Project Sagan: Upgrading to JDK 8

As I’m sure most readers are aware, Java SE 8 was released last month. In conjunction with the recent release of STS 3.5.0 and its complete support for JDK 8, we thought now would be an ideal time to upgrade Sagan to take advantage of the new language features and APIs.

Note: Not yet familiar with the Sagan project? It’s the Spring reference application that powers this blog and everything else at spring.io. Check out the first three posts in this series for more details.

Cloud Foundry’s Java buildpack has provided support for JDK 8 since the day it was released. To begin using it, we’ve created our own fork of the buildpack, bumped the JDK version from 1.7.0 to 1.8.0, and configured our Gradle build to use our fork when deploying Sagan to production.

Read more...

Spring Security OAuth 2.0.0.RC1 Available

Spring Security OAuth 2.0.0.RC1 is available now from the Spring Repo. This is a huge step in the direction of modernisation and ease of use for OAuth server and client apps on Spring.

The headline feature is support for @Configuration(for OAuth2 only) and if you use Spring Boot to write your app you can serve tokens and protect the API resources in about 25 lines of code:

@Configuration
@EnableAutoConfiguration
@EnableResourceServer
@RestController
public class Application {

	public static void main(String[] args) {
		SpringApplication.run(Application.class, args);
	}

	@RequestMapping("/")
	public String home() {
		return "Hello World";
	}

	@Configuration
	@EnableAuthorizationServer
	protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {

		@Autowired
		private AuthenticationManager authenticationManager;
		
		@Override
		public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
			endpoints.authenticationManager(authenticationManager);
		}
		
		@Override
		public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
		 	clients.inMemory()
		        .withClient("my-trusted-client")
		            .authorizedGrantTypes("password", "authorization_code", "refresh_token")
		            .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
		            .scopes("read", "write", "trust")
		            .resourceIds("oauth2-resource")
		            .secret("secret");
		}

	}

}
Read more...