Spring Security 3.2.0.RC1 Released (08/2013)

Engineering | Rob Winch | August 19, 2013 | ...

Spring Security 3.2.0.RC1 is now available from the SpringSource repository at http://repo.springsource.org. See here for a quick tutorial on resolving these artifacts via Maven.

This release includes tons of updates and fixes. The highlights include:

  • Polishing of Spring Security Java Configuration
  • Uses content negotiation to determine how to prompt user for authentication when multiple authentication mechanisms (i.e. HTTP Basic and Form login) enabled
  • AbstractSecurityWebApplicationInitializer allows registering Java Configuration directly
  • A number of bugs fixed
  • CSRF protection and automatic integration with Spring Web MVC jsp tags
  • Automatic cache control support
  • Defence against Clickjacking attacks
  • HTTP Strict Transport Security support to reduce Man in the Middle attacks
  • Samples include pom.xml so they can be imported as Maven projects
  • MediaTypeRequestMatcher for matching on requests with content negotiation
  • Over ten java configuration samples have been integrated into the samples directory
  • Three new guides that walk users through samples and provide detailed instructions on how to do specific tasks. More of these guides will follow in coming releases
  • Refer to Spring Security 3.2.0.RC1 preview for more details about this release.


    To learn about all the new features within Spring Security 3.2 attend my Getting Started with Spring Security 3.2 presentation at SpringOne2GX September 9-12, 2013. If you haven't already gotten your tickets, do so now before its too late!

    Changelog | Download | Reference Manual | Guides | FAQ

    This Week in Spring - Aug 13th, 2013

    Engineering | Josh Long | August 13, 2013 | ...

    Welcome back to another installment of This Week in Spring. As usual, we've got a lot to cover, so let's get to it!

    1. The How to do in Java blog has a nice post on how to setup Siteminder pre-authentication using Spring Security 3.
    2. Another great SpringOne2GX 2013 session's just been added to the SpringOne2GX 2013 lineup, Real Time Analytics with Spring. This talk introduces one use case for Project Reactor, a foundation for asynchronous applications on the JVM.
    3. Andy Clement has just cut a new release of AspectJ, 1.8.0.M1, which will be used in Spring 4 and support Java 8. It is available through the SpringSource Maven repository as 1.8.0.M1. It is also in today's release of AJDT for Eclipse 4.3.
    4. The GoPivotal blog has an in-depth look at Apache Tomcat 8. Definitely worth a look!
    5. Eberhard Wolff has put together a very nice video on using the recently announced Spring Boot. Nice job, Eberhard! (as usual)
    6. Our pal Petri Kainulainen has written a very cool post on unit testing Spring MVC REST APIs.
    7. The Being Java Guys blog has a code-heavy post on how to do file uploads with Spring MVC. Nice job!
    8. This post from the Matthew's Thoughts! blog explains a simple Spring REST starter project that demonstrates how to use regular Spring Security to add a username and password-based authentication with a Spring MVC-powered REST service.
    9. The Code with Zen Mind blog has a nice series on building and testing Spring MVC applications. The first post introduces how to setup a test-driven project. The second post demonstrates how to do refactoring and how to introduce new test cases. The third post demonstrates how to use the tests established in the first two posts to survice a major refactoring (the implementation of the service under test changes). Really insightful!
    10. This post from the public static void blog() blog introduces how Spring's logging layering works. The post is in what Google Translate insists is Slovak, however, the translation was pretty good and - if we're honest - the diagrams are quite explanatory by themselves! Good stuff. Take a look, and - if possible - a read.
    11. The 1.5 version of the Cloud Foundry integration for Eclipse, which supports pushing applications to Pivotal Cloud Foundry organizations and spaces, using new Cloud Foundry services, and incrementally updating applications from Spring Tool Suite. The new integration may be installed from the STS dashboard or using the update site in the Help > Install New Software menu.

    This Week in Spring - Aug 6th, 2013

    Engineering | Josh Long | August 07, 2013 | ...

    Welcome back to another installment of This Week in Spring. On August 1, I celebrated my third year at SpringSource. I continue to enjoy the ride of my life and a huge part of that is my interaction with you, the most amazing community ever. Thanks for that, folks.

    Have you booked your tickets for SpringOne2GX? This year's show is a special one. In my work as the Spring Developer Advocate, I speak at many conferences all around the world. Ask any developer with a pulse, and they'll confirm that big data (and Hadoop), reactive web applications, REST, mobile application development, and cloud computing are sizzling hot topics today. Pivotal, and Spring, support today's developers, and SpringOne2GX's agenda represents in my estimation the perfect blend of content for today's developers. Check out the agenda. We've just recently added talks on big data, and REST service security with OAuth. This will be our first show under Pivotal, and it's the only place where you can talk to the developers working on the technologies you care about both at SpringSource and in the community. As you know, we've just announced our Cloud Foundry conference, Platform, and SpringOne2GX full pass ticket holders may register for that show - which is at the same venue as SpringOne2GX just two days earlier - for free! If I had to pay for just one show a year, this would be that show. Hurry the early bird rate expires this friday!

    1. Major news: Phil Webb and Dr. David Syer have just announced Spring Boot, which simplifies Spring application development. Spring Boot provides an opinionated layer on top of Spring and in so doing makes it dead simple to get an application up and running with a minimum of fuss. Seriously, this stuff will blow your mind. Do not read any further until you've read this short and sweet post! Give it a go and be sure to let us know about your experiences!
    2. Spring Framework 3.2.4 maintenance release is now available, with an important security fix for SpringOXM..
    3. Spring Data Redis-lead and ninja Jennifer Hickey just announced the availability of two Spring Data releases. Spring Data Redis 1.1, M2, featuring a lot of new features, including enhanced data pipelining, Redis 2.6 scripting, and more. Spring Data Redis 1.0.6 is also available, and features bug fixes and smaller improvements.
    4. Spring Mobile and Android lead Roy Clarkson just announced Spring Mobile 1.1.0.RC1, which features improvements to device detection and view resolution in Spring Mobile. Roy also announced a new cut of the stable line of Spring Mobile, 1.0.2, which features similar improvements, some backported.
    5. Spring Data ninja Oliver Gierke has just announced that the final release candidate for Spring Data Babbage is now available. This release is named for Charles Babbage. This release features support for the MongoDB Aggregation Framework and improved the execution of polymorphic queries, support to use SpEL expressions in manually defined queries with JPA, improved handling of entities using @IdClass, a countBy(..) method for Neo4j repositories, and much more.
    6. The replay for the webinars Functional Programming without Lamba and Spring with Cucumber for Automation are now available online. Be sure to check them out!
    7. A few weeks ago, our friend Johnathan Mark Smith put together a video introducing how to use Spring Data MongoDB and Java configuration. Check it out! And, if you're doing awesome videos, feel free to share. I'd love to post them on This Week in Spring, too!
    8. I smiled when I saw a tweet by the Reactor project lead Jonathan Brisbin in which he says, "Processor throughput: 90M ops/sec on a laptop. 1 thread + @LMAX Disruptor. Not #fastdata, #uberfastdata" and then links to a test case in the code. Needless to say, Reactor is going to shake things up big time! (And, of course, we'll have more content on Reactor at SpringOne2GX.
    9. The latest release of Tomcat, Apache Tomcat 8.0.0-RC1 (alpha), is now available! There are a lot of new features. Notably, Tomcat 8 will be the first Tomcat to support JSR 356, web sockets. This is the perfect compliment to Spring 4's recently announced web socket support.
    10. Mohan Srihari Kantipudi has put together a nice post on Spring's basic REST capabilities
    11. I liked Gregor Riegler's post on Spring Loaded, the best kept secret in open source. Spring Loaded is a Java agent that lets you reload code as you're working on it (no need to redeploy!). This is a very cool post and I hope you'll consider using Spring Loaded, too.

    Spring Boot – Simplifying Spring for Everyone

    Engineering | Phil Webb | August 06, 2013 | ...

    (This blog post was written jointly by Phil Webb and Dave Syer).

    We are pleased to announce the first milestone release of a new project called Spring Boot.

    Spring Boot aims to make it easy to create Spring-powered, production-grade applications and services with minimum fuss. It takes an opinionated view of the Spring platform so that new and existing users can quickly get to the bits they need. You can use it to create stand-alone Java applications that can be started using 'java -jar' or more traditional WAR deployments. We also provide a command line tool that runs 'spring scripts'.


    This Week in Spring - July 30, 2013

    Engineering | Josh Long | July 31, 2013 | ...

    Welcome back to another installment of This Week in Spring! As usual, we've got a lot to cover so let's get to it. Don't forget that SpringOne 2GX 2013 early bird expires August 9th, so hurry to secure the discounted rate!

    1. Spring framework committer Rossen Stoyanchev has a great post on Spring Framework 4.0 M2's support for WebSocket Messaging Architectures.
    2. Spring Shell lead Dr. Mark Pollack has announced that Spring Shell 1.0.1.M1 has just been released.
    3. Spring Batch 2.2.1.RELEASE is now available. This release is mostly bug fixes and documentation improvements.
    4. I don't know if you've been following along, but we're starting to really flesh out the SpringOne2GX 2013 schedule! I'm looking forward to both seeing, and presenting, at many different talks this year. One talk I'd like to see is Thymeleaf: improving your Spring view layer with natural templates. I expect this year will be a very exciting year for a number of reasons, and I hope you'll share the experience with us.
    5. We've added some more SpringOne talks recently:
    6. Our pal Tobias Flohre has put together a nice post comparing how the JSR 352 API compares to the Spring Batch. Spring Batch 3.0 will be fully JSR 352 API compliant this fall by SpringOne, but was the inspiration for the JSR in the first place -- Spring Batch 1.0 was released in 2008 and has been gathering steam ever since.
    7. Want to learn more about Spring Scala? Watch Spring Scala lead talk about it at ScalaDays New York.
    8. As I mentioned last week, you'd do well to also follow This Week in Cloud Foundry, which has a lot of great content following last week's large announcement of a partnership between Pivotal and IBM.
    9. The Reactor project lead by John Brisbin has just announced support for a @EnableReactor annotation for Spring Java configuration.
    10. ..Speaking of Thymeleaf (the open source, Spring MVC, HTML5 and Tiles-friendly view and templating engine), version 2.1 will have parameterizable fragments. Do you want to test them? Try the 2.1.0-SNAPSHOT version when specifying your Maven repository-compatible coordinates.
    11. Our friend Johnathan Mark Smith is at it again, this time with a video on using Spring Data MongoDB. Definitely worth a look.
    12. Check out a webinar next month taming coupling & cohesive problems with modularity and Spring with Param Rengaiah.

    Spring Framework 4.0 M2: WebSocket Messaging Architectures

    Engineering | Rossen Stoyanchev | July 24, 2013 | ...

    As I wrote previously, a WebSocket API is only the starting point for WebSocket-style messaging applications. Many practical challenges remain. As one Tomcat mailing list user mused recently:

    it does seem to me that websockets is still not really "production-ready", (I am not talking about the Tomcat implementation per se, but more generally) ... native websockets capability in IE is only available since IE-10 and that solutions which allow this to work in lower IE versions are a bit "iffy" (relying on a diversion through Adobe's FlashPlayer e.g.). (Most of our customers are largish corporations, which are not going to update their browsers, nor open special ports in their firewalls, just to please us).

    This Week in Spring - July 23, 2013

    Engineering | Josh Long | July 24, 2013 | ...

    Hey everyone! Remember that SpringOne 2GX 2013 early bird expires August 9th, so hurry to secure the discounted rate! Also, make sure to check the agenda as new sessions have been added. This week I'm at OSCON talking to developers in the wonderful city of Portland, OR about Spring 4, REST and joining my colleagues at Pivotal to talk about Cloud Foundry, big data, and much more! If you'd like to chat, I hope you'll come to the talks that we're putting on and visit us at the Pivotal booth in the exhibition hall! It's been a big week for both Spring and Pivotal:

    1. Pivotal HD 1.0, the world's fastest Hadoop distribution, was released in two flavors - Community Edition, and a Pivotal Single Node Edition (VM), a Virtual Machine download. Head over to gopivotal.com and give it a test drive - Community Edition deploys up to a 50 node cluster!
    2. We're celebrating Project Reactor's initial milestone release - 1.0.0M1 - which already benchmarked TCP on Netty at 300% faster than Netty alone! When integrated into key Spring technologies, the possibilities of Fast Data are going to blow people's hair back. Congrats to Jon Brisbin!
    3. Spring Data Arora Service Release 2 is available for download.
    4. Martin Lippert published an excellent blog on Annotations and Java Config support that are available in Spring Tool Suite 3.3.0. Support of JavaConfig as an XML alternative across the Spring ecosystem is nearing a pervasive level.
    5. Join Hemant Joshi as he introduces how to use Spring and the Cucumber BDD testing framework in a webinar on July 30th, 2013.
    6. Hadoop hungry? Join us for a Webinar series -- “What You Can Do with Hadoop” on the first Thursday of every month. The first webinar on August 1st, 2013 will provide in-depth details about the features and tutorials included in the Pivotal HD Single Node (VM).
    7. My buddy Andy Piper (@andypiper) puts together a wonderful roundup of Cloud Foundry called This Week in Cloud Foundry. I can't recommend it enough! He just started, and he's doing a heckuva job!
    8. The Zenika blog has a very nice post on how to document a REST API with Swagger, which you can transparently layer on top of your Spring MVC API.
    9. Matt Stine also has a great post on Spring, Continuous Integration and CloudFoundry.
    10. The JavaCode Geeks blog has a nice post on how to add validation to a REST API
    11. The Pivotal blog has a really great post on how Tomcat compares to Pivotal's tcServer, a binary-compatible distribution of Tomcat that we support and augment for deployment
    12. Also on the Pivotal blog, a fantastic post on how Spring Data GemFire (and GemFire) can really boost your application's performance!
    13. Xavier Padró's has a really nice introduction to messaging with Spring
    14. This week at OSCON, I found affixed to all the bulletin boards and on the entry-doors into the conference a notice advertising a hackathon being run by inBloom, which is a nonprofit data and content services company working to support school districts as they implement great personalized learning tools for kids, teachers, and parents. inBloom is sponsoring a 2-day hackathon at OSCON to work on their open source content services. Check out the projects and the code! I really enjoyed meeting these fine people and encourage any Spring ninjas out there to raise your hands and contribute!

    Reactor 1.0.0.M1 - a foundation for asynchronous fast-data applications on the JVM

    Engineering | Jon Brisbin | July 18, 2013 | ...

    I'm super excited to announce the first milestone release of Project Reactor! Project Reactor is a foundational framework for building asynchronous, FastData applications on the JVM. Some of the goodness in Reactor 1.0.0.M1 includes: reactive composition helpers Stream and Promise, a TcpServer and TcpClient, and Groovy and Spring support. Inspired by Reactive Extenstions, RxJava, the new JDK 8 Stream API (and Scala, and others...), these Composables make coordinating asynchronous tasks dead simple. They support traditional callback-style programming using Consumers, but they also offer a…

    JavaConfig support in the Spring Tool Suite

    Engineering | Martin Lippert | July 18, 2013 | ...

    Spring applications that use JavaConfig instead of XML become more and more popular. Today we would like to show you the new features in the latest Spring Tool Suite 3.3.0 release that makes it easier for you to program Spring applications using annotations and JavaConfig instead of XML.

    Project configuration

    Let's assume you implement a web application based on Spring and JavaConfig. A common practice would be to have a base @Configuration class where you define the common base Spring configuration in your application. That might look like this:


    This Week in Spring - July 15, 2013

    Engineering | Josh Long | July 16, 2013 | ...

    Welcome back to another installation of This Week in Spring. We've got a lot to cover, as usual, so let's get right to it! This week I'm at SenchaCon, talking to developers about building RESTful applications and clients, and then I'm off to OSCON next week, where I'll be hosting the Spring BOF, giving a talk on the latest and greatest in Spring 4, and helping to man the Pivotal booth. If you're at SenchaCon or OSCON, don't hesitate to ping me and we can talk Spring, Cloud Foundry, big-data, and more!

    1. SpringOne 2GX 2013 early bird expires soon, register now to secure the discounted rate!
    2. Spring Data ninja Thomas Risberg has announced that Spring For Apache Hadoop 1.0.1.RC1 has been released. The new release supports Hadoop 2.0 and Pivotal HD, among other things.
    3. Tool Suite ninja and lead Martin Lippert has announced that Spring Tool Suite And Groovy/Grails Tool Suite 3.3.0 have been released. Very nice!
    4. Gary Russell has announced that Spring AMQP 1.2.0 has been released. Check out the What's New for details.
    5. Join Mattias Severson & Johan Haleby and learn about Functional Programming without Lambdas on July 18, 2013
    6. Join Hemant Joshi as he introduces how to use Spring and the Cucumber BDD testing framework in a webinar on July 30th, 2013.
    7. Our friends at Skills Matter are throwing a Spring-centric conference (the Spring Exchange) in London on November 14 and November 15. There are some killer speakers, and I highly encourage you to make it, if you can.
    8. Are you using Spring Social in the wild? We want to hear about it!
    9. Spring Security lead and ninja Rob Winch has put together a very nice post on readability when using Spring Security Java configuration.
    10. A new "Quick Search" is included in Spring ToolSuite (STS) 3.3.0 and Groovy Grails Tool Suite (GGTS) 3.3.0 which have just been released. Kris De Volder, a senior developer on the Spring and Groovy and Grails Tool Suites, has just put together a nice post on this new feature.
    11. Our friend Johnathan Mark Smith is at it again! This time, he's written a post, How to use Fongo and nosql unit to test Spring Data project with MongoDB, JUnit, Log4J. Check it out!
    12. Wow! Amir Kibbar, at the HP Software Developer's blog, has put together a really comprehensive look at how to develop a service tier, build a web tier, and then test both. The first post on setting up a service tier, the second is an example of refining the service tier and testing it, the third post introduces how to setup a REST endpoint, and the fourth post talks about testing the REST service. Definitely worth a read (and a bookmark!) It's possible to do everything demonstrated in these posts using straight Java configuration, also…
    13. Igor Artamonov has a nice, abbreviated post on how to build a RESTful endpoint with Spring.
    14. Our friend at the Baeldung blog has put together a very nice post on how to use digest authentication with Spring Security.

    Get the Spring newsletter

    Thank you!

    Get ahead

    VMware offers training and certification to turbo-charge your progress.

    Learn more

    Get support

    Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

    Learn more

    Upcoming events

    Check out all the upcoming events in the Spring community.

    View all