In this article we continue our discussion of how to use Spring Security with Angular JS in a "single page application". Here we show how to write and run unit tests for the client-side code using the Javascript test framework Jasmine. This is the eighth in a series of articles, and you can catch up on the basic building blocks of the application or build it from scratch by reading the first article, or you can just go straight to the source code in Github (the same source code as Part I, but with tests now added). This article actually has very little code using Spring or Spring Security, but…

In this article we continue our discussion of how to use Spring Security with Angular JS in a "single page application". Here we show how to modularize the client-side code, and how to use "nice" URL paths without the fragment notation (e.g. "/#/login") which Angular uses by default, but most users dislike. This is the seventh in a series of articles, and you can catch up on the basic building blocks of the application or build it from scratch by reading the first article, or you can just go straight to the source code in Github. We will be able to tidy up a lot of loose ends from the…

In this article we look at how to bind a Spring Boot application to data services (JDBC, NoSQL, messaging etc.) and the various sources of default and automatic behaviour in Cloud Foundry, providing some guidance about which ones to use and which ones will be active under what conditions. Spring Boot provides a lot of autoconfiguration and external binding features, some of which are relevant to Cloud Foundry, and many of which are not. Spring Cloud Connectors is a library that you can use in your application if you want to create your own components programmatically, but it doesn't do…

Note: the source code and test for this blog continue to evolve, but the changes to the text are not being maintained here. Please see the tutorial version for the most up to date content.

In this article we continue our discussion of how to use Spring Security with Angular JS in a "single page application". Here we show how to use Spring Session together with Spring Cloud to combine the features of the systems we built in parts II and IV, and actually end up building 3 single page applications with quite different responsibilities. The aim is to build a Gateway (like in part IV) that is used not only for API resources but also to load the UI from a backend server. We simplify the token-wrangling bits of part II by using the Gateway to pass through the authentication to the backends. Then we extend the system to show how we can make local, granular access decisions in the backends, while still controlling identity and authentication at the Gateway. This is a very powerful model for building…

Spring Cloud 1.0.0.RELEASE is available now in Maven Central (and repo.spring.io). Not too many changes since RC3 but we did find a few bugs, thanks largely to community involvement, so thanks to all who tried it out up to now. Here is a reminder of the goals of Spring Cloud:

Spring Cloud provides tools for developers to quickly build some of the common patterns in distributed systems (e.g. configuration management, service discovery, circuit breakers, intelligent routing, micro-proxy, control bus, one-time tokens, global locks, leadership election, distributed sessions, cluster state…

Spring Cloud 1.0.0.RC3 is available now from https://repo.spring.io/libs-milestone-local. This is (hopefully) the last milestone release before 1.0.0. There were some bug fixes since 1.0.0.RC2 and also a few small new features:

• Refactored the Feign support to look a bit more like Spring Data (so @EnableFeignClients instead of @FeignClientScan).
• Support for multipart/form-data in the Zuul proxy
• Support for including and excluding remote services in the automatic route registration in Zuul
• Support for declarative Ribbon retry in Zuul
• Cleaned up of a lot of dependencies. If you use the spring-cloud-starters you should get a nice consistent experience of adding and subtracting features. Gradle users need to use the dependency management plugin for the same experience.
• Added small, bite-sized sample projects…

Note: the source code and test for this blog continue to evolve, but the changes to the text are not being maintained here. Please see the tutorial version for the most up to date content.

In this article we continue our discussion of how to use Spring Security with Angular JS in a "single page application". Here we show how to use Spring Security OAuth together with Spring Cloud to extend our API Gateway to do Single Sign On and OAuth2 token authentication to backend resources. This is the fifth in a series of articles, and you can catch up on the basic building blocks of the application or build it from scratch by reading the first article, or you can just go straight to the source code in Github. In the last article we built a small distributed application that used …

Spring Security OAuth 2.0.6.RELEASE is available now in the usual repositories. It's a bug fix release, and users of 2.0.5.RELEASE should upgrade. The only critical bug was for users of JWT with refresh tokens, and there were also some people experiencing double encoding of redirect uris, which is now fixed. Highlights of new features:

• (Much requested) ability to have non-expiring refresh tokens with no customizations (just set the validity period to zero or less)

• The /token endpoint only accepts POST requests by default

• Resource servers do not accept cookie based authentication by default (you have to switch it on)

• Resource server configuration has a few new options including the ability to inject custom error handlers

…

Spring Cloud 1.0.0.RC2 is available now in the http://repo.spring.io repository. There was a lot of activity pruning and curating dependencies, so users upgrading from RC1 might need to tweak their starter dependencies a bit, but hopefully we are all in a better place as a result. There were also a lot of changes in the Security features, making it easier to customize various parts of that, mainly in response to people actually using it and needing help (so thanks for the feedback). We will probably have an RC3 before the GA, but things are getting pretty close to ready.

Note: the source code and test for this blog continue to evolve, but the changes to the text are not being maintained here. Please see the tutorial version for the most up to date content.

In this article we continue our discussion of how to use Spring Security with Angular JS in a "single page application". Here we show how to build an API Gateway to control the authentication and access to the backend resources using Spring Cloud. This is the fourth in a series of articles, and you can catch up on the basic building blocks of the application or build it from scratch by reading the first article, or you can just go straight to the source code in Github. In the last article we built a simple distributed application that used Spring Session to authenticate the backend resources. In this one we make the UI server into a reverse proxy to the backend resource server, fixing the issues with the last…