 All right So hi guys, I'm Mayank I'm the developer rules manager and the release manager for open MRS And today I'm going to talk about how you can use spring security and spring security over two frameworks to implement security as an Aspect in your Java base web applications So let's say that you have a simple client server architecture setup and that you have programmed all the business logic For your web application on the server side of it now you are taking off implementing some advanced things like role-based access control Which can be That the same page is viewed differently by the admin by the moderator by the guest or by a registered user or cast or Want to authorization server or detect a CSR if it act etc. So spring security allows you to do that How it does is spring security is essentially a filter chain, which is backed by an API so it intercepts all the request and response objects which are directed to your server and It passes it on to the filter chain first So when the first filter receives the request and response objects, it does some work on it It interacts with the API to load some configuration and data and then forward social Request and response objects to the next filter in the chain So this process goes on until we hit the last filter and finally hit the endpoint Of your web application. So at that point you can inquire with the spring security API to ask questions like oh Was there a CSRF attack in this request or does this person even have the privileges to hit this endpoint or not and take appropriate actions? So let me just talk about the flow and configuration of spring security. So The first thing we will see is a delegating filter proxy. It is basically a configuration which defines and The entry point into spring security. So you will say You'll give a URL pattern and anything that matches that URL pattern will be delegated to spring security framework The next thing is HTTP security or web security So this is used to define the protected resources of your application and the conditions for access to it So let's say I have a URL slash admin slash star and I say role equal to admin So anyone who has the permissions of admin will only be able to access those resources The next thing is authentication manager, which is essentially interface which packages a lot of authentication providers and authentication provider gives you an implementation of say or what authentication management or The different protocols which are available for authentication How it does that is it uses a user to tail service which connects with your database local database or remote database or Services on the Facebook server to get the token and stuff The next component is an access decision manager, which is probably the main component that decides whether The request is going to hit the endpoint or not. It is based on a number of things. One of them is a voting base system So based on the event else conditions that we define the final decision is made by the access decision manager So spring security is a framework and spring security is built on top of it spring security provides you a lot of folks and Ways to customize it and spring security builds an authorization server and a resource server on top of it and Spring security over to itself provides a number of ways to configure those authorization servers and resource servers So one of them is the client detail service configuror which uses the user detail service, which I just talked about There are authorization and token endpoints without protected resources or the HTTP Security resources I talked about and we also have grant types. If you have some idea about Over to you could probably tell what I'm talking about The next thing I want to talk about show you is a quick demo All right, so A spring security over to can be configured via XML or All right, so spring security over to can be configured via XML or Using annotations So the amount of code that you need to write is only about 20 lines And you will have us over to authorizations of server running on top of string security So the process would be set of the dependencies of string security set of the dependencies of string security over to And then write 20 lines of XML or lesser Lines in terms of annotations and there you have an over to authorizations over so the video is not playing But I definitely uploaded and a few of those links to the slides and stuff No more time. All right, so I hope that was helpful to people But I'll be around so let me know if you want to talk more about it. Just find me. Thanks