A Bootiful Podcast Spring Security lead Rob Winch on Spring Security 7.0, SpringOne 2025, and more
Jul 31, 2025
In this engaging conversation with Rob Winch, the Spring Security lead for over a decade, listeners dive into the exciting new features of Spring Security 7.0 set for release in November 2025. Rob discusses the evolution from XML to Java configuration, making security smoother for developers. Highlights include token management enhancements, the integration of nullability standards, and advancements in user authentication like passkeys and multi-factor authentication. The conversation is light-hearted yet informative, blending technical insights with community enthusiasm for upcoming innovations.
AI Snips
Chapters
Transcript
Episode notes
Optimize Authentication Lookup
- Use a Supplier for authentication retrieval to defer expensive session lookups until necessary.
- This optimizes performance by avoiding database hits for unauthenticated permitAll requests.
Authorization Manager Replacement Strategy
- The legacy access decision manager and voter mechanism is deprecated and may be removed or maintained externally.
- A factory allows swapping authorization manager implementations to support custom authorization checks.
OAuth Integration for Interface REST Clients
- Spring Security 7 adds integration with interface-based REST clients for OAuth token handling.
- It dynamically adds access tokens based on annotations on client interface methods, avoiding redundant client instances.