Newest Post

Video: SpringOne 2GX Keynote - Spring, Yesterday, Today and Tomorrow

Read more

Cross Site Request Forgery and OAuth2

In this short article we look at Cross Site Request Forgery in the context of OAuth2, looking at possible attacks and how they can be countered when OAuth2 is being used to protect web resources.

OAuth2 is a protocol enabling a Client application, often a web application, to act on behalf of a User, but with the User’s permission. The actions a Client is allowed to perform are carried out on a Resource Server (another web application or web service), and the User approves the actions by telling an Authorization Server that he trusts the Client to do what it is asking. Common examples of Authorization Servers on the internet are Facebook and Google, both of which also provide Resource Servers (the Graph API in the case of Facebook and the Google APIs in the case of Google).

Read more

This Week in Spring, November 29th, 2011

Welcome back to another installment of This Week in Spring. There’s a lot to talk about this week as well as a bevy of new releases, so let’s get right to it!

  1. Chris Beams has announced the latest and greatest release of Spring 3.1, RC2. This is the intended final release so get the bits and try it out soon. For a tour of what’s what in Spring 3.1, check out the release notes and the Spring 3.1 blog series
  2.  <LI> 
        The steady march to Spring Integration 2.1 GA continues. This week, <A href= "">Spring Integration 2.1 RC1  was  released</a>.  
    There are a lot of new features in  Spring Integration 2.1, including support for GemFire, RabbitMQ, MongoDB, and much, much, more.  For the full details, <a href="">see the release notes</a>.  </LI>
    <A href ="">SpringSource Tool Suite</A> lead Martin Lippert has announced the <a href="">latest release of SpringSource Tool Suite, version 2.8.1</a>, which provides a <EM>very</EM> compelling feature: compliance with both versions of the Maven plugins typically supported: M2E, the new, Eclipse-foundation supported integration, and M2Eclipse, the original integration furnished by Sonatype.  This makes it possible for  developers to upgrade and transition easily. All users are encouraged to upgrade immediately. 
     <LI>  Spring Roo project lead Alan Stewart  has announced that <A href= "">Spring Roo 1.2.0.RC1 has been released</a>. The new release  is packed with new features, including multi-module Maven projects, JSF 2.0 and RichFaces support, and much more.

    Daniel Mikusa has put together a fantastic post introducing

    JVM performance tuning while running Apache Tomcat. The post introduces the various command line options, including -Xss, -XX:PermSize and -XX:MaxPermSize, as well as some details about choice of JVM garbage collector. Nice post!

    <LI>   In this new video interview from <a href= "">InfoQ</a>, Spring expert <a href="">Costin Leau</a> talks about <a href="">Spring Data, caching, data grid architectures and work on a new Spring Hadoop project</a>. 

  3. BSB labs has put together a wonderful post on remote partitioning with Spring Batch.

        <a href= "">Spring Batch</a>, as readers already know, is a powerful framework for building batch jobs. Spring Batch makes it dead simple to handle long running, multi-step batch processing jobs, and - with remote partitioning, it is even easier to partition those jobs across multiple nodes. This post introduces some of the cool features in the remote partitioning features available in Spring Batch. Check it out!
     eWeek has an interesting post about a recent <a href = "">Evans Data survey that found that developers prefer Cloud Foundry</A>. Not a lot of technical content, of course, but this provides a lot of good insight into why others are choosing Cloud Foundry and can be useful when you're trying to make the  case for <A HREF="">Cloud Foundry</a> in your organization.
     <LI>  ActiveState, creators of   the Stackato cloud, which is based on  <a href="">Cloud Foundry</a> (the open source PaaS from VMware), has announced that <a href= "">their Micro Cloud will remain free</a> after the beta is finished. This ensures that developers can develop against the cloud in perpetuity.  </LI>

  4. Spring uses proxying to work its magic. There are three types of proxying that each have their own advantages and disadvantages.
    Tomasz Nurkiewic introduces how Spring uses dynamic proxies, CGLIB proxies, and AspectJ proxies as well as some of the potential pitfalls. This is a very nice post!

  5. Stacey Schneider has put together a great post on the new 7.0.23 release of Apache Tomcat.
    Among the new features in the new release, you’ll find the ability to start and stop web applications in parallel to improve startup times, caching the of configuration files, and improved handling of failed deployment restarts.

  6. Eclipse Virgo 3.0.2 has been released. This new release fixes several bugs.

Read more

SpringSource Tool Suite 2.8.1 released

The SpringSource Tool Suite team is pleased to announce the new release 2.8.1 of the SpringSource Tool Suite (STS).

STS 2.8.1 is now compatible with the new Maven Integration as well as the old one. So updating your existing STS 2.7 or 2.8 version to STS 2.8.1 doesn't force you to also update the Maven Integration. Instead you can switch to the new Maven integration whenever you want - and even switch back to the old integration, if the new one doesn't work out for you. We automate this up- and downgrading of the Maven Integration as much as possible with two new items on the Dashboard. Please find more details in the New & Noteworthy and the updated m2e FAQ forum post.

Read more

Spring Roo 1.2.0.RC1 released

The Spring Roo team is delighted to announce the availability of 1.2.0 Release Candidate 1. The Roo 1.2.0.RC1 release follows on from M1 and includes two exciting new features:

  • Multi-module Maven project support. This is the Roo community’s most popular and most voted for feature (ROO-120). You can now create projects with a parent POM and as many project modules as you wish. For example, you can put your domain model in one module and separate out your UI code such as MVC or GWT, into their own modules.  Full documentation on this feature will be available in the general availability release of Roo 1.2.0 later this year.

  • JSF 2.0/PrimeFaces 3. The second most popular community feature and most asked for feature in the recent Roo survey - JSF 2.0/PrimeFaces support (ROO-516). You can now scaffold high-quality JSF applications utilizing the stunning components from the PrimeFaces 3.0 component library. Full round-tripping of code, switching between JSF 2.0 implementations (Oracle Mojarra or Apache MyFaces), and PrimeFaces theme selection via a Roo command are supported.

Read more

Spring Integration 2.1 Release Candidate 1 is now available

We are pleased to announce that Spring Integration 2.1 Release Candidate 1 is now available.
Release Notes | Documentation | Download

If you would like to grab the artifacts via Maven, please use the following repository and dependency configuration (and replace ‘core’ with any other modules you want to use, e.g. ‘amqp’, ‘gemfire’, ‘http’):

    <name>Spring Framework Maven Milestone Repository</name>

Read more

This Week in Spring, November 22nd, 2011

Welcome back to another installment of This Week in Spring. For those of us in the US, the Thanksgiving holiday is upon us.

Generally, the idea behind Thanksgiving (which has analogs in many other countries, as well) is to have a day to reflect on the things we are thankful for.

In that spirit, let me offer one of the things that I am thankful for: thank you, dear readers, for being part of the most awesome
community out there.
Between all the cool stuff you guys are doing and all the cool stuff happening at SpringSource,
it is an absolute pleasure to put together this roundup every week. We hope you have a wonderful week and we look forward to seeing you next week.

Read more

Spring GemFire 1.1.0.RC1 Released for Java

Dear Spring Community,
We are pleased to announce the first release candidate of the Spring GemFire 1.1 project is now available! The Spring GemFire project aims to make it easier to build Spring-powered highly scalable applications using GemFire as distributed data management platform.

The updates in this release include:

  • Aligned Maven naming to Spring Data conventions (new ids are

  • Introduced PDX attributes on cache and client-cache namespace

  • Upgrade to GemFire 6.6.1

Read more

Spring Data Neo4j 2.0.0.RC1 released

Dear Spring Community,

The Spring Data Team and Neo Technology have just released the Release Candidate 1 of Spring Data Neo4j,
the integration library for Neo4j the Enterprise NOSQL database.

Integrating the feedback from the very successful SpringOne 2011 and our community we exended the previous Milestone release with new functionality and took care of reported issues.

If you'd like to get an Introduction to Spring Data Neo4j, watch out for our presentations/webinars.


  • Updated Neo4j to 1.5 AspectJ to 1.6.12
  • Added repository support for the new Cypher-DSL (1.5.M1) (with QueryDSL support)
  • Updated cypher syntax changes for 1.5
  • Extended result-handling-dsl to allow changes of container classes
  • Added examples for hello-worlds and cypher for both mapping options
  • @RelationshipEntity has an fallback relationship-type attribute
  • Support for (mutable) @RelatedToVia collections (like Set)
  • Relationship-Entities can now be directly instantiated and persisted
  • Introduced the concept of a MappingPolicy for the POJO mapping mode (currently @Fetch)
  • Simplified cineasts using annotated and derived queries on repositories
  • Added repository for access of relationship-related methods
  • Improved support for collection properties
  • List, Set, Collection, Page as return types on derived and annotated query methods
Read more