Spring Security Java Config Preview: Web Security

Engineering | Rob Winch | July 03, 2013 | ...

Update

Users should refer to the Spring Security Reference which contains more up to date information.

Original Blog Post

In my previous post, I introduced Spring Security Java configuration and discussed some of the logistics of the project. In this post, we will start off by walking through a very simple web security configuration. We will then spice things up a bit with configuration that has been customized some.

Hello Web Security

In this section we go through the most basic configuration for web based security. It can be broken into four steps:

This Week in Spring - July 2nd, 2013

Engineering | Josh Long | July 03, 2013 | ...

Welcome to another installment of This Week in Spring! As usual, we've got a lot to cover so let's get to it!

  1. Spring and Cloud Foundry ninja Jennifer Hickey has announced the availability of Spring Data Redis 1.1 M1 and 1.0.5. Check it out!
  2. Spring Security lead (and ninja) Rob Winch has announced the initial availability of the Spring Security Java configuration support. Rob also just posted a very nice post (the first of four) on the new Spring Security Java configuration support. The first post addresses where you can find the new Spring Security Java configuration support.
  3. Join us on July 18th for the webinar, "Functional Programming without Lambas" which introduces ways to use functional programing in Java right now (instead of waiting for Java 8!) using Guava, LambaJ, and Functional Java.
  4. Corby Page has written a very nice post on ways to extend your REST APIs ability with his project, Yoga. In particular, it supports something called a selector which can be used to extract sub-views of the REST response to be sent back to the client. This can also be used to support what Lez Hazelwood aptly describes as entity expansions.
  5. The Crunchify blog has a nice post on how to upload multiple files with Spring MVC.
  6. SpringSource has added a new Live Online Core Spring class to the schedule for September .
  7. The Spring LDAP project has gone social and moved to GitHub!
  8. Our pal XueFeng Ding (who you may remember helped put together the blog "Spring at China Scala") has just recently given a very nice presentation on building REST APIs with Spring. I think his deck's pretty cool, so check it out!
  9. Sergey Shcherbakov recently gave a nice talk introducing a whole slew of cool things. I think his sample code is particularly worth a look. The code features Spring 4 WebSockets, XML-less Spring Batch, Reactor and AngularJS examples. Nice job, Sergey!
  10. Johnathan Mark Smith has put together a nice blog on how to use Spring Data with MongoDB. Nice job!
  11. Nicolas Frankel has put together a very nice post on some of the compelling features in Spring 3.2. Nice job, Nicolas!
  12. Nick Williams submitted a pull-request to support using Java configuration with Spring WS's MessageDispatcherServlet so that it can be configured within a ServletContextListener or a ServletContainerInitializer. Nice job, Nick!
  13. This is not specific to Spring, or Spring Batch, per-se, but the Technology AMIS blog has an interesting look at how to use the Batch JSR (which is based on Spring Batch, and designed in cooperation with the Spring Batch team) to build a download manager. (Don't worry, you don't have to use GlassFish to work with the Batch JSR!) Pretty cool! If you know Spring Batch, then a lot of this will look familiar and, as Spring Batch will also implement the JSR, should prove a very nice on-ramp for anyone who wants to use Spring Batch in the future.

Spring Security Java Config Preview: Introduction

Engineering | Rob Winch | July 02, 2013 | ...

Yesterday I announced the release of Spring Security Java Configuration support and the release of Spring Security 3.2.0.M2 which contains Java Configuration support.

Spring Security's Java Configuration support is intended to provide a complete replacement of the XML namespace configuration. It is also designed to be extensible, so that Spring Security's extension projects can work nicely with the Java Configuration support.

In this first post of a five part Spring Security Java Configuration blog series, I discuss the logistics of the Spring Security Java Configuration project.

[callout title="Required Versions"]Regardless of how you decide to integrate with Spring Security, it is important to ensure you are using Spring 3.2.3.RELEASE+ to ensure that you avoid SPR-10546.[/callout]

Availability

Before we get started, I'd like to talk about the two modules that Spring Security's Java Configuration can be found.

Availability in Spring Security 3.2.0.M2+

Spring Security Java Configuration has been copied into the Spring Security 3.2.0.M2+ code base. This means if you are using Spring Security 3.2.0.M2+ you should ensure to have the spring-security-config jar on your classpath. For example, you might have the following…

This Week in Spring - June 25, 2013

Engineering | Josh Long | June 25, 2013 | ...

Welcome back to another installment of This Week in Spring. As usual, we've got a lot to cover. In particular, you'll note that this week's roundup features a lot of great Spring Batch content. So, let's get to it -- and don't forget the SpringOne2GX early bird rate ends Aug 9th!

  1. I did a webinar introducing how to build REST APIs with Spring's rich REST stack a few weeks ago, and I'm happy to report that the talk - which introduces Spring MVC, Spring HATEOAS, Spring REST Shell, Spring Data REST, Spring Security OAuth and Spring Social in terms of a simple sample application that we refine - is now available on the SpringSourceDev YouTube Channel. As I mentioned last week, the slides are available on my SlideShare.net page and the code is available on my GitHub page. Enjoy, and don't hesitate to feedback/ask questions at josh(dot)long(at)SpringSource(dot)com!
  2. InfoQ has a great post introducing JSR 352, the Java Batch specification. If you're a Spring Batch user, then a lot of this will look very familiar! I think this is a particularly nice JSR, and encourage you to check it out. Spring
  3. Chris Schaefer has put together a brilliant Spring Batch refcard for DZone which went up yesterday, head over to DZone for the free download.
  4. Craig Walls has announced that Spring Social Facebook 1.0.3 is now available. The new release addresses breaking changes in the upcoming Facebook API revision.
  5. Gary Russell has announced that Spring AMQP 1.2.0 release candidate is now available. The new release features many improvements and bug fixes.
  6. Johnathan Mark Smith is back at it again, with a blog on RESTTemplate To Post Data to a Web Service. Nice work Jonathan!
  7. This week SpringSource is offering a four-day Groovy & Grails class in San Francisco, check it out here
  8. Our pal Tobias Flohre is back with the 4th installment of his series introducing Java configuration with Spring Batch.
  9. Leleu Jérôme has released a Spring Security Pac4J client. It has OAuth with providers, OpenID, CAS, and HTTP.
  10. Are you a Spring Champion? Enter to win a free SpringOne2GX 2013 pass!
  11. Vamsi Kancharla put together a nice sample project with Spring MVC, bean-validation, error handling (using @ControllerAdvice), protection against XSS and input form attacks, and a lot more. Check it out!
  12. Kim Saabye Pedersen put together a nice post reinforcing some useful (and hopefully well-understood!) principles of singletons in Spring.
  13. Hantsy Bai has put together a very nice post explaining how to create a Spring project from the Spring Tool Suite.

This Week in Spring - June 18, 2013

Engineering | Josh Long | June 18, 2013 | ...

Welcome back to another installation of This Week in Spring! What a week! We're fast approaching the final stretch of the journey to SpringOne2GX 2013 and preparations are underway at full tilt. This year's going to be memorable. I wish I could tell you more, but trust me when I say you need to be at this show this year! :)

Anyway, let's get on with the roundup!

  1. Mark Pollack has announced the release of Spring XD 1.0 milestone 1. Spring XD is a unified, distributed, and extensible system for data ingestion, real time analytics, batch processing, and data export. The project’s goal is to simplify the development of big data applications.
  2. Join Tony Erksine from Liberty University on June 27th as he instructs us How to talk Spring and Influence People, a pragmatic lesson on soft skills and technology adoption strategies needed to help get other people in your company excited about and using, new technology -- in this case, with Spring.
  3. Want a pass to SpringOne 2GX 2013? If you're a Spring champion, show off your stuff on our champions forum and follow these instructions by June 21, 2013. You might be one of our 5 lucky winners! (If you're a Groovy & Grails or Cloud Foundry champion, never fear, we will be rolling out future contests for you!)
  4. Head over to gopivotal.com for the next blog in the Hadoop 101 series -- How to Use Spring Batch with Spring for Apache Hadoop.
  5. We're excited to launch A Week of Spring in conjunction with Manning Publications. Check out this post for more information on great discounts for titles covering SpringSource technologies! Every day we're posting a new 50% discount code for two books.
  6. Our pal Tobias Fiohre is back at it again, this time with not one, not two, but three posts on Java configuration support for Spring Batch, just released in the latest Spring Batch 2.2.0.RELEASE of Spring Batch. The first post looks at how Spring Batch's Java configuration support compares with the XML equivalents. The second post looks at the Spring Batch StepScope, which lets you configure jobs with parameters provided at runtime (as opposed to design-time. The third post looks at how to use the new configuration style with Spring's environment profiles feature.
  7. Johnathan Mark Smith has put together a post on how use Spring MVC and Spring MVC Test
  8. Xavier Padró's has put together a nice post that introduces Spring's core Aspect-Oriented Programming support.
  9. The video replay of the webinar from the Broadleaf Commerce project on their migration from GWT to Spring MVC is now online at our SpringSourceDev YouTube channel.
  10. This isn't strictly Spring-related, but I felt it worth mentioning: Java 9 is slated to drop support for compiling Java 1.4-or-older source code. Java 8 is approaching (finally!), and Spring 4 will offer first class support for Java 8 lambas. Java 6 is EOL as of February 2013, so if you're not already on Java 7, consider just making the jump to Java 8 when it drops early next year. If you're migrating right now, definitely consider looking at Java 7 at a minimum. Spring, of course, works well with older JDK versions, but we often provide functionality specific to newer language releases if they're available. For example, we debuted annotations (like @Transactional) when Java 5 made it feasible, as an addition to our then primary support for commons annotations, even while we supported Java 1.3 and 1.4. Java 8 is no different.
  11. I did a webinar last week on building REST APIs with Spring. The webinar video will be up soon on our SpringSource Developer YouTube channel. For the many who've asked, the code is available on my GitHub account, and the slides are available on my SlideShare account. Check them out!
  12. Petri Kainulainen has put together a really detailed, easily-read post on how to plugin a property from a property file when configuring the @Scheduled annotation's CRON expression

Spring XD 1.0 Milestone 1 Released

Engineering | Mark Pollack | June 12, 2013 | ...

Today we are pleased to announce the 1.0 M1 release of Spring XD  (download).Spring XD is a unified, distributed, and extensible system for data ingestion, real time analytics, batch processing, and data export.  The project’s goal is to simplify the development of big data applications.

From the 10,000 foot view, big data applications share many characteristics with Enterprise Integration and Batch applications.  Spring has provided proven solutions for building integration and batch applications for more than 6 years now via the Spring Integration and Spring Batch projects.  Spring XD builds upon this foundation and provides a lightweight runtime environment that is easily configured and assembled via a simple DSL.

In this blog we will introduce the key components of Spring XD, namely Streams, Jobs, Taps, Analytics and the DSL used to declare them, as well as the runtime architecture.  Many more details can be found in the XD Guide.

Streams

A Stream defines how data is collected, processed and stored or forwarded.  For example, a stream may collect syslog data, filter it, and store it in HDFS.  Spring XD provides a DSL to define a stream.  The DSL allows you to start simple using a UNIX pipes-and-filters syntax to build a linear processing flow but lets you also describe more complex flows using an extended syntax.

Sources and Sinks

A simple linear stream consists of the sequence: Input Source, (optional) Processing Steps, and an Output Sink.  As a simple example consider the collection of data from a HTTP Source writing to a File Sink. The DSL to describe this stream is
http | file

You tell Spring XD to create a stream by making a HTTP request to the XD Admin Server which runs on port 8080 by default.  In the M2 release we will provide an interactive shell to communicate with XD, but for M1 the easiest way is to interact with XD is using ‘curl’.

curl -d "http | file" http://localhost:8080/streams/httptest

The name of the stream is httptest, the default HTTP port to listen on is 9000, and the default file location is /tmp/xd/output/${streamname}.

If you post some data on port 9000 with curl
curl -d "hello world" http://localhost:9000

You will see the string hello world inside the file /tmp/xd/output/httptest

To change the default values, you can pass in option arguments

http --port=9090 | file --dir=/var/streams --name=data.txt

The supported sources in M1 are file, time, HTTP, Tail, Twitter Search, Gemfire (Continuous Queries), Gemfire (Cache Event), Syslog and TCP.  The supported sinks are Log, File, HDFS…

This Week in Spring - June 11, 2013

Engineering | Josh Long | June 11, 2013 | ...

Hey guys, welcome to another installment of This Week in Spring! This week I'm in New York City, New York, talking to developers at the NYC Java Meetup and at ScalaDays about Spring. We've got a lot of webinars this month, so be sure to check out the details below!

  1. Want a pass to SpringOne 2GX 2013? If you're a Spring champion, show off your stuff on our champions forum and follow these instructions by June 21, 2013. You might be one of our 5 lucky winners! (If you're a Groovy & Grails or Cloud Foundry champion, never fear, we will be rolling out future contests for you!)
  2. Oliver Gierke has announced Spring Data Babbage, the first milestone of the next Spring Data release train. This release includes a lot of new features, so be sure to check out the release note!
  3. Spring Batch 2.2.0 is now available! This is a major release that supports Spring Data, Java Configuration, AMQP, and SQLFire in addition to a number of other features. Spring Batch and our participation in the expert group has heavily informed the JSR-352 specification that recently has been finalized.
  4. Spring Tool Suite and Groovy / Grails Toool Suite 3.3.0 M2 has been released, based on Eclipse Kepler 4.3. This milestone release improves Java Configuration support and is Spring Framework 4 ready.
  5. Craig Walls has announced that Spring Social Twitter 1.0.5 and Spring Social 1.0.3 have been released! The new release fixes a few bugs and is being made available in anticipation of the deprecation of the 1.0 version of the Twitter API.
  6. Gary Russell has also announced the Spring Integration 2.2.4 and 2.1.6 maintenance releases, to incorporate the Spring Social Twitter updates mentioned above.
  7. I'll be doing a webinar on Thursday on RESTful service design with Spring. As usual, there will be two sessions - one at 3PM GMT and one at 10:00AM PST - to accommodate as many timezones as possible. The webinar will introduce Spring's stack for building RESTful services. We'll start with a simple API, then advance the API, introducing Hypermedia controls with Spring HATEOAS, introducing conventions-oriented repository-based APIs with Spring Data REST, security with Spring Security OAuth and Spring Social and addressing common cases like file uploads, exception handling, record paging, and Ajax. I look forward to seeing you there!
  8. Don't miss Jon Brisbin on June 18th, 2013 as he introduces Introducing Reactor - A framework for asynchronous applications on the JVM. Reactor provides a foundational framework for applications that need high throughput when performing reasonably small chunks of stateless, asynchronous processing.
  9. Join Tony Erksine from Liberty University on June 27th as he instructs us How to talk Spring and Influence People, a pragmatic lesson on soft skills and technology adoption strategies needed to help get other developers in your company excited about,a nd using, new technology -- in this case, with Spring.
  10. I gave a talk on the latest at the amazing DevNexus conference in March on Spring 3.1, 3.2, and 4.0 in March, and that talk is now available online on InfoQ. Do check out the talk, but also be sure to check out the more up-to-date version of that deck from my talk at JAXConf available on my SlideShare account.
  11. Head over to the Pivotal Blog for a short primer on Hadoop programming, which walks you through a simple word count program. The example looks at the canonical word-count problem and then looks at other solutions in the ecosystem like Pig, Hive and Cascading. The next blog in the series will introduce Spring for Apache Hadoop for a beginning audience, providing a unified, consistent alternative to the four different methods discussed in this blog post.
  12. In related news, if you're in the New York City area, join me Wednesday evening where I'm giving the same talk at the 10gen offices for the NYCJava meetup. Thanks again go to 10gen, the company behind MongoDB, for hosting the meetup.
  13. The JavaBeat blog has a nice post on how to use Spring's robust multipart file upload support. Spring's support abstracts away common APIs for file uploads - including the commons-fileupload API and the Servlet 3 API - and lets you use those APIs for HTTP miltipart-encoded file uploads, typically in web applications or REST services. Definitely worth a read, check it out!
  14. Idan Fridman put together a rundown on some of the common types of components in Spring Integration, including splitters, transformers, aggregators, and more.
  15. For those of you who are looking to take your Spring skills to a new level of expertise, SpringSource has just released the Professional Spring Training Schedule for July 2013
  16. The Spring tutorials blog has a great post introduce Spring's @Async and @Scheduled annotations.

First milestone of Spring Data release train Babbage arrived

Engineering | Oliver Drotbohm | June 10, 2013 | ...

I am pleased to announce the first service milestone release for the Spring Data release train named Babbage. It includes the following modules:

The first milestone includes quite a few new features as well as all the bug fixes already released in the service release for Arora.

A quick tour through the release

Most of the changes of this release have made it into Spring Data Commons to build a solid foundation for the next generation of Spring Data projects and make sure that foundation matures fastly. The other modules released in this train station have been adapted to these changes and thus benefit from them as well.

We've upgraded to Querydsl 3.x APIs to accomodate the changes introduced in their major release. The repositories abstraction has added support for ordering ignoring case as well as count…By…(…) projection for derived queries…

This Week in Spring - June 4, 2013

Engineering | Josh Long | June 04, 2013 | ...

Welcome to another installment of This Week in Spring. The SpringOne2GX super early bird registration discount expires on June 10th, 2013, so make your arrangements now to secure the discount. Also, we've got three webinars coming up this month, check out the details below. As usual, we've got a lot to cover, so let's get to it!

  1. I'll be doing a webinar on building effective REST APIs with Spring on June 13th. I'll be introducing Spring's deep support for REST services, starting with Spring MVC and moving up the Richardson Maturity Model to incorporate Spring HATEOAS and, ultimately, Spring Data REST. Along the way we'll look at the REST shell, and other concerns like security through OAuth.
  2. Join Jon Brisbin as he introduces Reactor in a webinar on June 18th. Reactor provides a foundational framework for applications that need high throughput when performing reasonably small chunks of stateless, asynchronous processing.
  3. Join Tony Erksine from Liberty University on June 27th as he instructs us How to talk Spring and Influence People, a pragmatic lesson on soft skills and technology adoption strategies needed to help get other developers in your company excited about,a nd using, new technology -- in this case, with Spring.
  4. If you're in the bay area, be sure to check out JAXConf happening right now in Santa Clara. Admission is free and there are some great speakers there. I will be speaking there tomorrow on Spring 4, and Multi Client Development with Spring, so feel free to drop by if you'd like to talk Spring, Cloud Foundry and big-data.
  5. You probably saw Paul Chapman's awesome posts introducing Spring MVC's support for content negotiation last month and this month he's back with a post on content negotiation using Spring MVC views. Be sure to check both of them out, as they provide solid foundations for dealing with content negotiation in the ever increasing paradigm of REST.
  6. Our friend Petri Kainulainen continues his look at Spring Data SOLR and explains how to add custom repository methods to the implementations above and beyond what Spring Data already provides out of the box. This example is in the context of Spring Data SOLR but the approach is generic and works for all the repository implementations.
  7. RabbitMQ ninja Alvaro Videla has done an amazing job introducing RabbitMQ's power in the latest edition of Developer Magazine.
  8. Every now and then I run into old but cool content, like this project demonstrating how to build a Spring MVC application with Scala. As you might imagine, there's not much difference between Scala and Java, but this is nonetheless an interesting example. Check it out.
  9. I've been knee deep in REST, in preparation for my upcoming webinar, and I stumbled upon a great, albeit older, post by Apache Shiro PMC member and REST-ninja Lez Hazelwood on providing good client feedback on errors with REST in Spring MVC.
  10. Spring HATEOAS lead and Spring Data ninja Oliver Gierke did an amazing talk introducing Spring HATEOAS at Oredev last year and it's available online. Definitely be sure to check it out!
  11. Our pal Nicolas Fränkel is back, this time with a short rant on how to approach modularity in Spring configuration.
  12. JavaBeat has a nice post on how to handle themes in Spring MVC.
  13. The BitwiseOR blog has a nice post on how to setup a simple, working Spring MVC application.
  14. Alexey Zvolinskiy put together a nice, complete-with-code, post on how to use Spring Data JPA to build an application.
  15. David, from The small world for Yiyi blog, has put together a nice post on using PDF, XML and JSON from Spring MVC.
  16. Our pal Johnathan Mark Smith is back, this time with another video introducing how to use Spring's Java configuration

Content Negotiation using Views

Engineering | Paul Chapman | June 03, 2013 | ...

In my previous post I introduced the concept of content negotiation and the three strategies Spring MVC uses to determine the content requested.

In this post I want to extend the concept specifically to supporting multiple views for different content-types using the ContentNegotiatingViewResolver (or CNVR).

Quick Overview

Since we already know how to setup content-negotiation from the previous post, using it to select between multiple views is very straightforward. Simply define a CNVR like this:


    <!--
      // View resolver that delegates to other view resolvers based on the
      // content type…

Get the Spring newsletter

Thank you!

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all