Authorization in Spring Security: Permissions, Roles and Beyond

Spring Security is your one-stop shop for locking down Spring Boot apps, handling everything from authentication (who are you?) to authorization (can you do that?). Daniel Garnier Moiroux shows you how to level up from simple hasRole(...) checks to building rock-solid, multi-phase authorization pipelines: extract and transform user data at login, make policy decisions at the right time and place, then enforce them in code with the right strategies.

This follow-up to the 2022 Deep Dive on Spring Security is packed with live-coded examples that reveal all the access-control patterns Spring Security offers. You’ll walk away with a mental toolbox of practical tips, trade-offs and best practices for crafting secure, maintainable authorization logic in your apps.

Watch on YouTube