A Bootiful Podcast Spring Security contributor Josh Cummings on the latest-and-greatest in Spring Security 7
11 snips
Oct 9, 2025 Josh Cummings, a seasoned Spring Security contributor, shares his expertise on the latest advancements in Spring Security 7, including multi-factor authentication (MFA). He discusses why built-in MFA is crucial and how it aligns with authentication authorities. Cummings also reveals new protocols like OAuth Authorization Server and SAML joining the platform. The conversation dives into modularizing legacy APIs and the importance of granular configuration for robust authorization, while emphasizing security enhancements that come with each version upgrade.
AI Snips
Chapters
Books
Transcript
Episode notes
Personal Backstory And Team Tenure
- Josh Cummings described his family life and long tenure with Spring Security, highlighting seven children and a long career arc.
- He used personal details to humanize his role on the Spring team and frame his perspective.
MFA As Authorities Sequence
- Josh Cummings reframes MFA as a sequence of authentication authorities rather than separate processes.
- Representing each authentication as a granted authority simplifies authorization decisions across the app.
Avoid Repeating MFA In Authorization Rules
- Declare authorization rules once and let Spring Security manage factor details to avoid repeating factor conditions across rules.
- Use the framework's components so your DSL remains unchanged while MFA is handled internally.
