The Spring Blog

A Framework for all Seasons (and Architectures)

Spring walks an interesting line. It provides a lot of value no matter where you run it, and - because it’s built on dependency injection layer - it offers a natural piece of indirection between the underlying layer and the applications that run on top of it. This indirection promotes code portability through decoupling: your application code is ignorant of where the javax.sql.DataSource (or whatever) handle it’s using comes from, be it a JNDI lookup, environment variables, or a simple new’d-up bean provided by Spring. This decoupling and the rich toolbox of features on top of Spring supporting all manner of use cases - batch processing, integration, stream processing, web services, microservices, operations, web applications, security, etc. - have made Spring a logical choice for developers deploying to (sometimes-embedded) web containers like Apache Tomcat or Eclipse Jetty, to application servers like WebSphere and WildFly, and to cloud runtimes like Google App Engine, Heroku, OpenShift, and (my personal favorite these days) Cloud Foundry. This portability is also what makes it easy to forklift most (reasonably-written!) applications from the application servers into lighter web containers and, ultimately, into the cloud.

Spring Boot 1.2.2 has been released and is available now from repo.spring.io and Maven Central.

This maintenance release includes a significant number of fixes and is a recommended upgrade for all users.

We’ve also managed to sneak support for JMustache into this release, see this application for an example of how to use it.

Project Page | GitHub | Issues | Documentation

Spring Boot 1.1.11 has been released and is available now from repo.spring.io and Maven Central.

This maintenance release includes a number of fixes and is recommended for anyone still on the 1.1.x line. We’re only planning critical bug fixes for 1.1.x from now on so please consider upgrading to 1.2.2 if possible.

Project Page | GitHub | Issues | Documentation

We are please to announce the release of Spring Security 4.0.0.RC2.

We were very keen on doing a GA release, but due to community feedback we decided that another RC was necessary. Ultimately, this release resolved nearly 50 tickets.

A summary of changes can be seen below:

• Support for enforcing Same Origin for WebSocket connections
• Refinements in WebSocket Configuration (SEC-2827 SEC-2833 SEC-2853 )
• More intuitive HTTP Response Headers Configuration (SEC-2846)

Assuming everything goes smoothly, the plan is to do a GA release in approximately two weeks. In the meantime, make sure to try everything out and give us feedback!

I’m pleased to announce the release of Spring Security 3.2.6.RELEASE. This release contains some important fixes (many addressing Java Configuration and Spring Boot issues). You can find a complete list of changes in the changelog.

Project Site | Reference | Guides | Issues

Welcome to another installment of This Week in Spring! We’ve got a lot to cover so let’s get to it!

1. Our pal Adam Koblentz (from ZeroTurnaround) put up this great post introducing building a websocket application with Spring Boot and JRebel. Check it out!
2. Check out this replay of Mark Fisher, Dr. Mark Pollack, and Sabby Anandan’s webinar introducing Spring XD - A Platform for data at scale and developer productivity
3. A huge part of the Pivotal Data Suite, of course, is Spring XD. Last week I surfaced some of the amazing Spring XD wiki content on the new stream processing supports in Spring XD 1.1. Check out the Wiki page for a more detailed look by Spring XD ninja Ilayaperumal Gopinathan.
4. Spring Cloud co-lead Spencer Gibb has been improving the Spring Cloud Netflix integration. Check out this example demonstrating using RxJava’s Observable<T> return-values from Spring MVC. Here are the changes.
5. March Webinars are here, and it’s packed with Javascript, Spring Boot and Spring Cloud.
   This killer lineup starts with Dr. Dave Syer’s epic VII part blog series on Angular - lightweight API gateway - Spring Security - made into a webinar on March 10th. Then Scott Deeg will examine the same thing, except with Google’s Polymer on the frontend, on a webinar March 24th. Lastly, Julien Dubois will introduce the AngularJS+Boot application generator, JHipster on March 17th, 2015.
6. Alvin Reyes’s posts introducing how to configure Apache Tomcat’s server.xml and users.xml are wonderful resources.
7. Reactor project-lead Jon Brisbin has just announced Reactor RC1!
8. Spring ninja Stéphane Nicoll has just announced the Spring framework maintenance release, 4.1.5
9. Last week, we at Pivotal announced some big changes; we’ve open-sourced our Pivotal Data Suite! Check out this InfoQ post on the subject
10. Spring IO Platform lead Andy Wilkinson has just released improved support for Maven Bill-of-Material dependency management using Gradle
11. Eclipse foundation member John Arthorne and Spring Tool Suite lead Martin Lippert’s talk, Eclipse IDE to the Cloud-Based Era of Developer Tooling from JavaOne 2014 is available online and well worth a watch!
12. The SD Times article on the open-sourcing of the Pivotal Data Suite is worth a read, too.
13. Not related but still awesome: HTTP2 is now a thing!
14. Check out Rick Hightower’s post on using the QBit framework with Spring Boot. Interesting..
15. Hubert Klein Ikkink put together a quick look at using Spring Boot’s OutputCapture JUnit @Rule in a Spock test.
16. Our pal Eugen Paraschiv put together a great look at using the venerable JdbcTemplate
17. Disid’s Enrique Ruiz put together a nice post on using Spring Roo from STS.
18. Check out this week’s SpringOne2GX 2014 replays:
    SpringOne2GX 2014 Replay: Panel Session: Real World Boot-up sequences
    SpringOne2GX 2014 Replay: Spring Data REST - Data Meets Hypermedia
    SpringOne2GX Replay: Spring Batch Performance Tuning
    SpringOne2GX 2014 Replay: Artistic Spring Data Neo4j 3.x with Spring Boot

Speaker: Scott Deeg

Polymer is the latest web framework out of Google. Designed completely around the emerging Web Components standards, it has the lofty goal of making it easy to build apps based on these low level primitives. Along with Polymer comes a new set of Elements (buttons, dialog boxes and such) based on the ideas of "Material Design". These technologies together make it easy to build responsive, componentized "Single Page" web applications that work for browsers on PCs or mobile devices. But what about the backend, and how do we make these apps secure? In this talk Scott Deeg will take you through an introduction to Polmyer and its related technologies, and then through the build out of a full blown cloud based app with a secure, RESTful backend based on Spring REST, Spring Cloud, and Spring Security and using Thymeleaf for backend rendering jobs. At the end he will show the principles applied in a tool he's currently building. The talk will be mainly code walk through and demo, and assumes familiarity with Java/Spring and JavaScript.

Speaker: Julien Dubois

JHipster focuses on generating a high quality application with a Java back-end using an extensive set of Spring technologies; Spring Boot, Spring Security, Spring Data, Spring MVC (providing a framework for websockets, REST and MVC), etc. an Angular.js front-end and a suite of pre-configured development tools like Yeoman, Maven, Gradle, Grunt, Gulp.js and Bower. JHipster creates a fully configured Spring Boot application with a set of pre-defined screens for user management, monitoring, and logging. The generated Spring Boot application is specifically tailored to make working with Angular.js a smoother experience. Join Julien for a quick-live coding session to build a simple application, and deploy it to Cloud Foundry.

Speaker: David Syer

Pivotal Spring Security, Spring Boot and Angular JS all have nice features for making it really easy to produce modern applications, so there is potentially a lot of value in making them work together very smoothly. Things to consider are cookies, headers, native clients, various security vulnerabilities and how modern browser technology can help us to avoid them. In this session we show how nice features of the component frameworks can be integrated simply to provide a pleasant and secure user experience. We start with a very basic single-server implementation and scale it up in stages, splitting out backend resources and authentication to separate services. The final state includes a simple API Gateway on the front end implemented declaratively using Spring Cloud, and using this we are able to neatly sidestep a lot of the problems people encounter securing a javascript front end with a distributed back end.

Recorded at SpringOne2GX 2014

Speakers: Roy Clarkson, Greg Turnquist

Slides: http://www.slideshare.net/SpringCentral/spring-one2gx-2014widedatameetshypermedia

Spring Data REST bridges the gap between the convenient data access layers provided by Spring Data's repository abstraction and hypermedia-driven REST web services, effectively taking out the boilerplate needed during implementation. This talk will give a quick overview of the project, explain fundamental design decisions and introduce new features of the latest version (namely service documentation and discoverability). We will then look at the Spring-A-Gram sample application (built using Spring Data REST), focusing on the implementation of the frontend bits and pieces.