it is a very interesting presentation of the material, you do not fall asleep in the first minute of the story. That's how the presentation should be! thank you
excellent explanation. been struggling to really get it and this just made it so accessible. the info just passed all my brain's filters and is all sending back 200's! ;)
Can anyone explain? At 11:38 When creating ProhibitoFilter, why didn't he include any annotations or beans above class or methods? Like @Configuration or @Bean
Because it is used in exactly one place, in my SecurityFilterChain bean, it doesn’t need to be available to my whole app. Exposing security filters through @Bean or @Component may have unintended consequences, so I prefer explicitly new-ing them.
is @Configuration annotation still needed in the SecurityConfig class when @EnableWebSecurity already has @Configuration in it? At around 6:38 in the video. Edit: it's needed.
@@shortcuter4 it is not required because the filter is getting registered in the security filter chain by explicitly mentioning it in the configuration class. We don't need to depend on the component scanning to make the filter visible to spring. I hope this helps!
Yes, there are many solutions. For example, you can do mutual TLS (mTLS), where the client presents a certificate when making requests. Or if you're doing oauth, you can use the client_credentials grant. You could even imagine something like HTTP-basic auth.
my best part is how fast the project is recompiled and can be tested on the browser, vite but for backend dev haha I wonder if it recompiles as fast when the project is massive 🤔
A combination of "Spring Boot Devtools" which does hot reload when compiled classes change, and "gradle assemble --continuous" which watches for file changes and incrementally rebuilds the project. ⚡⚡⚡
I’ve tried to understand this for the fourth time, and I find many tutorials unhelpful. Most just show someone writing code without explaining why or what else I can do. I end up copying the code like a kid copying homework, without grasping the concepts.
There are filters, but the interface is called WebFilter ; they have a "Mono filter(ServerWebExchange exchange, WebFilterChain chain)" method. The exchange encapsulates both the request and the response objects.
This session is great because it simplifies and condenses the core of Spring Security in one short session. Love it! Great session!
it is a very interesting presentation of the material, you do not fall asleep in the first minute of the story. That's how the presentation should be! thank you
This session is fantastic! It simplifies and condenses the essence of Spring Security into one brief session. Love it!
This is a great talk and it's been featured in the last issue of Tech Talks Weekly newsletter 🎉
Congrats Daniel! 👏
Thanks a lot, very honored 🤩
excellent explanation. been struggling to really get it and this just made it so accessible. the info just passed all my brain's filters and is all sending back 200's! ;)
the most interesting presentation that I have seen.
Really nice security essentials lecture
13:16 a question. If we are using Client Credentials flow, should we put the same filter or ti will be something like BearerTokenAuthenticationFilter?
the best thing about this session is that i learned spring security and Spanish both in best way
Great for learning! Thx for sharing
Can anyone explain?
At 11:38
When creating ProhibitoFilter, why didn't he include any annotations or beans above class or methods? Like @Configuration or @Bean
Because it is used in exactly one place, in my SecurityFilterChain bean, it doesn’t need to be available to my whole app.
Exposing security filters through @Bean or @Component may have unintended consequences, so I prefer explicitly new-ing them.
You oversimplified things, many thanks
great session. Thanks.
is @Configuration annotation still needed in the SecurityConfig class when @EnableWebSecurity already has @Configuration in it? At around 6:38 in the video.
Edit: it's needed.
What about 11:38 ?
When creating ProhibitoFilter, why didn't he include any annotations or beans above class or methods?
@@shortcuter4 it is not required because the filter is getting registered in the security filter chain by explicitly mentioning it in the configuration class. We don't need to depend on the component scanning to make the filter visible to spring. I hope this helps!
at 27:47 he said to pretend that there is no existing solution and built a custom one. so, is there any existing solution?
Yes, there are many solutions. For example, you can do mutual TLS (mTLS), where the client presents a certificate when making requests. Or if you're doing oauth, you can use the client_credentials grant. You could even imagine something like HTTP-basic auth.
very useful video!!
my best part is how fast the project is recompiled and can be tested on the browser, vite but for backend dev haha
I wonder if it recompiles as fast when the project is massive 🤔
A combination of "Spring Boot Devtools" which does hot reload when compiled classes change, and "gradle assemble --continuous" which watches for file changes and incrementally rebuilds the project.
⚡⚡⚡
He makes it look like so simple, why the documentation is so complicated :?
And the logging-level is a fucking million dol tip
to the point, thank you.
I don’t get why people hate Spring Security. Whenever I learn a new language, I wish it had something close to Spring Security.
I’ve tried to understand this for the fourth time, and I find many tutorials unhelpful. Most just show someone writing code without explaining why or what else I can do. I end up copying the code like a kid copying homework, without grasping the concepts.
after this video I know understand the code I copied thousands of times hh
Nice Talk👏
Super
Not perfectly easy but good talk
Great
It's simple if you get it and it's not if you don't. This security model is really not beginner friendly. These are a lot of concepts
what a nice
4:58 begin from here and don't waste your time
spring security configuration.. shudder
the whole thing is kinda overcomplicated and keep carrying the decades old baggages.
Not really. Once you learn it you realize how much Spring does things for you and makes Security easy.
Agree, it's easy to break things. Most people just pick a class randomly to do their job.
What about the Reactive web stack? We don’t have a “filter” there right?
There are filters, but the interface is called WebFilter ; they have a "Mono filter(ServerWebExchange exchange, WebFilterChain chain)" method. The exchange encapsulates both the request and the response objects.
@@DanielGarnier-Moiroux thank you for the head start. I’ll look into WebFilters