Spring Security In Action Second Edition Repack May 2026

@Configuration @EnableWebSecurity public class StatelessSecurityConfig @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception http .sessionManagement(session -> session .sessionCreationPolicy(SessionCreationPolicy.STATELESS) ) .authorizeHttpRequests(auth -> auth .requestMatchers("/login", "/refresh").permitAll() .anyRequest().authenticated() ); // No formLogin() - we use a custom filter return http.build();

The most critical piece from the second edition is the custom filter. It intercepts every request, grabs the Authorization: Bearer header, and populates the SecurityContextHolder for that request only (because there is no session to carry it forward). spring security in action second edition

public String extractUsername(String token) return Jwts.parserBuilder() .setSigningKey(key) .build() .parseClaimsJws(token) .getBody() .getSubject(); But in the second edition, Laurentiu Spilca makes

In the first edition of Spring Security in Action , many readers fell in love with the classic "formLogin" flow. But in the second edition, Laurentiu Spilca makes one thing crystal clear: In a modern cloud-native world, servers must forget. But in the second edition

"The best session is no session at all." — A mantra for modern Spring Security developers.

Get Started
Be the First to Experience Regem AI 2.0
spring security in action second edition
Pre-register now and get 1 month of Regem AI Premium — FREE.
Get Early Access
spring security in action second edition
Be the First to Experience Regem AI 2.0
Pre-register now and get 1 month of Regem AI Premium — FREE.
Get Early Access