Identity crisis: bending Spring Security to your advanced use-cases
Speaker
About this talk
Let's face it, it takes quite a bit of brainpower to configure Spring Security so it does what you want it to do. The architecture of the library is highly modular, so developers are often faced with issues and subtleties in its configuration, leading to grey hair and wasted time. This talk will go through some common caveats and problems of implementing OAuth2 and OIDC integrations with Spring Security, such as custom authorization, what happens under the hood and points where you can plug in your custom implementations within the architecture. We'll be doing quite some amount of live coding, as I'll go through various examples of handling modern authorization and authentication scenarios in Spring Boot and Spring Security 6.*. The highlight of the coding session will be overriding and extending the token handlers in order to support user impersonation in our application, a feature that's crucial in large enterprise systems where you're faced with an issue that affects a single user. Code linked by the QR available at: https://gitlab.cern.ch/ischuszt/identity-crisis
More talks to watch
Kotlin - the new and noteworthyAnton Arhipov
Dockerfiles, Jib ..., what's the best way to run your Java code in Containers?Matthias Haeussle
How to survive as a developer in the exponential age of AI - KeynoteSander Hoogendoorn
Your frontend is ☠️ ⚠️ Let's measure its impact with CO2 jsKo Turk
Let’s use IntelliJ as a game engine, just because we canAlexander Chatzizacharias
Beyond the Prompt: Evaluating, Testing, and Securing LLM ApplicationsMete Atamel