Great talk with many valuable background information on underlying patterns and decisions. Also great idea to paste those code blocks using code templates during the talk.
28:44 If Only Java had expressions (Expression in this case) like C# so we could use it to specify what field of auth object we want instead of using magic string.
I wish spring security does not include a default filter chain, they are useless. Every time I had to disable csrf here and disable stateful session there. I would be thinking: why don't we have a RestApiFilterChain. becoz rest api is the main stream now. Also could spring security be more opinionated and less flexible? Just have one way to do things and do things right. The spring security will be much much easier then.
The DSL... the HTTP Security DSL is the biggest failures of Spring Framework. It is absolutely horrible. It is unreadable spaghetti code. It absolutely needs block level elements which the fluent inferface does not have. Fluent works and is readable when it ALWAYS returns the same type. NO one knows how to get the HttpSecurity to work. Every time is is just random stabs in the dark until it suddenly kind-of works and then they to make your app support what ever you got to work that is close enough of what you wanted.
Great talk with many valuable background information on underlying patterns and decisions. Also great idea to paste those code blocks using code templates during the talk.
great talk and very easy to follow along the code provided. Thanks guys!
Great video. And right from the source!
Gold level talk
28:44 If Only Java had expressions (Expression in this case) like C# so we could use it to specify what field of auth object we want instead of using magic string.
Java does have that (Function) but the problem is that annotations have to be known at compile time (short of stupid reflection hacks)
Great work...👏👏👏👏
Great work, please more of this :)
do you guys have any video for authorization based on roles in spring security
bom demais!
Thanks bro
I am wondering if one can have one version of git code with security and one without? If yes, is it easy to be maintained in parallel?
Great talk :))
I wish spring security does not include a default filter chain, they are useless. Every time I had to disable csrf here and disable stateful session there. I would be thinking: why don't we have a RestApiFilterChain. becoz rest api is the main stream now. Also could spring security be more opinionated and less flexible? Just have one way to do things and do things right. The spring security will be much much easier then.
The DSL... the HTTP Security DSL is the biggest failures of Spring Framework. It is absolutely horrible. It is unreadable spaghetti code. It absolutely needs block level elements which the fluent inferface does not have. Fluent works and is readable when it ALWAYS returns the same type.
NO one knows how to get the HttpSecurity to work. Every time is is just random stabs in the dark until it suddenly kind-of works and then they to make your app support what ever you got to work that is close enough of what you wanted.