I'm pleased to announce the release of Spring Session 1.0.0.RC1.

For full details on the changes made in the release, please refer to the changelog. The highlights of this release include:

• WebSocket support. See the websocket sample for details.
• Support for multiple simultaneous sessions in a single browser. Refer to the users sample for an example.
• Simplified configuration with @EnableRedisHttpSession and AbstractHttpSessionApplicationInitializer
• Support for background task to cleanup expired Redis sessions. See spring-session/gh-59
• Added spring-session-data-redis pom to make declaring dependencies more concise.
• Hazelcast Sample
…

Introduction

In my previous post, I discussed Spring Security WebSocket integration. One of the problems is that in a servlet container, the WebSocket requests do not keep the HttpSession alive.

Consider an email application that does much of its work through HTTP requests. However, there is also a chat application embedded within it that works over WebSocket APIs. If a user is actively chatting with someone, we should not timeout the HttpSession since this would be pretty poor user experience. However, this is exactly what JSR-356 does.

Another issue is that according to JSR-356 if the HttpSession times out any WebSocket that was created with that HttpSession and an authenticated user should be forcibly closed. This means that if we are actively chatting in our application and are not using the HttpSession…

[callout title=Updated Dec 11 2014]Although originally about Spring Security 4.0.0.M2, the blog has been updated to reflect improvements found in Spring Security 4.0 RC1.[/callout]

Introduction

Previously, an application could use Spring Security to perform authentication in a WebSocket application. This worked because the Principal of an HttpServletRequest will be propagated to the WebSocket Session.

The problem is that authorization was limited to handshake. This means that once the connection was made, there was no way to provide any granularity to authorization of the WebSocket application…

I'm pleased to announce the release of Spring Security 4.0.0.M2 available in the Spring Milestone repository.

[callout title=SpringOne 2GX 2014 is around the corner]Book your place at SpringOne in Dallas, TX for Sept 8-11 soon. It's simply the best opportunity to find out first hand all that's going on and to provide direct feedback. From 0 to Spring Security 4.0 session will contain detailed information on how to get started with Spring Security and provide a deep dive into the new features found in Spring Security 4. Of course there plenty of other exciting Spring related talks![/callout]

…

Spring Security 3.2.5 (change log) and 3.1.7 (change log) have been released and are available in Maven Central. Important highlights of this release are:

• This release contains a fix for CVE-2014-3527 which resolves an issue where a malicious CAS Service can impersonate another CAS Service when using proxy tickets.
• This release updates the transitive dependencies of the cas module to cas-client-core which has a fix for CVE-2014-4172. This issue was not in Spring Security itself, but the library in which it depends on.

A special thanks to Scott Battaglia & the rest of the CAS team for…

I'm pleased to announce the second milestone release of Spring MVC Test HtmlUnit.

The project’s aim is to provide integration between [Spring MVC Test](Spring MVC Test Framework) and HtmlUnit. This simplifies performing end to end testing when using HTML based views.

Changelog

You can view the complete changelog on github. Below are the highlights of the release:

• The release contains Reference Documentation and Publishes the API Docs
• The artifact name has changed from spring-test-mvc-htmlunit to spring-test-htmlunit See the Updating Dependencies to see how to add Spring MVC Test HtmlUnit as either a Maven or Gradle dependency
• The project name has been changed to Spring MVC Test HtmlUnit in order to better align with Spring MVC Test's name
• Context root of "" is now supported
• Support for external resources has been added. See the javadoc of DelegatingWebConnection for additional details.
• Bug fixes
…

I'm pleased to announce the release of Spring Session 1.0.0.M1.

Benefits

This project provides a number of benefits including:

• Accessing a session from any environment (i.e. web, messaging infrastructure, etc)
• In a web environment
  • Support for clustering in a vendor neutral way
  • Pluggable strategy for determining the session id
  • Easily keep the HttpSession alive when a WebSocket is active

Getting Started

Refer to the Quick Start section of the README to learn how to you can use Spring Session in your application.

Feedback Please

If you have feedback, I encourage you to reach out via github issues, via the comments section, or ping me on twitter @rob…

[callout title=Updated March 31 2015]This blog is outdated and no longer maintained. Please refer to the Test Section of the reference documentation for updated documentation. [/callout]

In my previous blog we demonstrated how the new Spring Security testing support can ease testing method based security. In this blog we will explore how we can use the testing support with Spring MVC Test.

Setting Up MockMvc and Spring Security

In order to use Spring Security with Spring MVC Test it is necessary to add the Spring Security FilterChainProxy as a Filter. For example:

@RunWith(SpringJUnit…

[callout title=Updated March 31 2015]This blog is outdated and no longer maintained. Please refer to the Test Section of the reference documentation for updated documentation. [/callout]

In my previous blog we explored how we can use the testing support with Spring MVC Test. We will now see how the same support works with Spring Test MVC HtmlUnit.

[callout title=Minimum Versions]The Spring Security testing support does not work with spring-test-mvc-htmlunit-1.0.0.M1.jar. Instead, you just use the latest snapshot. This is due to some slight modifications to allow Spring Security and the…

I'm pleased to announce the release of Spring LDAP 2.0.2.RELEASE. The highlights of this release include:

• LDAP-300 - Fix potential NullPointerException when using Spring LDAP in a uber jar
• LDAP-299 - Deprecation of spring-ldap-ldif-batch module in favor of using classes within Spring Batch

For additional information on the release, refer to the changelog.

Reference | Javadoc