List of videos

Spring I/O 2022 - Barcelona, 26-27 May Slides: https://speakerdeck.com/mploed/getting-modules-right-with-domain-driven-design Domain-driven Design helps teams achieve a better alignment between the business and the technical architecture in order to design applications that have highly expressive and maintainable domain models. This talk aims at giving you an overview of Domain-driven Design and how the ideas behind it help you to create better modular applications. We will talk about aspects from strategic Domain-driven Design such as Bounded Contexts and Subdomains, in addition to that the talk will explain the most important patterns from the tactical part of Domain-driven Design (Aggregate, Entity, Value Object). Finally you will learn about methods that help you in getting a better understanding about the domain you are working in.

Spring I/O 2022 - Barcelona, 26-27 May JDK Flight Recorder, like its namesake, the flight recorder in an airplane, can be an excellent tool for collecting information on a Java application as it is running and when problems occur. In this presentation we will get an intro on how to use JDK flight recorder to collect information about our Java applications, interpret the results, and how to use the information to improve our applications!

Spring I/O 2022 - Barcelona, 26-27 May Join us in our 10th edition: 18-19 May 2023

Spring I/O 2023 - 18-19 May Juergen Hoeller, Sébastien Deleuze, Alina Yurenko, Josh Long

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://github.com/andifalk/api-security/blob/main/presentations/spring_io_2023/All_your_APIs_are_mine_springio_2023.pdf GitHub Repo: https://github.com/andifalk/api-security With Spring, it is very easy to implement APIs. Making them robust against a variety of attack types is much harder. Developers will learn about several real-world attack scenarios. Live demos will show how these can be mitigated with the help of Spring Security and appropriate design patterns. With the increasing popularity of APIs, attacks on them are also steadily increasing. Often, design flaws such as weak authentication, lack of authorization, or unnecessarily exposing confidential data make it far too easy for attackers to reach their target. In this talk, I will discuss the most prevalent threats to modern APIs and outline recommended strategies for developers to secure their own APIs. In doing so, I will cover the most commonly used standards and architectural styles these days, such as Rest, GraphQL, and gRPC. Using a sample Spring Boot application, I will show practical examples of (in)secure APIs. The talk is aimed at software developers, architects, and security enthusiasts alike. Knowledge of the Java programming language and Spring Boot is helpful.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://www.slideshare.net/StevePember/anatomy-of-a-spring-boot-app-with-clean-architecture-spring-io-2023 GitHub repo: https://github.com/spember/spring-shoestore In my years of experience, Clean Architecture and its inspirations have been the easiest way to create readable, flexible codebases that can be worked on by large teams. This will be a good introductory talk with example code that attendees can reference at a later date. We as an industry often talk quite a bit about the design of platform: the high-level architectures involving microservices, distributed systems, etc. But what about the internal architecture of a given application? How can one prevent their individual codebases from becoming the muddiest of mud balls? Over the years we have found great success in keeping our codebases coherent and straightforward by following many of the principles of Clean Architecture - which itself can be considered an evolution of “Ports and Adapters”, and “Hexagonal Architecture”. Its main concept is that a given system must be imagined as Layers of ‘circles’ with a Dependency Rule which states that code dependencies many only point inwards; outer layers may call inner layers, but inner layers know nothing of the outer layers. These layers and their relationship rules give clear guidelines on where different code should live. This keeps your core business logic independent of and agnostic to the Details. Which database are we using to store “User” entity records? Which third-party service are we using for Authorization? While important, these Details are not the concern of your core business logic. They can be swapped in and out by implementing an interface; these concerns do not and can not pollute the rest of your core business logic. If followed correctly, the end result is a clearly structured, easily testable application, that is quick to react when external details need to change. In this presentation we will present the general philosophy of Clean Architecture, Hexagonal Architecture, and Ports & Adapters: discussing why these approaches are useful and general guidelines for introducing them to your code. Chiefly, we will show how to implement these patterns within your Spring (Boot) Applications. Through a publicly available reference app, we will demonstrate what these concepts can look like within Spring and walkthrough a handful of scenarios: isolating core business logic, ease of testing, and adding a new feature or two.

Spring I/O 2023 - Barcelona, 18-19 May Of course we all love the Spring ecosystem and its technologies. Of couse it is important to understand your tech stack as a developer. Of course you become a great developer or architect by understanding modern patterns and architectures. But isn’t it a bit boring to just churn out code just for codes sake? In this talk I want to motivate you to leave your comfort zone and to take a step back. This talks aims at motivating you as a developer or an architect to dig deep into the domain of your business and your product. I firmly believe that this will make you a great and especially a more valuable developer. If we understand the business we can make better design choices as developers / architects. We can highlight misalignments in our organization. We will be able to come up with better tests. This talk will not just be limited to the motivating side of this topic. I will also give you tons of hints and tips how you can get started in this journey, who your allies may be and how to tackle this difficult task. This talk will also come with many examples of success and failure from the real world. I guess we will laugh a lot during this session but sometimes we’ll also shake our heads in utter disbelieve in those 50 minutes.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://2023.springio.net/docs/slides/going-native-fast-and-lightweight-spring-boot-applications-with-graalvm-alina-yurenko-springio23.pdf Spring Boot 3.0 has introduced GA of GraalVM Native Image support, previously incubated in the Spring Native project. Now you can easily compile your Spring Boot application ahead of time with GraalVM to produce a native executable that starts fast, needs less memory, and doesn’t require a JVM. In this session we’ll take a look at building native Spring Boot apps from scratch, leveraging latest GraalVM features, and using popular libraries.

Spring I/O 2023 - Barcelona, 18-19 May Slides: https://speakerdeck.com/bnasslahsen/o-2023-barcelona GitHub Repo: https://github.com/bnasslahsen/conjur-spring-boot-demos/tree/spring-io-23 Many applications require some sort of secret, such as a database password, a certificate. The growing popularity of Kubernetes and cloud adoption has gotten the attention of attackers and raised the stakes for developers. There are many challenges of secrets management in spring-boot applications. This session will summarise the different available patterns for securing cloud native application secrets. It will demo open-source secrets management solutions like Conjur for securing access, enforcing policy, and authenticating access requests. Now, developers and DevOps engineers search for the capabilities to properly secure secrets in DevOps Pipelines. To do their job, developers need to write applications that require secure access to resources via secrets, and security teams need to mitigate risk. This can lead to contention between developers and security teams. The Talk will cover the following topics: - Increase the awareness of the vulnerabilities and risks. Remove No hard-coded credentials - Simplify secrets management - Introduction to the secret zero problem - Secure all application types, everywhere with JWT and Cert Based Authentication - Strong authentication and authorization - ABAC – apply least privilege - When to use Sidecar and init container patterns to improve applications security in Kubernetes ? - What is the Secretless pattern? - How to get full auditing and control by security team ?