Spring blog

All Posts
Engineering
Releases
News and Events

How not to hate Spring in 2016

Engineering | Phil Webb | November 29, 2015 | ...

Over the Thanksgiving weekend a 2014 article called "Why I hate Spring" by Sam Atkinson started doing the rounds on Twitter. It's always interesting to listen to criticisms to see what we can do to improve Spring, much of Spring Boot was born out of listening to people talk about the problems that they faced with the framework.

In this blog post, I'll try to address some of the concerns discussed in Sam's article, and describe my personal Spring "best practices". Before we get too much into the details though, it's worth considering why less…

Read more

Migrating Spring Cloud Apps from Spring Boot 1.2 to 1.3

Engineering | Dave Syer | November 25, 2015 | ...

There are some interesting new features in Spring Boot 1.3 that are now available in Spring Cloud in the Brixton release train. The Angel release train of Spring Cloud is partly incompatible with Spring Boot 1.3, so when you upgrade there are some important things to be aware of. This article helps you navigate the changes and update any existing apps to use the new features. It should also be helpful generally when trying to adopt new versions of Spring projects into existing codebases.

TIP: You can use mvn dependency:tree or gradle dependencies to list the dependencies in your project and check the versions.

Read more

This Week in Spring - November 23, 2015

Engineering | Josh Long | November 24, 2015 | ...

Welcome to another installation of This Week in Spring! Here in the US it's the week of Thanksgiving, where - hopefully - we take a moment to note the many things for which we're thankful. I'm sure I speak for the whole team here at Pivotal when I say: we're thankful for you, dear community. Thank you.

And so, as usual, we've got a lot to get to it. All the better, in fact, for the lazy hours after turkey!

  • Dr. Mark Pollack has just announced the release of Spring XD 1.3 GA and Spring Flo for Spring XD 1.0. This is a huge release! Spring XD 1.3.0 supports job composition DSLs, Spring Flo for Spring XD, an improved Admin UI, Spark 1.3.1, updates to the Spring Data and Spring for Hadoop distributions, a Cassandra Sink and much more! It is also the last in the line before Spring XD completes its journey to the archhitecture already partially laid out in Spring Cloud Stream and Spring Cloud Dataflow! This is an exciting evolution of the technology!
  • Spring Security and Spring Session lead Rob Winch has just announced Spring Session 1.1.0.M1 complete with a lot of new features: searching HTTP sessions by username, HttpSessionListener support, customized Cookie creation, overriding the default RedisSerializer
Read more

Spring XD 1.3 GA and Flo for Spring XD 1.0 GA released

Engineering | Mark Pollack | November 19, 2015 | ...

Today we are pleased to announce the general availability of Spring XD 1.3 and Flo for Spring XD 1.0.

  • Spring XD 1.3 GA: zip, brew and rpm.
  • Flo for Spring XD 1.0 GA: zip.

In addition to bug fixes we have also added several new features in the 1.3 release line

  • Job Composition DSL allows for the creation of a complex graph of job executions.
  • Flo for Spring XD designer supports creating composed jobs.
  • Admin UI supports execution history of composed jobs.
  • Cassandra Sink and Header Enricher Processor
  • Gpfdist sink now supports update operations and full range of control file options
  • Spark 1.3.1 Support
  • A timeout value for flushing writes to HDFS in order to ensure data is persisted on the HDFS DataNode’s disks.
  • General dependency upgrades, Spring Data Gosling, SI 4.2, and Boot 1.2
Read more

This Week in Spring - November 17, 2015

Engineering | Josh Long | November 17, 2015 | ...

My goodness the time has flown! We're already staring down the beginning of 2016!

Welcome to another installation of This Week in Spring! This week I'm in beautiful Casablanca, Morocco for Devoxx Morocco! This is the fifth Devoxx this year - with events in Belgium, UK, France, Poland and now Morocco - and I have the rare honor of having spoken at all of them! #fullDevoxx

We've got a lot to cover this week so let's get to it!

Read more

This Week in Spring - November, 10, 2015

Engineering | Josh Long | November 10, 2015 | ...

Welcome to another installation of This Week in Spring! This week I'm in Antwerp, Belgium for the grand mother of all Devoxxes (Devoxxen?), Devoxx Belgium! I'm here along with several members of the team and if you're around, don't hesitate to say hi!

Read more

This Week in Spring (PCF 1.6 edition!) - November 3, 2015

Engineering | Josh Long | November 03, 2015 | ...

Welcome to another installation of This Week in Spring! This week I'm in Sofia, Bulgaria for one of my favorite shows, the epic Java2Days event!

Last week saw the release (finally!) of Pivotal Cloud Foundry 1.6, which contains more than a year and half of highly anticipated features and heavy lifting. The new release includes, among many other things, support for platform-managed GitLab, JFrog Artifactory, and CloudBees Jenkins CI; support for microservices infrastructure including the Spring Cloud Config Server, and Spring Cloud Eureka; and support for Docker container images and .NET applications; and support for running on Microsoft Azure. This release is packed with all sorts of features optimized for the continuous and safe…

Read more

Spring XD 1.3 Demo: Flo for Batch

Engineering | Pieter Humphrey | November 03, 2015 | ...

Flo for Batch pipeline builds upon the newly supported Batch DSL in Spring XD that can be used to create composite batch workflows involving sequential, parallel or even the combination of both jobs.

Read more

This Week in Spring (JavaOne 2015 Edition) - October 27, 2015

Engineering | Josh Long | October 28, 2015 | ...

Welcome to another installation of This Week in Spring! This week I'm at JavaOne 2015 in San Francisco along with the rest of the Pivotal team. This week the Pivotal Spring team is out in full force, come stop by and say hi!

There are some great new SpringOne2GX 2015 recordings on line as well as some great community content this week so let's get to it!

Read more

React.js and Spring Data REST: Part 5 - Security

Engineering | Greg L. Turnquist | October 28, 2015 | ...
To see updates to this code, visit our React.js and Spring Data REST tutorial.

In the previous session, you made the app dynamically response to updates from other users via Spring Data REST’s built in event handlers and the Spring Framework’s WebSocket support. But no application is complete without securing the whole thing so that only proper users have access to the UI and the resources behind it.

Feel free to grab the code from this repository and follow along. This session is based on the previous session’s app with extra things added.

Adding Spring Security to the project

Before getting underway, you need to add a couple dependencies to your project’s pom.xml file:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>

This bring in Spring Boot’s Spring Security starter as well as some extra Thymeleaf tags to do security look ups in the web page.

Defining the security model

In the past session, you have worked with a nice payroll system. It’s handy to declare things on the backend and let Spring Data REST do the heavy lifting. The next step is to model a system where security controls need to be instituted.

If this is a payroll system, then only managers would be accessing it. So kick things off by modeling a Manager object:

@Data
@ToString(exclude = "password")
@Entity
public class Manager {

public static final PasswordEncoder PASSWORD_ENCODER = new BCryptPasswordEncoder();

private @Id @GeneratedValue Long id;

private String name;

private @JsonIgnore String password;

private String[] roles;

public void setPassword(String password) {
	this.password = PASSWORD_ENCODER.encode(password);
}

protected Manager() {}

public Manager(String name, String password, String... roles) {

	this.name = name;
	this.setPassword(password);
	this.roles = roles;
}



}

  • PASSWORD_ENCODER is the means to encrypt new passwords or to take password inputs and encrypt them before comparison.
  • id, name, password, and roles define the parameters needed to restrict access.

  • The customized setPassword() ensures that passwords are never stored in the clear.

There is a key thing to keep in mind when designing your security layer. Secure the right bits of data (like passwords) and do NOT let them get printed to console, into logs, or exported via JSON serialization.

  • @ToString(exclude = "password") ensures that the Lombok-generated toString() method will NOT print out the password.
  • @JsonIgnore applied to the password field protects from Jackson serializing this field.

Creating a manager’s repository

Spring Data is so good at managing entities. Why not create a repository to handle these managers?

@RepositoryRestResource(exported = false)
public interface ManagerRepository extends Repository<Manager, Long> {

Manager save(Manager manager);

Manager findByName…
Read more

Get the Spring newsletter

Stay connected with the Spring newsletter

Subscribe

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all