Spring Session Apple SR6 Released
On behalf of the community, I am pleased to announce that Spring Session Apple SR6 is released. The release includes Spring Session 2.0.8.RELEASE (changelog).
Blog Posts by Rob Winch
Spring Security 5.1.1, 5.0.9, and 4.2.9 Released
On behalf of the community, I am pleased to announce that Spring Security 5.1.1 (changelog) Spring Security 5.0.9 (changelog) and 4.2.9 (changelog) have been released. The releases primarily deliver bug fixes and dependency version updates along with some minor improvements. The releases will be found in the upcoming Spring Boot maintenance releases coming this week.
Spring Session BOM Bean-RC1 Released
This post was authored by Vedran Pavić
On behalf of the community, I’m pleased to announce the release of Spring Session BOM Bean-RC1. This release is based on Spring Session 2.1.0.RC1 which resolves a total of 13 issues. Please read on for the highlights of the release.
Spring Session Bean-M1 and Apple-SR4 Released
This post was authored by Vedran Pavić
On behalf of the community I’m pleased to announce the releases of Spring Session BOM Bean-M1 and Apple-SR4. Spring Boot users will be happy to learn that these release were picked up in recent 2.1.0.M1 and 2.0.4.RELEASE releases of Spring Boot, respectively.
Spring Session Bean-M1
The Bean-M1 is first milestone release that is based on Spring Session 2.1.0.M1.
The following table provides an overview of all the included modules and their respective versions:
| Module | Version |
|---|---|
Spring Session Core |
|
Spring Session Data GemFire |
|
Spring Session Data Geode |
|
Spring Session Data MongoDB |
|
Spring Session Data Redis |
|
Spring Session Hazelcast |
|
Spring Session JDBC |
|
Spring Session 2.1.0.M1
The 2.1.0.M1 is the first milestone release in 2.1.x lifecycle. Highlights of this release are support for Same-Site Cookie, which is another mechanism that helps developers to protect from Cross-Site Request Forgery, and support for HttpSessionBindingListener. The release also includes the usual dependency upgrades, including picking up Spring Framework 5.1.0.RC1 as a baseline. You can find the complete details of the release in the changelog.
Using the BOM
With Maven:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-bom</artifactId>
<version>Bean-M1</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>
...
</dependencies>With Gradle:
plugins {
id 'io.spring.dependency-management' version '1.0.6.RELEASE'
}
dependencyManagement {
imports {
mavenBom 'org.springframework.session:spring-session-bom:Bean-M1'
}
}
dependencies {
compile 'org.springframework.session:spring-session-data-redis'
...
}Spring Security 5.1.0.M2 Released
On behalf of the community I am pleased to announce the release of Spring Security 5.1.0.M2. This release comes with 100+ tickets closed.
As always we look forward to hearing your feedback! You can find the highlights below:
OAuth2
OAuth2 Resource Server
Basic support for OAuth2 Resource Servers has been added. See oauth2resourceserver
Authorization Code Flow
User’s can now obtain an access token using the OAuth 2.0 Authorization Code grant. See the authcodegrant sample.
WebClient and OAuth2 Support
There is now built in support for OAuth2 and WebClient support. The support allows:
-
Adding the access token to the request
-
Automatic refreshing of the access token when it expires
-
Resolving the access token to use
For example, in a Servlet environment you can configure a Bean like this:
@Bean
WebClient webClient(OAuth2AuthorizedClientRepository repository) {
ServletOAuth2AuthorizedClientExchangeFilterFunction filter =
new ServletOAuth2AuthorizedClientExchangeFilterFunction(repository);
return WebClient.builder()
.filter(new OAuth2AuthorizedClientExchangeFilterFunction())
.apply(filter.oauth2Configuration())
.build();
}Now you can add the OAuth token in a number of different ways. If you want you can resolve the OAuth2AuthorizedClient using the Spring MVC support. If the authorization server returned a refresh token and the access token is about to expire, Spring Security will transparently update the access token and submit the updated access token instead.
@GetMapping("/users")
Mono<String> users(@RegisteredOAuth2AuthorizedClient("client-id")
OAuth2AuthorizedClient authorizedClient) {
return this.webClient.get()
.uri("https://api.example.com/user")
.attributes(oauth2AuthorizedClient(authorizedClient))
.retrieve()
.bodyToMono(String.class);
}You can also resolve the access token through the WebClient. Fore example:
Mono<String> users() {
return this.webClient.get()
.uri("https://api.example.com/user")
.attributes(clientRegistrationId("client-id"))
.retrieve()
.bodyToMono(String.class);
}If you authenticated using OAuth2 Log In or OIDC, then a default access token can be applied with no user interaction.
Mono<String> users() {
// if Authenticated with OIDC
// OAuth2 Log In use the access token associated to log in
return this.webClient.get()
.uri("https://api.example.com/user")
.retrieve()
.bodyToMono(String.class);
}Spring Session Apple SR3 Released
This post was authored by Vedran Pavić
On behalf of the community I’m pleased to announce the release of Spring Session BOM Apple-SR3. This release includes an update of Spring Session core modules (which include Data Redis, Hazelcast and JDBC) to 2.0.4.RELEASE.
The following table provides an overview of all the included modules and their respective versions:
| Module | Version |
|---|---|
Spring Session Core |
|
Spring Session Data GemFire |
|
Spring Session Data Geode |
|
Spring Session Data MongoDB |
|
Spring Session Data Redis |
|
Spring Session Hazelcast |
|
Spring Session JDBC |
|
Spring Security 5.0.6 and 4.2.7 Released
On behalf of the community, I am pleased to announce that the Spring Security 5.0.6 (changelog) and 4.2.7 (changelog) have been released. The releases primarily delivers bug fixes and dependency version updates along with some minor improvements. The releases will be found in the upcoming Spring Boot maintenance releases coming later this week.
Spring Security 5.1.0.M1 Released
On behalf of the community I’m pleased to announce the release of Spring Securiity 5.1.0.M1. This release resolves over 80 tickets. The highlights can be seen below:
-
Spring Security OAuth2 Client Support for WebFlux. See the sample for how to use it.
-
Numerous other enhancements to WebFlux Support
-
Implementation of the Authorization Code Grant. See the sample for how to use it.
Feedback Please
If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues, or via the comments section. You can also ping me @rob_winch , Joe @joe_grandja, or Josh @jzheaux on Twitter.
Spring Session Apple SR2
On behalf of the community I’m pleased to announce the release of Spring Session BOM Apple-SR2. This release includes an update to the core modules and adds support for Spring Session for Apache Geode. You can use the BOM
With Maven:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-bom</artifactId>
<version>Apple-SR2</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>
...
</dependencies>Spring Security 4.2.6 Released
I’m pleased to announce the release of Spring Security 4.2.6. The release primarily delivers bug fixes and dependency version updates along with some minor improvements.
For a complete list of changes, please refer to the 4.2.6 changelog.