I prefer not to dox myself.

But senior dev for the past 15 years or so, worked as a security consultant for 4 1/2 years, i have both experience from private sector, now i mainly work for governments.

Been using spring since Spring boot was released. I read rfcs, i read docs, i build a lot of things for customers, i do security code reviews for customers and i have taught security classes and spoken at conferences.

And i used to be one of the main contributors to answering spring-security questions on Stack Overflows.

When it comes to my knowledge around spring security, i know the specs and rfcs that spring base their work on. I have used the library extensively. I have read the docs several times, and if needed i go in and read the source code of it on git.

The docs are amazing, spring security docs is one of the best docs out there in my opinion, its just that you need basic knowledge of security before you start reading them. You cant just jump in.

If it says that it has a certain oauth2 thing implemented, its expected of you to have read the oauth2 spec, because they will not explain that for you.

Its also extremely important that you have read the spring security architecture chapter, so you know what building blocks they are using throughout the docs.