Summary
Spring Security is the go-to for locking down your Spring Boot app, but once you move beyond simple hasRole(…) checks, things get tricky. You need a multi-phase approach: at login you pull in user info (think OpenID claims), then you split authorization into “policy decision” (who gets to do what?) and “policy enforcement” (where those checks happen), and finally you wire it all up in code.
In this follow-up to the 2022 Deep Dive, Daniel Garnier Moiroux live-codes everything you need to know about access control patterns in Spring Security. You’ll walk away with a clear blueprint for architecting robust authorization and practical advice on the trade-offs of different mechanisms.
Watch on YouTube
Top comments (0)