Spring Team
Dave Syer

Dave Syer

Senior Consulting Engineer

London

Founder and contributor to Spring Batch, lead of Spring Security OAuth, and an active contributor to Spring Integration, Spring Framework, Spring AMQP, Spring Security. Experienced, delivery-focused architect and development manager. Has designed and built successful enterprise software solutions using Spring, and implemented them in major institutions worldwide.
Blog Posts by Dave Syer

Testing an Angular Application: Angular JS and Spring Security Part VIII

In this article we continue our discussion of how to use Spring Security with Angular JS in a “single page application”. Here we show how to write and run unit tests for the client-side code using the Javascript test framework Jasmine. This is the eighth in a series of articles, and you can catch up on the basic building blocks of the application or build it from scratch by reading the first article, or you can just go straight to the source code in Github (the same source code as Part I, but with tests now added). This article actually has very little code using Spring or Spring Security, but it covers the client-side testing in a way that might not be so easy to find in the usual Javascript community resources, and one which we feel will be comfortable for the majority of Spring users.

Read more...

Modularizing the Client: Angular JS and Spring Security Part VII

In this article we continue our discussion of how to use Spring Security with Angular JS in a “single page application”. Here we show how to modularize the client-side code, and how to use “nice” URL paths without the fragment notation (e.g. “/#/login”) which Angular uses by default, but most users dislike. This is the seventh in a series of articles, and you can catch up on the basic building blocks of the application or build it from scratch by reading the first article, or you can just go straight to the source code in Github. We will be able to tidy up a lot of loose ends from the JavaScript code of the rest of this series, and at the same time show how it can fit very snugly against a backend server built from Spring Security and Spring Boot.

Read more...

Binding to Data Services with Spring Boot in Cloud Foundry

In this article we look at how to bind a Spring Boot application to data services (JDBC, NoSQL, messaging etc.) and the various sources of default and automatic behaviour in Cloud Foundry, providing some guidance about which ones to use and which ones will be active under what conditions. Spring Boot provides a lot of autoconfiguration and external binding features, some of which are relevant to Cloud Foundry, and many of which are not. Spring Cloud Connectors is a library that you can use in your application if you want to create your own components programmatically, but it doesn’t do anything “magical” by itself. And finally there is the Cloud Foundry java buildpack which has an “auto-reconfiguration” feature that tries to ease the burden of moving simple applications to the cloud. The key to correctly configuring middleware services, like JDBC or AMQP or Mongo, is to understand what each of these tools provides, how they influence each other at runtime, and and to switch parts of them on and off. The goal should be a smooth transition from local execution of an application on a developer’s desktop to a test environment in Cloud Foundry, and ultimately to production in Cloud Foundry (or otherwise) with no changes in source code or packaging, per the twelve-factor application guidelines.

Read more...

Multiple UI Applications and a Gateway: Single Page Application with Spring and Angular JS Part VI

Note: the source code and test for this blog continue to evolve, but the changes to the text are not being maintained here. Please see the tutorial version for the most up to date content.

In this article we continue our discussion of how to use Spring Security with Angular JS in a “single page application”. Here we show how to use Spring Session together with Spring Cloud to combine the features of the systems we built in parts II and IV, and actually end up building 3 single page applications with quite different responsibilities. The aim is to build a Gateway (like in part IV) that is used not only for API resources but also to load the UI from a backend server. We simplify the token-wrangling bits of part II by using the Gateway to pass through the authentication to the backends. Then we extend the system to show how we can make local, granular access decisions in the backends, while still controlling identity and authentication at the Gateway. This is a very powerful model for building distributed systems in general, and has a number of benefits that we can explore as we introduce the features in the code we build.

Read more...

Spring Cloud 1.0.0 Available Now

Spring Cloud 1.0.0.RELEASE is available now in Maven Central (and repo.spring.io). Not too many changes since RC3 but we did find a few bugs, thanks largely to community involvement, so thanks to all who tried it out up to now. Here is a reminder of the goals of Spring Cloud:

Spring Cloud provides tools for developers to quickly build some of the common patterns in distributed systems (e.g. configuration management, service discovery, circuit breakers, intelligent routing, micro-proxy, control bus, one-time tokens, global locks, leadership election, distributed sessions, cluster state). Coordination of distributed systems leads to boiler plate patterns, and using Spring Cloud developers can quickly stand up services and applications that implement those patterns. They will work well in any distributed environment, including the developer’s own laptop, bare metal data centres, and managed platforms such as Cloud Foundry.

Read more...

Spring Cloud 1.0.0.RC3 Available Now

Spring Cloud 1.0.0.RC3 is available now from https://repo.spring.io/libs-milestone-local. This is (hopefully) the last milestone release before 1.0.0. There were some bug fixes since 1.0.0.RC2 and also a few small new features:

  • Refactored the Feign support to look a bit more like Spring Data (so @EnableFeignClients instead of @FeignClientScan).
  • Support for multipart/form-data in the Zuul proxy
  • Support for including and excluding remote services in the automatic route registration in Zuul
  • Support for declarative Ribbon retry in Zuul
  • Cleaned up of a lot of dependencies. If you use the spring-cloud-starters you should get a nice consistent experience of adding and subtracting features. Gradle users need to use the dependency management plugin for the same experience.
  • Added small, bite-sized sample projects for integration testing of classpath isolation issues.
Read more...

SSO with OAuth2: Angular JS and Spring Security Part V

Note: the source code and test for this blog continue to evolve, but the changes to the text are not being maintained here. Please see the tutorial version for the most up to date content.

In this article we continue our discussion of how to use Spring Security with Angular JS in a “single page application”. Here we show how to use Spring Security OAuth together with Spring Cloud to extend our API Gateway to do Single Sign On and OAuth2 token authentication to backend resources. This is the fifth in a series of articles, and you can catch up on the basic building blocks of the application or build it from scratch by reading the first article, or you can just go straight to the source code in Github. In the last article we built a small distributed application that used Spring Session to authenticate the backend resources and Spring Cloud to implement an embedded API Gateway in the UI server. In this article we extract the authentication responsibilities to a separate server to make our UI server the first of potentially many Single Sign On applications to the authorization server. This is a common pattern in many applications these days, both in the enterprise and in social startups. We will use an OAuth2 server as the authenticator, so that we can also use it to grant tokens for the backend resource server. Spring Cloud will automatically relay the access token to our backend, and enable us to further simplify the implementation of both the UI and resource servers.

Read more...

Spring Cloud 1.0.0.RC2 Available Now

Spring Cloud 1.0.0.RC2 is available now in the http://repo.spring.io repository. There was a lot of activity pruning and curating dependencies, so users upgrading from RC1 might need to tweak their starter dependencies a bit, but hopefully we are all in a better place as a result. There were also a lot of changes in the Security features, making it easier to customize various parts of that, mainly in response to people actually using it and needing help (so thanks for the feedback). We will probably have an RC3 before the GA, but things are getting pretty close to ready.

Read more...

Spring Security OAuth 2.0.6.RELEASE Available Now

Spring Security OAuth 2.0.6.RELEASE is available now in the usual repositories. It’s a bug fix release, and users of 2.0.5.RELEASE should upgrade. The only critical bug was for users of JWT with refresh tokens, and there were also some people experiencing double encoding of redirect uris, which is now fixed. Highlights of new features:

  • (Much requested) ability to have non-expiring refresh tokens with no customizations (just set the validity period to zero or less)

  • The /token endpoint only accepts POST requests by default

  • Resource servers do not accept cookie based authentication by default (you have to switch it on)

  • Resource server configuration has a few new options including the ability to inject custom error handlers

Read more...

The API Gateway Pattern: Angular JS and Spring Security Part IV

Note: the source code and test for this blog continue to evolve, but the changes to the text are not being maintained here. Please see the tutorial version for the most up to date content.

In this article we continue our discussion of how to use Spring Security with Angular JS in a “single page application”. Here we show how to build an API Gateway to control the authentication and access to the backend resources using Spring Cloud. This is the fourth in a series of articles, and you can catch up on the basic building blocks of the application or build it from scratch by reading the first article, or you can just go straight to the source code in Github. In the last article we built a simple distributed application that used Spring Session to authenticate the backend resources. In this one we make the UI server into a reverse proxy to the backend resource server, fixing the issues with the last implementation (technical complexity introduced by custom token authentication), and giving us a lot of new options for controlling access from the browser client.

Read more...