The Spring Blog

Engineering
Releases
News and Events

SpringOne2GX 2015 replay: A How to Guide to Security in the PAAS Cloud

Recorded at SpringOne2GX 2015
Speaker: John Field, Shawn McKinney
Slides: http://www.slideshare.net/SpringCentral/a-how-to-guide-to-security-in-the-paas-cloud
Most developers still deal with application security issues in isolation, without understanding the security of the "“full stack”". As a result, security is sometimes inconsistent, and can be seen as a barrier to moving applications to the cloud. The session will examine the security of a typical Java Web application in an enterprise deployment. We will then look at what needs to change when that secure Java application is “forklifted” into Cloud Foundry. Finally, we will look at the benefits of adopting cloud native security protocols, such as OAuth2 and SAML2. The journey will cover 5 common application security architecture patterns taken from real world customer problems. We will compare how the security integration patterns differ between a standalone application and a cloud native application. From legacy enterprise identity management integration to security for microservices, this technical session includes practical, hands-on guidance to properly implementing authentication, authorization, and confidentiality controls using Spring and Cloud Foundry. We have all heard of the idea of the “Full Stack” developer — someone who can understand the application up and down the whole stack. The goal of this session is to describe the full security stack and show how it differs between standalone deployments and a PAAS deployment.

Read more...

SpringOne2GX 2015 replay: Securing Microservices with Spring Cloud Security

Recorded at SpringOne2GX 2015
Speaker: Will Tran
Slides: http://www.slideshare.net/SpringCentral/securing-microservices-with-spring-cloud-security-53170178
This talk will walk through the authentication and authorization scenarios that you may encounter once you start building out microservices. We’ll go over OAuth2, OpenID Connect, and how to leverage those standards with Spring Cloud Security, so you can build out secure services that can be easily consumed by both Spring and non-Spring clients.

Read more...

SpringOne2GX 2015 replay: Spring Boot Micro-services, Containers, and Kubernetes - How To

Recorded at SpringOne2GX 2015
Speaker: Ray Tsang, Google
Slides: https://speakerdeck.com/saturnism/2015-springone-2gx-java-based-microservices-and-kubernetes-how-to
Join this session to learn how to create a Java-based microservice using Spring Boot, containerize it using Maven plugins, and subsequently deploy a fleet of microservices and dependent components such as Redis using Kubernetes. Spring Boot makes creating microservices fast and easy - when it comes to running a single instance. Like most Java application, the harder part is usually the clustering and fail-over configurations. First, we’ll go over how get started with Spring Boot, and, subsequently, using Maven plugins to generate and create Docker images during the build process. Next, we’ll go over some basic architecture and configurations, such as: - Configuring Spring Session - Using Redis as the session store - Testing the configuration locally with container linking - Tips and tricks for faster startup (/dev/./urandom is your friend) Finally, with the images, we’ll deploy the microservice into Kubernetes: - Defining pods and services - Linking microservices to Redis using Kubernetes - Perform rolling upgrades of the application - Canary new versions of the microservices into the fleet Best part - we can visualize all of these activities happening in Kubernetes.

Read more...

SpringOne2GX 2015 replay: Spring Boot for DevOps

Recorded at SpringOne2GX 2015
Speaker: Nicholas Frankel
Slides: http://www.slideshare.net/SpringCentral/spring-boot-for-devops
Spring Boot is a product from Spring, that provides many configuration defaults for a new Spring project, so that one can set up a project in minutes. However, this is only one of the many features of Spring Boot. One of its module also provides many important Non-Functional Requirements out-of-the-box: monitoring, metrics, exposing those over HTTP, etc. In this presentation, I’ll demo some of those, that will make DevOps more than a little happy.
Comments: DevOps that don’t know about Spring Boot should. Out-of-the-box features are priceless and include metrics, healthchecks, hearbeat and more.

Read more...

SpringOne2GX 2015 replay: 12 Factor, or Cloud Native Apps for Spring Developers

Recorded at SpringOne2GX 2015
Speaker: Cornelia Davis
Slides: http://www.slideshare.net/SpringCentral/12-factor-cloud-native-apps-for-spring-developers
The third platform, characterized by a fluid infrastructure where virtualized servers come into and out of existence, and workloads are constantly being moved about and scaled up and down to meet variable demand, calls for new design patterns, processes and even culture. One of the most well known descriptions of these new paradigms is the Twelve Factor App (12factor.net), which describes elements of cloud native applications. Many of these needs are squarely met through the Spring Framework, others require support from other systems. In this session we will examine each of the twelve factors and present how Spring, and platforms such as Cloud Foundry satisfy them, and in some cases we’ll even suggest that responsibility should shift from Spring to platforms. At the conclusion you will understand what is needed for cloud-native applications, why and how to deliver on those requirements.

Read more...

SpringOne2GX 2015 replay: Lattice: A Cloud-Native Platform for Your Spring Applications

Recorded at SpringOne2GX 2015
Speaker: Matt Stine
Slides: http://www.slideshare.net/SpringCentral/lattice-a-cloud-native-platform-for-your-spring-applications
Lattice is a cloud-native application platform that enables you to run your applications in containers like Docker, on your local machine via Vagrant. Lattice includes features like:
Cluster scheduling
HTTP load balancing
Log aggregation
Health management
Lattice does this by packaging a subset of the components found in the Cloud Foundry elastic runtime. The result is an open, single-tenant environment suitable for rapid application development, similar to Kubernetes and Mesos Applications developed using Lattice should migrate unchanged to full Cloud Foundry deployments.

Read more...

SpringOne2GX 2015 replay: Getting Started with Spring Cloud

Recorded at SpringOne2GX 2015.

Speakers: Dr. Dave Syer, Josh Long

Slides: http://www.slideshare.net/SpringCentral/getting-started-with-spring-cloud

Spring Cloud 1.0 is here! It offers a powerful way to create and consume microservices. As you introduce new services, you introduce integration problems: services can be shaky, they can disappear and - as they’re often exposed over HTTP - they require a bit more footwork than in-process method invocations. In this webinar, we’ll focus specifically on how Spring Cloud integrates service registration (e.g. Eureka), declarative REST clients (with Netflix’s Feign), reactive programming and the circuit breaker pattern with Hystrix to support easy, robust service-to-service invocations, and messaging microservices with Spring Cloud Stream. This is a deep dive on how to make connect and consume microservices, and is a natural next step after the introduction to building microservices with Spring Boot.

Read more...

SpringOne2GX 2015 replay: Modern Frontend Engineering

Recorded at SpringOne2GX 2015.

Speakers: Dustin Whittle, AppDynamics

Slides: http://www.slideshare.net/SpringCentral/modern-frontend-engineering

The web has evolved tremendously in the last decade. In this talk we will dive into the latest tools and techniques that make for a modern foundation for frontend engineering. We will start with bootstrapping with Yeoman, move into managing dependencies with bower, and finally how to automate best practices with Grunt and Gulp. We will discuss the pros and cons of modern ui toolkits like Zurb, Bootstrap, and SemanticUI and modern javascript frameworks like React, Angular, and Ember. We will highlight the latest in css frameworks, javascript frameworks, and why you should choose the right toolset for complex app or a single page app. When you leave this session you will be prepared to launch a modern web application in 2015.

Read more...

SpringOne2GX 2015 replay: Building and Tuning High Performance Java Platforms

Recorded at SpringOne2GX 2015.

Speakers: Emad Benjamin, VMWare

Slides: http://www.slideshare.net/SpringCentral/building-and-tuning-high-performance-java-platforms

In a world of the cloud, virtualization, containerization, microservices and nanoservices we talk about scaling up, scaling out, and decoupling our systems, but typically miss scaling down to an embedded platform.
At the same time that we have moved away from heavy monolithic web containers, we’ve seen a rise of powerful low cost embedded Linux devices such as the RaspberryPi.

Read more...

SpringOne2GX 2015 replay: Bringing javax.cache'ing to your application

Recorded at SpringOne2GX 2015.

Speakers: Alex Snaps, Chris Dennis - Terracotta / Software AG

Slides: http://www.slideshare.net/SpringCentral/bringing-javaxcacheing-to-your-app

10 years in the making and finally JSR-107 has been finalized. We now have a standardized Caching API for the Java Platform. And that’s all ready for you to use in your Spring apps. But what does it really enable for you? What’s with these optional features? No transaction support? How do you efficiently make use of this new API to solve real world problems in your application today? We’ll look into how get you best started introducing caching into your Spring application to solve real world problems. And, as we explore the javax.cache API in much more details, we’ll see how to push the specifications to its limits and… beyond. Whether implicitly through frameworks (like Spring and Hibernate), or explicitly (cache-aside, cache-through, …). And how to abstract yourself from a given provider when you require more than what the specifications cover (e.g. transactional caches). We’ll also cover some implementer specifics you might want to account for when choosing an implementation, especially if you plan to push the spec to the extreme, like when going distributed and caching terabytes of data.

Read more...