Architectural Patterns for Spring Security You Wish Your Tech Lead Knew @ Spring I/O 2026

Spring I/O 2026 - 14-15 April, Barcelona Speaker: Cristian Schuszter Slides: https://2026.springio.net/slides/arch... You’ve made Spring Security work in one service: congratulations! 🥳 But what happens when your system grows into dozens of microservices, multiple identity providers, and a requirement for single sign-on that “just works”? Building a secure architecture around Spring Security is not as straightforward as it seems. In this talk, we’ll explore architectural patterns for handling authentication and authorization in complex environments using Spring Security, OAuth2, and OIDC. We’ll look at how to federate multiple IdPs, design authentication and authorization as separate fault-tolerant services, and apply the API gateway approach with Spring Cloud to make it all play nicely together. You’ll walk away with practical insights, examples, and lessons learned from real-world setups that will help you design a secure and scalable architecture your tech lead will be proud of.

New in Spring Security 7: MFA, OAuth2 and more by Daniel Garnier @ Spring I/O 2026
▶︎

New in Spring Security 7: MFA, OAuth2 and more by Daniel Garnier @ Spring I/O 2026

OpenAPI and Spring-Boot 4 - What's New? by Badr Nass Lahsen @ Spring I/O 2026
▶︎

OpenAPI and Spring-Boot 4 - What's New? by Badr Nass Lahsen @ Spring I/O 2026

System Designing Explained (Monolithic → Microservices → Multi-Region)
▶︎

System Designing Explained (Monolithic → Microservices → Multi-Region)

Crafting Great APIs with Domain-Driven Design by Fabrizio Lazzaretti @ Spring I/O 2026
▶︎

Crafting Great APIs with Domain-Driven Design by Fabrizio Lazzaretti @ Spring I/O 2026

Completing the Rewrite from Hell: Five Years of Technical Debt and How We Escaped - Aaron Stannard
▶︎

Completing the Rewrite from Hell: Five Years of Technical Debt and How We Escaped - Aaron Stannard

Breaching LLM-Powered Applications: Overcoming Security and Privacy Challenges by Brian Vermeer
▶︎

Breaching LLM-Powered Applications: Overcoming Security and Privacy Challenges by Brian Vermeer

System Design Explained: APIs, Databases, Caching, CDNs, Load Balancing & Production Infra
▶︎

System Design Explained: APIs, Databases, Caching, CDNs, Load Balancing & Production Infra

Domain-centric? Why Hexagonal- and Onion-Architecture are answers to the wrong question @ Spring I/O
▶︎

Domain-centric? Why Hexagonal- and Onion-Architecture are answers to the wrong question @ Spring I/O

Thinking in Relationships: Practical Graph Database Modelling in Java with Neo4j by Paulien van Alst
▶︎

Thinking in Relationships: Practical Graph Database Modelling in Java with Neo4j by Paulien van Alst

From Assistants to Agents: Self-Improving Agentic Systems with Spring AI by Christian Tzolov
▶︎

From Assistants to Agents: Self-Improving Agentic Systems with Spring AI by Christian Tzolov

Wahnsinn: Hermes-Agent + Qwen
▶︎

Wahnsinn: Hermes-Agent + Qwen

Attacking AI - Jason Haddix - NDC Security 2026
▶︎

Attacking AI - Jason Haddix - NDC Security 2026

How to Design APIs Like a Senior Engineer (REST, GraphQL, Auth, Security)
▶︎

How to Design APIs Like a Senior Engineer (REST, GraphQL, Auth, Security)

ASP.NET Core Full Course For Beginners (.NET 10)
▶︎

ASP.NET Core Full Course For Beginners (.NET 10)

ART SCREENSAVER FOR YOUR TV | NO MUSIC | 2Hour | Abstract neutral art
▶︎

ART SCREENSAVER FOR YOUR TV | NO MUSIC | 2Hour | Abstract neutral art

Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains
▶︎

Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains

Plan Before You Build: Deterministic Planning Patterns for AI Agents by Dan Dobrin @ Spring I/O 26
▶︎

Plan Before You Build: Deterministic Planning Patterns for AI Agents by Dan Dobrin @ Spring I/O 26

Top 10 Event-Driven Architecture Pitfalls by Victor Rentea @ Spring I/O 2026
▶︎

Top 10 Event-Driven Architecture Pitfalls by Victor Rentea @ Spring I/O 2026

SAP BTP: Security overview and best practices for secure development ✨
▶︎

SAP BTP: Security overview and best practices for secure development ✨

China Is About To Pop The AI Bubble
▶︎

China Is About To Pop The AI Bubble