Lunch & learn: "Security Policies and Spring Boot" (with Nicolas Frankel)

Nowadays, everybody realizes the importance of preventing undue access to one's applications. Many conceptual models are available, e.g., RBAC, ABAC, you name it. Likewise, all popular stacks have frameworks and libraries to help developers implement your chosen policy access.

If your organization only has a handful of apps, that's all fine and dandy, but problems appear at scale. One such problem is keeping under control access configurations across dozens or even hundreds of apps. It requires regular, if not continuous, auditing, which is impossible to achieve when the configuration is code, even worse if it's a compiled language.

Open Policy Agent aims to externalize such configurations in a text format with specified semantics. In this discussion, I'll explain OPA in detail and demo how to migrate from a regular Spring Boot application to an OPA-based approach step-by-step.

Limited seats available (super exclusive to 40, maximum).

About Nicolas Fränkel. Developer Advocate with 15+ years experience consulting for many different customers, in a wide range of contexts (such as telecoms, banking, insurances, large retail and public sector). Usually working on Java/Java EE and Spring technologies, but with focused interests like Rich Internet Applications, Testing, CI/CD and DevOps. Also double as a trainer and triples as a book author.