The Spring Blog

Engineering
Releases
News and Events

Spring Boot 1.x EOL Aug 1st 2019

All good things must come to an end, and for the 1.x line of Spring Boot that means we will need to cease maintenance twelve months from today, on Aug 1st 2019.

We will keep publishing occasional 1.5.x maintenance releases up until that point and will then end the branch.

Existing Spring Boot 1.x users should plan accordingly to ensure that they have upgraded to the latest 2.x version before that date. Please also note that Spring Boot 2.0 and above requires Java 8+, so if you’re running Java 6 or 7 you should also plan on upgrading your JDK.

Read more...

Spring Security 5.1.0.M2 Released

On behalf of the community I am pleased to announce the release of Spring Security 5.1.0.M2. This release comes with 100+ tickets closed.

As always we look forward to hearing your feedback! You can find the highlights below:

OAuth2

OAuth2 Resource Server

Basic support for OAuth2 Resource Servers has been added. See oauth2resourceserver

Authorization Code Flow

User’s can now obtain an access token using the OAuth 2.0 Authorization Code grant. See the authcodegrant sample.

WebClient and OAuth2 Support

There is now built in support for OAuth2 and WebClient support. The support allows:

  • Adding the access token to the request

  • Automatic refreshing of the access token when it expires

  • Resolving the access token to use

For example, in a Servlet environment you can configure a Bean like this:

@Bean
WebClient webClient(OAuth2AuthorizedClientRepository repository) {
    ServletOAuth2AuthorizedClientExchangeFilterFunction filter =
        new ServletOAuth2AuthorizedClientExchangeFilterFunction(repository);
    return WebClient.builder()
        .filter(new OAuth2AuthorizedClientExchangeFilterFunction())
        .apply(filter.oauth2Configuration())
        .build();
 }

Now you can add the OAuth token in a number of different ways. If you want you can resolve the OAuth2AuthorizedClient using the Spring MVC support. If the authorization server returned a refresh token and the access token is about to expire, Spring Security will transparently update the access token and submit the updated access token instead.

@GetMapping("/users")
Mono<String> users(@RegisteredOAuth2AuthorizedClient("client-id")
        OAuth2AuthorizedClient authorizedClient) {
    return this.webClient.get()
        .uri("https://api.example.com/user")
        .attributes(oauth2AuthorizedClient(authorizedClient))
        .retrieve()
        .bodyToMono(String.class);
}

You can also resolve the access token through the WebClient. Fore example:

Mono<String> users() {
    return this.webClient.get()
        .uri("https://api.example.com/user")
        .attributes(clientRegistrationId("client-id"))
        .retrieve()
        .bodyToMono(String.class);
}

If you authenticated using OAuth2 Log In or OIDC, then a default access token can be applied with no user interaction.

Mono<String> users() {
    // if Authenticated with OIDC
    // OAuth2 Log In use the access token associated to log in
    return this.webClient.get()
        .uri("https://api.example.com/user")
        .retrieve()
        .bodyToMono(String.class);
}
Read more...

Spring Data Ingalls SR14 and Kay SR9 released

On behalf of the Spring Data team, I’d like to announce the availability of the Ingalls SR14 and Kay SR9 release. Kay SR9 ships on top of the just-released Spring Framework 5.0.8. Spring Boot 2.0.4 is going to pick up Kay SR9 for your convenience. Ingalls SR14 will be picked up by Spring Boot 1.5.15. Both releases ship with mostly bugfixes and a few dependency upgrades.

Ingalls SR14 ships with 28 tickets fixed and Kay SR9 contains 59 tickets fixed.

To round things off, here are the links to the changelogs, documentation, and artifacts:

Read more...

Spring Data Lovelace RC1 available

On behalf of the Spring Data team, it is my pleasure to announce the availability of the Lovelace RC1 release. The first release candidate ships on top of the just-released Spring Framework 5.1 RC1 and in preparation of the upcoming Spring Boot 2.1 M1 release.

This release candidate ships with 194 tickets fixed and contains the following notable changes:

  • Support for immutable objects.
  • Upgrade of Querydsl for MongoDB to use the Document API, letting you publish lifecycle events and participation in managed transactions.
  • Reactive Slice query support for Apache Cassandra.
  • Kotlin extension for Apache Cassandra.
  • Reactive SCAN support for Redis.
Read more...

Spring Framework 5.1 goes RC1

Dear Spring community,

It is my pleasure to announce that a feature-complete Spring Framework 5.1 release candidate is available from our milestone repository now! Find a comprehensive list of new features and refinements and corresponding upgrade notes on our GitHub wiki.

Spring Framework 5.1 requires JDK 8 or higher and specifically supports JDK 11 as the next long-term support release. We strongly recommend an upgrade to 5.1 for any applications targeting JDK 11, delivering a warning-free experience on the classpath as well as the module path. Beyond that, initial refinements for GraalVM compatibility made it into this release, automatically adapting to the runtime constraints of native images in core Spring facilities.

Read more...

This Week in Spring - July 24th, 2018

Hi Spring fans! Welcome to another installment of This Week in Spring! This week I’m in San Francisco in studio with Spring Security lead Rob Winch filming our new Spring Security Livelessons video. There is so much to cover that, as you can imagine, it’s a tall order even for the two of us!

I’m also busily preparing for my talk with my buddy and Googler Ray Tsang at this week’s Google Cloud NEXT event on all things Pivotal and Google Cloud. We’re going to look at the bootiful Spring Cloud GCP project and, importantly, the new project jointly announced between Google and Pivotal just this morning, KNative, which serves as the platform on which we at Pivotal have built and deployed our Project Riff serverless function-as-a-service runtime. Do not miss it if you’re around!

Read more...

Spring Cloud Data Flow 1.6 RC1 released

The Spring Cloud Data Flow team is pleased to announce the release of 1.6 RC1. Follow the Getting Started guides for Local Server, Cloud Foundry, and Kubernetes.

Here are the release highlights:

PCF Scheduler

The Pivotal Cloud Foundry implementation of Scheduler improved on a few fronts to enhance the developer experience. Validation of the cron-expression and proactive measures to prevent the scheduler service from creating incorrect schedules is now part of this release.

Dashboard

The stream deployment history is available for review from the Dashboard. It is convenient to review the context-specific history of a stream from a central location; especially, when the CI/CD systems continually deploy new version application artifacts that belong to the stream.

Read more...

Spring REST Docs 2.0.2.RELEASE

It’s my pleasure to announce that Spring REST Docs 2.0.2.RELEASE is available from Maven Central, JCenter, and our release repository. My thanks to everyone who contributed to this release by reporting bugs and opening pull requests.

This maintenance release includes 4 bug fixes and documentation improvements. It is a recommend upgrade for all Spring REST Docs 2.x users.

GitHub | Issues | Documentation | Twitter | Gitter | Stack Overflow

Read more...