Tanzu Tuesdays - Spring Security and OAuth 2.0 with Josh Cummings
Spring Security was born in the days of server-generated HTML, when JavaScript was that annoying little brother you avoided but couldn’t keep from following you around. Now, JavaScript is all grown-up with a mortgage, a family, and a debugger. Is Spring Security still relevant in these modern times where many backends are little more than a REST API? In this talk, you’ll see why the answer is “yes”. We’ll start with an unsecured JavaScript frontend and Spring Boot backend. Step-by-step, we’ll make decisions about CORS, CSRF, and OAuth, each simplified by Spring Security. Also, you’ll get a sneak peek at the experimental Spring Authorization Server! === Josh Cummings Josh loves to code, and his kids love to code, too! Since the early days with a TRS-80 from Radio Shack, he’s loved building whatever came to mind. These days, he contributes full-time to the Spring Security codebase. He also is the author of a handful of Pluralsight courses about web application security in Java, which all feature Terracotta Bank, an open source intentionally-vulnerable web application that helps engineers practice ethical hacking as well as secure coding in Java.