love it!
You oversimplified things, many thanks
excellent explanation. been struggling to really get it and this just made it so accessible. the info just passed all my brain's filters and is all sending back 200's! ;)
the most interesting presentation that I have seen.
Really nice security essentials lecture
Great for learning! Thx for sharing
great session. Thanks.
to the point, thank you.
very useful video!!
I don’t get why people hate Spring Security. Whenever I learn a new language, I wish it had something close to Spring Security.
I’ve tried to understand this for the fourth time, and I find many tutorials unhelpful. Most just show someone writing code without explaining why or what else I can do. I end up copying the code like a kid copying homework, without grasping the concepts.
after this video I know understand the code I copied thousands of times hh
13:16 a question. If we are using Client Credentials flow, should we put the same filter or ti will be something like BearerTokenAuthenticationFilter?
my best part is how fast the project is recompiled and can be tested on the browser, vite but for backend dev haha
I wonder if it recompiles as fast when the project is massive 🤔
A combination of "Spring Boot Devtools" which does hot reload when compiled classes change, and "gradle assemble --continuous" which watches for file changes and incrementally rebuilds the project.
⚡⚡⚡
the best thing about this session is that i learned spring security and Spanish both in best way
Nice Talk👏
is @Configuration annotation still needed in the SecurityConfig class when @EnableWebSecurity already has @Configuration in it? At around 6:38 in the video.
Edit: it's needed.
Super
Great
at 27:47 he said to pretend that there is no existing solution and built a custom one. so, is there any existing solution?
Yes, there are many solutions. For example, you can do mutual TLS (mTLS), where the client presents a certificate when making requests. Or if you're doing oauth, you can use the client_credentials grant. You could even imagine something like HTTP-basic auth.
He makes it look like so simple, why the documentation is so complicated :?
And the logging-level is a fucking million dol tip
what a nice
Not perfectly easy but good talk
It's simple if you get it and it's not if you don't. This security model is really not beginner friendly. These are a lot of concepts
4:58 begin from here and don't waste your time
spring security configuration.. shudder
the whole thing is kinda overcomplicated and keep carrying the decades old baggages.
Not really. Once you learn it you realize how much Spring does things for you and makes Security easy.
Agree, it's easy to break things. Most people just pick a class randomly to do their job.
What about the Reactive web stack? We don’t have a “filter” there right?
There are filters, but the interface is called WebFilter ; they have a "Mono filter(ServerWebExchange exchange, WebFilterChain chain)" method. The exchange encapsulates both the request and the response objects.
@@DanielGarnier-Moiroux thank you for the head start. I’ll look into WebFilters