Let's face it, it takes quite a bit of brainpower to configure Spring Security so it does what you want it to do. The architecture of the library is highly modular, so developers are often faced with issues and subtleties in its configuration, leading to grey hair and wasted time. This talk will go through some common caveats and problems of implementing OAuth2 and OIDC integrations with Spring Security, such as custom authorization, what happens under the hood and points where you can plug in your custom implementations within the architecture.
We'll be doing quite some amount of live coding, as I'll go through various examples of handling modern authorization and authentication scenarios in Spring Boot and Spring Security 6.*. The highlight of the coding session will be overriding and extending the token handlers in order to support user impersonation in our application, a feature that's crucial in large enterprise systems where you're faced with an issue that affects a single user.
We'll be doing quite some amount of live coding, as I'll go through various examples of handling modern authorization and authentication scenarios in Spring Boot and Spring Security 6.*. The highlight of the coding session will be overriding and extending the token handlers in order to support user impersonation in our application, a feature that's crucial in large enterprise systems where you're faced with an issue that affects a single user.
Cristian Schuszter
CERN
Dr. Cristian Schuszter holds a PhD in Systems Engineering with a focus on distributed fault-tolerant software architectures and machine-learning based failure prediction. In his day-to-day, he is somewhere between a Data and Full-stack Software Engineer, with a wide range of tech & job exposure both in academia and industry.
For the past 7 years he's been working with various teams in CERN (the European Organization for Nuclear Research). Currently he's focusing on the architectural directions of the CERN business computing group, with an emphasis on enterprise Java systems and UI.
For the past 7 years he's been working with various teams in CERN (the European Organization for Nuclear Research). Currently he's focusing on the architectural directions of the CERN business computing group, with an emphasis on enterprise Java systems and UI.