Sessions

Securing SPAs with Spring

Marcus Hert Da Coregio - VMware

Single Page Applications have become a hot topic in developer communities. When dealing with Authentication and Authorization in such applications, there are some things that have a more delicate approach, like hiding secrets, exposing a REST API to the public internet, amongst others. Those concepts might be difficult to absorb and deal with at first.

There are a lot of different choices to make, should we use JWT, OAuth, SAML, Session-based authentication, etc.? At the end of the day, we just want to start our projects and make them secure, easy to maintain, and resilient to authentication and authorization changes. Fortunately, Spring Security makes it easy for us, by providing out-of-the-box support for authentication, authorization, and prevention against common attacks.

Join Marcus Da Coregio, a Spring Security team member, in this beginner-friendly talk to learn more about: - Secure by Default - SPA Authentication - CORS issues - User Store customization - CSRF tokens - Insecure Direct Object Reference