loading...

re: Java vs Go: Impressive solutions for invented problems VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Spring Security I'm yet to find a valid reason to include Spring Security in any corporate project. It's simply not maintainable enough for our u...

the fear factor: "Are you really sure you want to reimplement your own security stack instead of going of the industry standardm battle-proven 15 year old Acegi/Spring Security stack ?" ¯_(ツ)_/¯

Re-inventing the wheel is not a good thing. There's options that aren't Spring Security. For example, for those that for some reason like XML, there's Shiro.

Our model though is that Front End applications implement security properly, and the middleware/backend treats the front end as a trusted component with very basic security requirements. This way, the Front End gets penetration tested and we don't have duplicated code/effort in the security layer. We don't have any Front End applications in Spring, and very few in Java.

code of conduct - report abuse