-
Notifications
You must be signed in to change notification settings - Fork 10
Spring Security 5 The Reactive Bits
Rob Winch github: rwinch
What pieces of Auth are blocking? LDAP calls? Password validation? - Yes
Spring Secutiry will add a default logout page now It will also do content negoation - so in the browser it will send you to a login page, but an ajax request would get a 401.
If you have reactive model attributes, you have to resolve them before the View is resolved cause the View can't resolve them. He has an example with CSRF tokens with a ControllerAdvice
.
The default password encoder used to be a NoOpPasswordEncoder. Ya, that's bad...so now you have to provide one. The StandardPasswordEncoder
is depicrated...
PasswordEncoderFactories.createDelegatingPasswordEncoder
DelegatingPasswordEncoder
- adds a qualifier to the beginning of the password so the passwordencoder (and you) know what was used to encode the password. This would let you handle upgrades of password encoders and the ability to know who needs their password upgraded.
@EnableWebFluxSecurityConfiguration
@AuthenticatedUser
.subscriptOn(Schedulers.parallel()).doOnNext(...)
- If you are bound by CPU for instance when encoding a password.
@EnableReactiveMethodSecurity
- so you can do things like @PostAuthorize("returnObject?.to?.id == principal?.id)
Preauth Filters would be different in reactive vs non-reactive spring security. @AuthenticationWebFilter
. If you are sticking with a non-reactive, all the old filters still work.
AuthorizationContext
- has access to request variables, etc.
How do we auth our tests? @WithMockUser
but that isn't your custom user object. You can make custom annotations to work with the test suite WithMockCustomUser
and WithMockCustomUserFactory
and even Persona's like WithRob
.
ACES Learn to Code
- Git, GitHub GH-Pages
- Ozone Platform Developer Setup
- HTML, JavaScript, CSS
- Tomcat Web Server Setup
- A Simple Node.js App
- Spark with Docker
- Best Practices for Software Development
Other Tutorials
Conferences
- 2018 - DevOps Days Baltimore
- 2018 DevOps Days Baltimore, Part 2
- DevOpsDays---Baltimore
- Cross-Domain-Technical-Forum
- 2017 Potential Conferences
- LAS December 5th 2016
- DI2E Plugfest 2016
- OSCON 2015
- RWX-2015
- SpringOne-2017
- OSCON-2018
- DinosaurJS 2018
Training
- Developing on AWS
- Agile Team Facilitation
- Amazon AWS Big Data Solutions Day
- Cloudera Developer Training for Spark and Hadoop May 2016