List of videos

Spring I/O 2016 - 19 -20 May Barcelona The number of applications based on a client-side MVC architecture which consume RESTful services, is increasing exponentially. For example, mobile native applications (iOS, Android, etc.) or client-side MVC web applications (AngularJS, React, etc.). In many cases, the security risks associated with those environments are very similar to the traditional web risks associated with server-side MVC architectures based on traditional web frameworks such as Spring MVC, Grails or JSF. Even though the level of complexity to implement attacks against those kinds of client-side MVC architectures can sometimes be higher, the existing risks remain almost the same, basically because many are server-side risks that do not depend on the client-side technology. Analyzing the traditional OWASP Top 10 web risks, we can consider almost all of them are relevant to these new scenarios, except for the XSS risk within native mobile applications which do not use any web rendering feature. So the question is, how can we protect these service based applications against the traditional OWASP Top 10 web risks? HATEOAS is a constraint included within REST application architecture, which, in addition to the already well known benefits such as discoverability and decoupled architecture, can help to improve your application security. Unlike REST implementations without HATEOAS, where the clients determine what they can do next, HATEOAS proposes a new approach where the server not only returns data, but also hypermedia artifacts, giving the client a way to determine the set of actions available at any given point, based on the state of the server application workflow. This talk will present an innovative approach to automate the protection of Spring HATEOAS services against OWASP Top 10 security risks, through the integration of Spring HATEOAS with the Hdiv security framework.

Spring I/O 2016 - 19 -20 May Barcelona Spring Boot DevTools is not the only new feature that boosts your productivity. During this live coding session, we’ll work on 10 common app features and see how Boot is making your life easier.

Spring I/O 2016 - 19 -20 May Barcelona Writing concurrent code that is also correct is unbelievably hard. Naturally, humanity has developed a number of approaches to handle concurrency in the code, starting from basic threads that follow the hardware way to do concurrency to higher level primitives like fibers and work-stealing solutions. But which approach is the best for you? In this session, we'll take a look at a simple concurrent problem and solve it using different ways to manage concurrency: threads, executors, actors, fibers, monadic code with completable futures. All these approaches are different from the simplicity, readability, configuration and management point of view. Some scenarios are better modelled with threads, while sometimes you're better off with actors. We'll discuss the benefits of each approach and figure out when it's worth pursuing in your project.

Spring I/O 2016 - 19 -20 May Barcelona The view layer of Java web applications has undergone a profound transformation along the last years, with the advent of so many client-side frameworks and the move of significant parts of the user interface responsibilities to the browser side. But this has never meant the complete dismissal of the server side as an important factor in the building of web user interfaces, and newer architectures are increasingly stressing the need for good server-side template technologies that work together with the client side in order to create the best and most efficient possible UIs. At the same time, the growing mismatch between web design and software development has not helped reducing the overlap and the conflict between the teams and tools that bring data to the view layer and those in charge of representing such data in the most useful and visually appealing way. Thymeleaf recently appeared in this scenario as a modern Java template engine for the server side aimed at offering the most satisfactory developer experience possible, at the same time as providing a good integration for client-side frameworks during the development process. And it is currently doing so with some degree of success, having become the view layer of choice for many teams, especially in the Spring MVC and Spring Boot ecosystems. This talk will cover the core Thymeleaf concepts as well as its usage in Spring web applications, and also show the new exciting features included in Thymeleaf 3.0.

Spring I/O 2016 - 19 -20 May Barcelona As described in this announcement I made on Spring blog (https://spring.io/blog/2016/02/15/developing-spring-boot-applications-with-kotlin), it is now easy to create a Spring Boot application using Kotlin. Thanks to a sample Geospatial chat application, I will show how Spring Boot and Kotlin share the same pragmatic, innovative and optionated mindset to allow you to build simple but powerful projects. That talk will also provide an opportunity to show how to use a relational database with Spring Data but without JPA in order to use advanced PostgreSQL functionalities (like its powerful spatial database extender PostGIS or the native JSON support) while keeping a lightweight stack.

Spring I/O 2016 - 19 -20 May Barcelona Spring's programming and configuration model has a strong design philosophy with respect to application components and configuration artifacts. Spring's annotation-based component story is fine-tuned for source code readability as well as consistency across an entire application's codebase. This session presents selected Spring Framework 4 component model highlights, with a focus on the upcoming Spring Framework 4.3 and a selection of Java 8 enabled features, illustrated with many code examples and noteworthy design considerations.

Spring I/O 2016 - 19 -20 May Barcelona The talk will explain the journey from a monolithic architecture to Spring Cloud Microservices for application development inside a financial entity, along with the transition to DevOps strategies… a journey that has just begun…

Spring I/O 2016 - 19 -20 May Barcelona Nowadays, it's easy to hear that every big system will inevitably become a big ball of mud and that microservices are the only cure for that disease. We're often convinced by that and blinded by buzzwords we re-implement our systems in new, "better" ways making the same mistakes again and again. In this talk we won't bother with fairy tales nor silver bullets instead we'll focus on the root cause of codebase rot, the cause that lies in the source code, not in the lack of some brand-new architecture, all-problems-solving technology or other magic incantations. We'll take one of the Spring's demo projects and refactor it. We'll discuss existing flaws and question the way things were done. Are you a fan of clean code? See what it means to apply similar thinking at the architectural level.

Spring I/O 2016 (19-20 May, Barcelona) is a two day event focused on the Spring Framework ecosystem www.springio.net