A Bootiful Podcast Spring Security lead Rob Winch on Spring Security 7.0, SpringOne 2025, and more
Jul 31, 2025
In this engaging conversation with Rob Winch, the Spring Security lead for over a decade, listeners dive into the exciting new features of Spring Security 7.0 set for release in November 2025. Rob discusses the evolution from XML to Java configuration, making security smoother for developers. Highlights include token management enhancements, the integration of nullability standards, and advancements in user authentication like passkeys and multi-factor authentication. The conversation is light-hearted yet informative, blending technical insights with community enthusiasm for upcoming innovations.
AI Snips
Chapters
Transcript
Episode notes
Evolution of Spring Security DSL
- Rob Winch shared the evolution of Spring Security's Java DSL from XML style to using Java 8 Lambdas.
- This redesign significantly reduced code complexity and improved developer experience.
Simplified Authorization Model
- Spring Security replaced the old access decision manager and voter model with a simpler authorization manager.
- It uses a Supplier for the Authentication to avoid unnecessary session lookups for permitAll requests.
Optimize Authentication Lookup
- Use a Supplier for authentication retrieval to defer expensive session lookups until necessary.
- This optimizes performance by avoiding database hits for unauthenticated permitAll requests.