Spring Team
Dave Syer

Dave Syer

Senior Consulting Engineer

London

Founder and contributor to Spring Batch, lead of Spring Security OAuth, and an active contributor to Spring Integration, Spring Framework, Spring AMQP, Spring Security. Experienced, delivery-focused architect and development manager. Has designed and built successful enterprise software solutions using Spring, and implemented them in major institutions worldwide.
Blog Posts by Dave Syer

Spring Cloud 1.0.0.RC1 Available Now

Another cheerful holiday message from the Spring team: Spring Cloud 1.0.0.RC1 is now available in the http://repo.spring.io Maven repository. There are plenty of new features including

  • Support for Hystrix metrics aggregation via an annotation @EnableTurbine and @EnableTurbineAmqp (for an AMQP-based collector)

  • A rehaul of the Ribbon configuration making it more friendly for Spring users. You can now configure each Ribbon client in its own ApplicationContext using @RibbonClient and override various bits, like the LoadBalancer, or the ServerListFilter, by providing @Bean definitions.

  • DiscoveryHealthIndicator is now a composite that users can add information to by declaring @Beans of type DiscoveryHealthIndicator.

  • Discovery is now abstracted away from Eureka into a new spring-cloud-commons library, and enabled via new annotations like @EnableDiscoveryClient (instead of the old @EnableEurekaClient). The same pattern also applies to circuit breakers
    and @EnableCircuitBreaker replaces @EnableHystrix.

  • Several improvements to the Zuul proxy, including automatic updates when the Eureka catalog changes, support for form-encoded POSTs, external configuration of the routes and authentication scheme for each client.

  • Declarative configuration of which routes require OAuth2 authentication in Spring Cloud Security.

  • Support for labels (like git branches) in the “native” profile of the Config Server (looks in subdirectory of the search locations).

  • Fail fast option in Config Server and Client if the required URI to locate config data is invalid.

  • Out of the box support for JSON messages in the Spring Cloud Bus.

  • A nice framework for Feign configuration based on a new @FeignClient annotation (a bit like Spring Data repositories).

Read more...

Spring Security OAuth 2.0.5.RELEASE Available Now

Spring Security OAuth 2.0.5.RELEASE is available now in all the usual Maven repositories. This is a bugfix release but nothing critical. We recommend upgrading if you are having trouble with customizing the Java config, since most of the issues resolved relate to that (for instance it is much easier to customize the password encoder for client secrets). There is a small breaking change for anyone using the AuthorizationServerEndpointsConfigurer directly to configure a ClientDetailsService (it doesn’t work that way, so you would be failing to configure it anyway).

Read more...

Spring Cloud 1.0.0.M3 Available Now

Spring Cloud 1.0.0.M3 is available now in the repo.spring.io repository. The following projects all had a 1.0.0.M3 release:

  • Spring Cloud Config: centralized key-value (or YAML) configuration management. Now supports the config server being fully embedded in another application.

  • Spring Cloud Netflix. Also has better support for embeddability of the server components. Now also properly records load balancer statistics in Ribbon-enabled Spring RestTemplate.

  • Spring Cloud for Amazon Web Services. Has new Spring Boot integration points, externalizing configuration for AWS metadata.

  • Spring Cloud Security: super simple OAuth2 in a declarative style.

  • Spring Cloud Bus: broadcasts framework-level events to Spring Cloud components. Big news here is that we now have a RabbitMQ-based aggregator for Hystrix metrics (based on Turbine 2), so you don't have to rely on having direct HTTP access to all service instances.

  • Spring Cloud CLI: Groovy CLI for writing microservices in self-contained scripts.

  • Spring Cloud for Cloud Foundry: now bridges between Spring Cloud Security and Cloud Foundry service bindings, making it super easy to do Single Sign On and OAutth2 protected resources in Cloud Foundry.

Read more...

Spring Security OAuth 2.0.4.RELEASE Available Now

Spring Security OAuth 2.0.4.RELEASE is available now in the usual repositories. It's a bug fix release, so upgrading is recommended, but there is also a small set of new features:

  • The OAuth2Request (and hence OAuth2Authentication) can now be queried explicitly to find the grant type for the associated token. If the token is being refreshed the grant type in the OAuth2Request presented to a TokenEnhancer is the original grant type, not "refresh_token".

  • The client authorities are exposed in the "/check_token" endpoint

  • Password grants are more flexible and open to extension because both client and server can add additional parameters to the request. A custom AuthenticationManager on the server side should still expect a UsernamePasswordAuthenticationToken, but the additional parameters will be available in the AuthenticationDetails. Multi-factor authentication for mobile devices could be implemented in this way, for instance.

  • Keystore support for JWT token signing and verification. User provides a Resource and a password and can then lift the keys out of the store by name. As long as they are RSA keys they can be injected into a JwtAccessTokenConverter (using a new setter).

Read more...

Spring Cloud 1.0.0.M2 Available Now

If you are building microservices with Spring you will be interested to see that Spring Cloud 1.0.0.M2 hit the streets yesterday and today, and can now be found in the Spring repository. Visit the individual project pages links in the main umbrella page or look at their github repositories for detailed instructions about how to get started using the individual components. There is also a Reference Guide covering the core modules.

Since Spring Cloud is an umbrella project we have a "release train" of related updates to all the sub-projects (like with Spring Data). The 1.0.0.M2 release has updates to spring Cloud Config, Spring Cloud Netflix, Spring Cloud Bus, Spring Cloud Security and Spring Cloud CLI.

Read more...

Spring Cloud 1.0.0.M1 Available Now

Spring Cloud (the new umbrella project announced in September) has reached a milestone, its first, and fresh jars are available in the repo.spring.io repository. Spring Cloud is going to follow a "release train" model for releases, a bit like Spring Data, but we haven't got a cool name for this one yet, so it's just 1.0.0.M1. The modules that are part of this release are

  • Spring Cloud Config: Centralized external configuration management backed by a git repository. The configuration resources map directly to Spring Environment but could be used by non-Spring applications if desired.

  • Spring Cloud Netflix: Integration with various Netflix OSS components (Eureka, Hystrix, Zuul, Archaius, etc.).

  • Spring Cloud Bus: An event bus for linking services and service instances together with distributed messaging. Useful for propagating state changes across a cluster (e.g. config change events).

  • Spring Cloud Security: A set of primitives for building secure applications and services with minimum fuss.

  • Spring Cloud CLI: Spring Boot CLI plugin for creating Spring Cloud component applications quickly in Groovy.

  • Spring Cloud Starters: Spring Boot-style starter projects to ease dependency management for consumers of Spring Cloud.

Read more...

Spring Security OAuth 2.0.3 Available Now

Spring Security OAuth 2.0.3 is available now in all the usual Maven repositories. It's a bug fix release, nothing major, so upgrading from 2.0.x should be painless (and is recommended). Some people were having issues getting JWT tokens to work properly, and those should be fixed. The only noteworthy functional change is that Resource Servers (if configured with @Configuration) will now check the validity of the client and scopes before allowing access to protected resources. This means that client privileges can be revoked quickly, but may also lead to a performance penalty (so caching the ClientDetailsService results would be recommended).

Read more...

Spring Boot 1.1.3 Available Now

Spring Boot 1.1.3 is available now in Maven Central. This was primarily a bugfix release for Windows users needing the executable JAR features of Spring Boot, but several other issues were resolved, and there are plenty of documentation and third-party version updates too.

Thanks again to all the people who contributed (84 committers now and rising)!

Read more...

Spring Boot 1.1.0.RC1 Available Now

Spring Boot 1.1.0.RC1 is available now in the Spring repositories. There are some new features and some new documentation:

  • Autoconfiguration support for Spring Data Elastic Search, HornetQ messaging, Spring Social

  • Support for @IntegrationTest in the Groovy CLI

  • Upgrades to Tomcat, Spring Integration, Reactor and Groovy

We are on schedule for a GA release some time in the next 2 weeks, so please try out the RC1 and get feedback onto github as soon as you have time.

Read more...

Spring Boot 1.1.0.M2 Available Now

Spring Boot 1.1.0.M2 is available now in the Spring repositories. There are quite a few new features and plenty of new documentation:

  • Groovy Template and Velocity support for MVC and offline rendering.

  • Big changes to the HealthIndicator interface and the existing implementations, e.g. all database backends (like Mongo etc.) have a default HealthIndicator and the Actuator aggregates them all up into a single readout.

  • Support for Spring Data Solr and Spring Data Gemfire, and upgrade to the Spring Data Dijkstra release train

  • Support for multiple DataSources through a convenient DataSourceBuilder abstraction, plus a similar feature for JPA EntityManagerFactories

  • Upgrades to various new versions of existing dependencies, e.g. Spring Batch 3.0, Spring Security 3.2.4

Read more...