Spring Security’s the go-to for securing Spring Boot apps – it handles the “who” (authentication) and the “can I do that?” (authorization). While hasRole(...) gets you up and running, real-world scenarios demand a multi-phase approach: extract and transform user data (think OpenID claims) at login, decide and enforce policies at the right points, then wire in custom logic to keep everything airtight.
In this live-coding sequel to the 2022 Deep Dive, Daniel Garnier Moiroux walks you through every access-control pattern Spring Security offers. You’ll see hands-on demos, compare roles vs. permissions vs. policies, and pick up practical tips to build a rock-solid authorization architecture.
Watch on YouTube
Top comments (0)