Ivan Šarić
Software Engineer with a passion for research
Murcia, Spain
Actions
Ivan Šarić is a Senior Software Engineer at Revolut working in the Financial Crime Department, where he leads integrations with authorities for branches globally. With over six years of backend and DevOps experience (Java, Spring, Docker), Ivan previously operated as a freelance Technical Architect through his company, Path Variable LLC.He holds an MA in Political Science and is an active open-source contributor, with recent contributions to the Apache Commons Lang project and the SpaCy NLP library. A fluent speaker of English, Croatian, and German, Ivan combines technical rigor with a deep understanding of governance to solve complex systems problems.
Area of Expertise
Topics
Secure-by-Default Spring Apps: Zero Trust, OAuth2, and Runtime Policies
Traditional perimeter-based security is obsolete for cloud-native applications. Modern Spring applications must adopt a secure-by-default posture that treats identity, authorization, and runtime policy enforcement as first-class concerns. This talk presents a hands-on, architecture-first guide for building Zero Trust Spring applications that are easier to reason about, operate, and audit.
We start with identity: how to model users, clients, and services using OAuth2 / OIDC and Spring Authorization Server. You’ll see practical token models (JWTs vs reference tokens), approaches to claim design, and patterns for token issuance, introspection, rotation and revocation. Next, we cover service-to-service trust: mutual TLS (mTLS) and workload identity (SPIFFE/SPIRE-compatible patterns) to ensure services authenticate each other even inside a cluster.
Authorization moves beyond static role checks. I’ll introduce runtime policy enforcement using Policy-as-Code: integrating Open Policy Agent (OPA) as a sidecar or using Wasm policies embedded in the JVM, plus patterns for attribute-based access control (ABAC) and contextual decisions (time, location, risk signals). You’ll learn how to evaluate policies inside Spring Security filters, at the controller/method level, and in API gateways (Spring Cloud Gateway) so policy decisions are centralized but enforced everywhere.
Operational concerns are a major focus: how to deliver live policy updates without redeploys, test policies with automated suites, capture rich audit logs for compliance, and surface policy decision telemetry to observability pipelines so security and SRE teams can create SLOs and alerts. Finally, the talk covers CI/CD gating for policies — failing builds on dangerous policy changes — and practical mitigations like safe rollouts and canary policy evaluations.
Throughout, I’ll show concrete Spring configuration snippets, explain tradeoffs (performance vs expressiveness, JWT size vs introspection cost), and demonstrate a compact demo: an Authorization Server, a protected resource service, and a policy engine where policy changes take effect live and are visible via audit logs and traces. Attendees will leave with a clear, actionable checklist and reference patterns to make their Spring apps secure-by-default.
The Open Source Smart Garden
This presentation outlines the design of a smart garden system. The system consists of a cloud component where data is streamed to and commands are relayed from the local sites. The other component is the locally positioned SBC-powered system that orchestrates a group of sensors and controllers while maintaining a tunnel to the cloud.
The choice of protocol for local communication between the SBC-based coordinator, sensors and controllers is open. The current set up is based around Zigbee due to the small size of the deployment site and the unobstructed nature of the terrain on which the system was developed. Possible alternatives include Lora WAN, Wi-Fi and Z-wave.
The system leverages the power of the open-source graph visualization and monitoring platform Grafana and the time-series database Prometheus. Grafana is the obvious choice for a user dashboard that can display real-time site statistics like soil-moisture, ph score and EC. Its widgets can also be embedded in a custom-made user application. Grafana also provides system monitoring capabilities that will be used by the system operators to ensure proper functioning.
The cloud component provides long-term storage of all locally-streamed data. It also allows the owner to export all collected data for analysis by a third-party expert. The long-term development goal here is development of a machine learning pipeline that will provide automatic insights to site owners based on their collected data.
Java comes in as a natural choice for integrating with the Grafana/Prometheus cloud component. Using the now well established functional patterns present in modern Java, we can write exporters that stream our custom data source to the cloud.
Remote Development Environments And Tools
This lecture will take a look at the current state of the art and market in the area of remote development environments and tools.
The first part of the lecture will take a look at the why of remote development environments.
The second part of the lecture examines actual products and solutions that follow this pattern.
The last few years have seen an even greater shift to remote or hybrid ways of working. While this increases the available pool of candidates for a position, it also creates logistical challenges and problems of coordination.
Developers working far away from the nearest office need access to equipment and guidance in order to successfully onboard and become productive in a team.
In addition to this trend, the shift towards microservice architecture has also made it difficult for the developer to replicate a copy of the system environment on his or her local machine.
Besides the performance requirements there is often the challenge of dealing with a complicated setup. This can delay the developer from reaching his or her peak level of productivity.
Remote development environments and IDEs designed around a client/server architecture can help reduce these strains. These systems can also ensure that each member of the development team has access to exactly the same configuration and tools. This in turn supports establishing processes and standards for software development work.
The positive impact on developer experience that stems from these improvements can help reduce overhead that results from badly documented processes and tools. It can also help you hire across the globe while ensuring that everyone can work without any impediments. By using a remote development environment, the remote worker can have a lighter workstation shipped or use their own equipment while securely accessing the company infrastructure.
Currently there are a number of publicly available products that we can purchase in this product range. Some, like GitHub codespaces, are fully managed solutions deployed on the provider's own cloud. Others, like the JetBrains Fleet/Space combo can be fully self-hosted. Both types of solutions can satisfy even the most stringent security requirements that may be imposed on the company. It is also possible to use currently existing open-source components and roll your own solution if you are willing to invest the time and money.
I will take a look at fully-managed, self-hosted and a possible mix in the second part of the presentation. I will present their strengths and weaknesses and talk about some real-world situations where they were utilized.
Spring I/O 2026 Sessionize Event Upcoming
Nerdearla España 2025 Sessionize Event
DevConf 2025 Sessionize Event
Open South Code 2025
I will be presenting "The Open Source Smart Garden" at Open South Code 2025 in Malaga
London Java Community Meetup
I presented my talk on Remote Development Environments at the LCJ Meetup in London on the 25th February 2025.
JavaCro'24 Sessionize Event
Open Source Summit Europe 2024 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top