@buherator They made dependency injection easy, and then slowly added everything and the kitchen sink. It's still possible to use just for DI, but adding dependency on another spring module is often the path of least resistance. Until we ended up with Spring Boot, a framework to configure the framework, because it's way to complicated.
@buherator 1. What came before was worse. 2. There are a lot of 3rd party tutorials, search ftw. 3. It long ago hit “defacto” status 4. Once you get it sorted/know it well a few things like the Spring Data JPA stuff are really nice. But Spring Security is probably one of the worst I’ve ever seen.
I went more or less jsp/servlet -> play -> dropwizard -> spring boot and spring boot won a *long* time ago. Ejb 1/2 was horrible.
The idea behind DI is that it makes writing tests easier, so the need to debug is less frequent. It's pretty much the core of spring, any other feature depends on it. But if you *only* want that, there are light weight frameworks like Guice.
I don't know any decent spring security replacements, and if you need it, why not just use the rest of spring. For auth it's pretty OK, but for access control it's more trouble than it's worth.
Spring Boot 3 just came out and the new Spring Security stuff broke a lot. No harm in going back to the last major for now.
I personally love SvelteKit (Prisma, Lucia, Skeleton) for full stack but it’s moving fast right now and is JS/TS not Java.
Quarkus/Micronaut get mentioned but the big features IMHO eg GraalVM native are in Spring Boot 3.
I might look at Shiro for security but it’s not common.
Spring Boot 3 tutorials etc are incoming fast I think