The Spring Blog

Welcome to another installment of This Week in Spring! This week I’m in Kansas City, Kansas, hanging out with my pal and Spring Security lead Rob Winch. This week, I’m speaking at the local User Group and the Spring User Group, and I’ll be talking to Cerner and a few other large businesses about Spring, Spring Boot and Spring Cloud.

As usual, we’ve got a lot of great stuff to talk about, so let’s go to it!

1. Spring Boot co-lead Phil Webb just announced Spring Boot 1.2.2 and Spring Boot 1.1.11. Both releases are recommended upgrades, and Spring Boot 1.2.2 even includes new support for the Mustache templating library. Nice!
2. Check out John Hamm’s SpringOne2GX 2014 talk, introducing Rave.js, which brings Spring Boot-concepts to JavaScript
3. I put together a blog on building applications that use the Servlet HTTP session in a scalable manner and in a portable way - from application server, web server, and cloud - with ease.
4. Chris Beams’s SpringOne2GX 2014 talk, The Revolution will not be Centralized is now available online.
5. Want to learn more about caching in Spring? Check out this replay of Michael Plod’s SpringOne2GX 2014 talk introducing advanced caching improvements in Spring framework
6. Brian Clozel and Rossen Stoyanchev’s SpringOne2GX 2014 talk introducing resource handling in Spring MVC 4.1 is awesome check it out!
7. Spring Security lead Rob Winch just announced Spring Security 4.0 RC2 which includes, among other things, support for websockets! Check it out and try the bits out now!
8. Rob Winch also just announced Spring Security 3.2.6 which improves the Java configuratino and Spring Boot integration, so check it out!
9. This isn’t specific to Spring, or any tech, per se, but it’s inspiring an inspiring at how machine learning used to predict clinical response to anti-cancer drugs
10. Speaking of Rob Winch, and education ninja Ken Kreuger, check out their SpringOne2GX 2014 talk on integration testing, now available on InfoQ.
11. Alex Zhitnitsky put together a nice comparison of Spring Boot and Dropwizard
12. Check out these Spring Cloud PaaS connectors for IBM’s Bluemix, which is based on Cloud Foundry
13. Rahman Usta put together an amazing cool demo of a web-based SSH client (with Spring Boot in the backend)
14. This video demonstrates how to use Codeenvy and Spring Boot

Recorded at SpringOne2GX 2014.

Speaker: John Hann

Web / JavaScript Track

Slides: http://www.slideshare.net/SpringCentral/rave-js-springone-2gx-2014-41117770

Modern JavaScript frameworks have become quite sophisticated. Unfortunately, they have also become quite complicated. The demos and sample projects for these frameworks look deceptively simple. However, to build and deploy real applications, developers must scaffold, configure, and maintain a tremendous amount of intricate machinery. Until recently, the Java world wasn't very different. Spring Boot finally made it easy to create stand-alone, production-grade Spring Applications that can you can "just run". Can we do the same for JavaScript? Yes, we can! Introducing RaveJS. Rave eliminates configuration, machinery, and complexity. Stop configuring and tweaking machinery such as file watchers, minifiers, and transpilers just to get to a runnable app. Instead, go from zero to "hello world" in 30 seconds. In the next 30 seconds, easily add capabilities and frameworks to your application simply by installing *Rave Extensions* and *Rave Starter* packages from npm and Bower, the leading JavaScript package managers. Finally, install additional *Rave Extension* packages to apply your favorite build, deploy, and testing patterns.

Recorded at SpringOne2GX 2014.

Speaker: Chris Beams

Data / Integration Track

Slides: http://www.slideshare.net/SpringCentral/the-revolution-will-not-be-centralizedhow-to-build-a-blockchain-using-spring-to-develop-a-bitcoinlike-virtual-currency

Massive government-run data dragnets. Advertising-based "free" cloud services working against the best interests of their users. Giant, unreadable end user license agreements. It seems that everywhere we turn, the walls are closing in on individual privacy and autonomy. The situation is complex. Out of confusion and frustration, many users have already given up. Common refrains are "privacy is dead" and "I've got nothing to hide". But revolution is in the air. The internet and the web are decentralized by design. Protocols like DNS, SMTP and HTTP assume a network of peers, but during the last 15 years—our adolescence with these technologies—we have unintentionally centralized much of the internet's infrastructure. This hasn't been for nefarious purposes; it's been done out of convenience. Having a GMail account is simply much easier than running your own mail server; storing everything in the cloud is easier than maintaining your own backups. As an unintended consequence, we've made surveillance much easier and made invasive ad-based business models the norm. A growing number of technologists are working to re-decentralize the net in surprising and profound ways. Free software and innovative peer-to-peer networks play an important role in this effort, but what may prove to be the most important tool is a new one: cryptocurrency. With bitcoin, we now have a natively digital money; a cash for the web; a currency that is as decentralized and flexible as the rest of the internet was designed to be. At a glance, bitcoin may look like just another payment option, a fad, or a speculative bubble. On closer inspection, one begins to see that it can enable new business models by facilitating previously impossible economic incentives between peers. Once one grasps the fundamentals of cryptocurrency, one sees that its long-term implications and possibilities are as broad and deep as the internet itself. And just like the internet, bitcoin is not a panacea. It is rife with its own problems and faces its own existential threats. In this talk, Chris Beams will share his findings from over two years of research into bitcoin and related technologies: the promise and the peril; how bitcoin may be able to create the first sustainable business models for the development of free software; how privacy may rise from the dead yet; and why the revolution will not be centralized.

Recorded at SpringOne2GX 2014.

Speaker: Michael Plod

Core Spring Track

Slides: http://www.slideshare.net/SpringCentral/spring-one2gx-caching-with-spring

Caching is relevant for a wide range of business applications and there is a huge variety of products in the market ranging from easy to adopt local heap based caches to powerful distributed data grids. This talk addresses advanced usage of Spring’s caching abstraction such as integrating a cache provider that is not integrated by the default Spring Package. In addition to that I will also give an overview of the JCache Specification and it’s adoption in the Spring ecosystem. Finally the presentation will also address various best practices for integrating various caching solutions into enterprise grade applications that don’t have the luxury of having "eventual consistency“ as a non-functional requirement. This talk comes with many live demos, some of them are demoed on a distributed cache cluster on Raspberry Pis and Lego Mindstorms robots (running Spring).

Recorded at SpringOne2GX 2014.

Speaker: Brian Clozel, Rossen Stoyanchev

Slides: http://www.slideshare.net/SpringCentral/resource-handling-spring-framework-41-41088162

Web / JavaScript Track

As the complexity of web and mobile apps increases, so does the importance of ensuring that your client-side resources load and execute in an optimal and efficient manner. Differences in resource loading, transforming, and fingerprinting techniques can have a dramatic impact on performance and caching. These techniques can dictate whether your users have a joyful or frustrating experience. Attend this talk to learn the SpringMVC performance techniques aimed at keeping your users happy.

A Framework for all Seasons (and Architectures)

Spring walks an interesting line. It provides a lot of value no matter where you run it, and - because it’s built on dependency injection layer - it offers a natural piece of indirection between the underlying layer and the applications that run on top of it. This indirection promotes code portability through decoupling: your application code is ignorant of where the javax.sql.DataSource (or whatever) handle it’s using comes from, be it a JNDI lookup, environment variables, or a simple new’d-up bean provided by Spring. This decoupling and the rich toolbox of features on top of Spring supporting all manner of use cases - batch processing, integration, stream processing, web services, microservices, operations, web applications, security, etc. - have made Spring a logical choice for developers deploying to (sometimes-embedded) web containers like Apache Tomcat or Eclipse Jetty, to application servers like WebSphere and WildFly, and to cloud runtimes like Google App Engine, Heroku, OpenShift, and (my personal favorite these days) Cloud Foundry. This portability is also what makes it easy to forklift most (reasonably-written!) applications from the application servers into lighter web containers and, ultimately, into the cloud.

Spring Boot 1.2.2 has been released and is available now from repo.spring.io and Maven Central.

This maintenance release includes a significant number of fixes and is a recommended upgrade for all users.

We’ve also managed to sneak support for JMustache into this release, see this application for an example of how to use it.

Project Page | GitHub | Issues | Documentation

Spring Boot 1.1.11 has been released and is available now from repo.spring.io and Maven Central.

This maintenance release includes a number of fixes and is recommended for anyone still on the 1.1.x line. We’re only planning critical bug fixes for 1.1.x from now on so please consider upgrading to 1.2.2 if possible.

Project Page | GitHub | Issues | Documentation

We are please to announce the release of Spring Security 4.0.0.RC2.

We were very keen on doing a GA release, but due to community feedback we decided that another RC was necessary. Ultimately, this release resolved nearly 50 tickets.

A summary of changes can be seen below:

• Support for enforcing Same Origin for WebSocket connections
• Refinements in WebSocket Configuration (SEC-2827 SEC-2833 SEC-2853 )
• More intuitive HTTP Response Headers Configuration (SEC-2846)

Assuming everything goes smoothly, the plan is to do a GA release in approximately two weeks. In the meantime, make sure to try everything out and give us feedback!

I’m pleased to announce the release of Spring Security 3.2.6.RELEASE. This release contains some important fixes (many addressing Java Configuration and Spring Boot issues). You can find a complete list of changes in the changelog.

Project Site | Reference | Guides | Issues