SpringOne 2020

We’re heavy users at Spring at work and the more time I spend with it, the more I am appreciating everything it’s doing for me. It’s been around for many years and represents the combined experience building distributed apps of thousands of developers!

SpringOne was a virtual event this year because of times we live in (Covid 😢) and there are a bunch of videos that came out of it that I’m going to start watching …

  • What is Spring? is a great starter talk for the conference. Historical context for the framework which is super important for me because I’m coming back to Java and Spring after a few years away from the ecosystem
    • Spring Framework: Inversion of control, dependency injection, mvc, testing. The framework is the foundation on which everything else builds on. It’s an integration tool that let’s us compose and combine disparate technologies reasonably in code
    • Security, batch, integrations, data are the other bedrock components
    • Boot came a bit later and combines all these pieces tastefully with sensible defaults and world class capabilities
    • Start every project at
  • Batching for the Modern Enterprise
    • Batch computing: “working on finite amount of data without interaction or interruption”
    • Jargon: job, step, tasklet, chunk
    • Jobs are a series of steps. Each looks like : read some data -> process it -> then write something
    • Scaling: He talked about 5 different methods … I can only remember a few 😀 threads, partitioning, chunking, …
  • Spring Boot Observability
    • I really need to look at this more closely. Such observability power with very little energy from a dev
    • Including the spring boot actuator dependency lights up capabilities around standard jvm usage metrics, jmx things if present, and a framework for custom metrics (timers, counters, gauges)
  • Spring Security Patterns
    • Very good primer for using the spring security module
    • We kept coming back to security by default
    • Java based configuration of spring security looks great. You can create a UserDetailsService to identify users and help establish sessions. You can also leverage a built in capability to run a resource server
    • The url space of an application can be secured from a central place in code (SecurityConfig)
      • /location
    • Basic auth (username, password) is intentionally slow and expensive. A password encoder is designed to take a lot of compute and time which isn’t great for an api server under load. Using an auth token (oauth2?) gives you the same security but is faster to verify
  • A Deep Dive into Spring Application Events
    • Spring has a built in way to publish events in business logic with event registration. Super flexible.
    • Events can be produced and consumed in process as needed to help with maintaining bounded contexts and a loosely coupled architecture
      • Events can be sent outside the origin process too to a message queue or some such as well
    • Really neat stuff!
  • Security Patterns for Microservice Architectures
    • List of things we should be doing in our services
    • Dependency scanning, openid connect for authentication / authorization, secrets handling, secure coding practices
    • Book: Secure by Design has a few chapters worth a skim
      • 12 factor, cloud based design techniques
      • DDD shows up and object immutability
      • Failure handling looks nice
    • Light, fun romp through several topics with pointers for going deeper