Bootiful Spring Security

“Security is hard!” is what the person who does not attend this talk might rightly contend. But you are going to attend this talk, because you know that getting security right will be a win when it comes time to justify your attendance at SpringOne, and nobody, and we mean, nobody, will give you more working code to chew on than Spring Security lead Rob Winch and his trusty and faithful sidekick, Josh Long. In this session, we will look at security defaults, password management, authentication and authorization, one-time tokens, passkeys, OAuth (including the amazing Spring Authorization Server), method security, and general tips on how to simplify standing up and validating such projects with Testcontainers and Testjars.