Blog post Authors
Joe Grandja

Joe Grandja

Joe Grandja is a core committer on the Spring Security team. He has been leading the efforts in building the next generation of OAuth2 and OpenID Connect support in Spring Security and Spring Authorization Server.

With over 25 years of industry experience, Joe has been a Solution Architect, a Software Engineer, a Team Lead, and a Consultant. His past experience has been mainly focused in the Financial Services sector in the Toronto, Canada, area. He has designed, built, and delivered enterprise grade banking applications and platforms in the Personal and Commercial and Brokerage and Investing divisions. He has worked closely with the InfoSec teams within banks to ensure security and regulatory compliance.

Recent Blog posts by Joe Grandja

Spring Security OAuth 2.2.0.RC1 Released

Releases | July 14, 2017 | ...

On behalf of the community, I’m pleased to announce the release of Spring Security OAuth 2.2.0.RC1.

The 2.2.0.RC1 release includes numerous improvements to the JSON Web Key (JWK) feature contained in JwkTokenStore along with the addition of JwtClaimsSetVerifier that provides the capability of custom JWT Claim(s) verification. See the GitHub Issue for more details.

This release also includes a small number of bug fixes and minor enhancements.

Project Page | GitHub | Documentation | Help

Read more

Spring Security OAuth 2.1.0 and 2.0.13 Released

Releases | March 03, 2017 | ...

On behalf of the community, I’m pleased to announce the release of Spring Security OAuth 2.1.0 and maintenance release 2.0.13.

The 2.1.0 release includes a new feature supporting JSON Web Signature (JWS) verification using JSON Web Key (JWK). This feature provides support for Authorization Servers that have implemented key rollover/rotation. See the GitHub Issue for more details.

The 2.0.13 release includes a small number of bug fixes and minor enhancements as well as the JWK feature to support the upcoming Spring Boot 1.5.2 release.

Project Page | GitHub | Documentation | Help

Read more

Spring Security OAuth 2.0.12 Released

Releases | November 07, 2016 | ...

On behalf of the community, I’m pleased to announce the release of Spring Security OAuth 2.0.12.RELEASE. The release can be found in our Spring Release repository and Maven Central.

This release primarily includes bug fixes and minor enhancements.

Contributions

Without the community we couldn’t be the successful project we are today. I’d like to thank everyone that created issues & provided feedback.

Feedback Please

If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues or via the comments section. You can also ping me Joe @joe_grandja, Dave @david_syer or Rob @rob_winch

Read more

Spring Security OAuth2 - Client Authentication Issue

Engineering | August 31, 2016 | ...

Issue #808 was recently reported that allowed a user to authenticate as a client and obtain an access token via the client_credentials or password grant flow.

This unique scenario occurs when a client and user have the same identifier (clientId and username). The user’s credentials are used for client authentication during a client_credentials or password grant flow and is successful in obtaining an access token with the authorities of the client.

The Fix

This bug has been fixed in 1ed986a and released in 2.0.11.RELEASE.

If you’re using Java-based configuration, please update to 2.0.11.RELEASE…

Read more

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all