Spring IO Platform 2.0.0.RC1

Releases | Andy Wilkinson | October 29, 2015 | ...

Spring IO Platform 2.0.0.RC1 is available now from the Spring milestone repository. The 2.0 release upgrades the versions of a number of components including Spring Boot 1.3 and Spring Framework 4.2.

Please note that a number of dependencies that were previously part of the Platform have been removed or replaced in this release. Please refer to the documentation for further details.

All being well, 2.0.0.RELEASE will be released in a few weeks time once Spring Boot 1.3.0.RELEASE is available. Please take RC1 for a spin and let us know if you find any problems.

Project Page | GitHub | Issues |

React.js and Spring Data REST: Part 5 - Security

Engineering | Greg L. Turnquist | October 28, 2015 | ...
To see updates to this code, visit our React.js and Spring Data REST tutorial.

In the previous session, you made the app dynamically response to updates from other users via Spring Data REST’s built in event handlers and the Spring Framework’s WebSocket support. But no application is complete without securing the whole thing so that only proper users have access to the UI and the resources behind it.

Feel free to grab the code from this repository and follow along. This session is based on the previous session’s app with extra things added.

Adding Spring Security to the project

Before getting underway, you need to add a couple dependencies to your project’s pom.xml file:


This bring in Spring Boot’s Spring Security starter as well as some extra Thymeleaf tags to do security look ups in the web page.

Defining the security model

In the past session, you have worked with a nice payroll system. It’s handy to declare things on the backend and let Spring Data REST do the heavy lifting. The next step is to model a system where security controls need to be instituted.

If this is a payroll system, then only managers would be accessing it. So kick things off by modeling a Manager object:

@ToString(exclude = "password")
public class Manager {
public static final PasswordEncoder PASSWORD_ENCODER = new BCryptPasswordEncoder();

private @Id @GeneratedValue Long id;

private String name;

private @JsonIgnore String password;

private String[] roles;

public void setPassword(String password) {
	this.password = PASSWORD_ENCODER.encode(password);

protected Manager() {}

public Manager(String name, String password, String... roles) {

	this.name = name;
	this.roles = roles;


  • PASSWORD_ENCODER is the means to encrypt new passwords or to take password inputs and encrypt them before comparison.
  • id, name, password, and roles define the parameters needed to restrict access.
  • The customized setPassword() ensures that passwords are never stored in the clear.

There is a key thing to keep in mind when designing your security layer. Secure the right bits of data (like passwords) and do NOT let them get printed to console, into logs, or exported via JSON serialization.

  • @ToString(exclude = "password") ensures that the Lombok-generated toString() method will NOT print out the password.
  • @JsonIgnore applied to the password field protects from Jackson serializing this field.

Creating a manager’s repository

Spring Data is so good at managing entities. Why not create a repository to handle these managers?

@RepositoryRestResource(exported = false)
public interface ManagerRepository extends Repository<Manager, Long> {
Manager save(Manager manager);

Manager findByName(String name);


Instead of extending the usual CrudRepository, you don’t need so many methods. Instead, you need to save data (which is also used for updates) and you need to look up existing users. Hence, you can use Spring Data Common’s minimal Repository marker interface. It comes with no predefined operations.

Spring Data REST, by default, will export any repository it finds. You do NOT want this repository exposed for REST operations! Apply the @RepositoryRestResource(exported = false) annotation to block it from export. This prevents the repository from being served up as well as any metadata.

Linking employees with their managers

The last bit of modeling security is to associate employees with a manager. In this domain, an employee can have one manager while a manager can have multiple employees:

public class Employee {
private @Id @GeneratedValue Long id…

This Week in Spring (JavaOne 2015 Edition) - October 27, 2015

Engineering | Josh Long | October 27, 2015 | ...

Welcome to another installation of This Week in Spring! This week I'm at JavaOne 2015 in San Francisco along with the rest of the Pivotal team. This week the Pivotal Spring team is out in full force, come stop by and say hi!

There are some great new SpringOne2GX 2015 recordings on line as well as some great community content this week so let's get to it!

Spring Integration Maintenance Releases Available

Releases | Gary Russell | October 27, 2015 | ...

We are pleased to announce the following release versions are now available. These versions include important bug fixes and users should upgrade as soon as possible. Click the version to see the appropriate JIRA release notes.


Please note that, unless some compelling reason arises, it is anticipated that the 4.1.7 and 4.0.8 releases will be the last in those lines; 4.x users are encouraged to upgrade to 4.2.1, which is the current release for the 4.x line.

We expect to continue to make available further 3.0.x releases to address…

SpringOne2GX 2015 replay: Developer Experience with Spring Cloud

News | Pieter Humphrey | October 22, 2015 | ...

Recorded at SpringOne2GX 2015.

Speakers: Dr. Dave Syer, Spencer Gibb

Slides: http://www.slideshare.net/SpringCentral/developer-experience-with-spring-cloud

So you've decided to go cloud native. You've got a number of microservices that your company builds and runs. They interact with each other in various ways. You've got testing and staging and production environments that may have taken a lot of effort to get right. How does an individual developer work on just one of those services without stomping on other developers using a shared environment? In this session we will explore a range of options for development, starting with deploying everything locally, through stubbing, to local development solution that allows a developer to run their service in their IDE and have the whole system interact on their local machine!

The Spring Boot Dashboard in STS - Part 3: Spring Boot Devtools reloaded

Engineering | Martin Lippert | October 22, 2015 | ...

Welcome back Spring community,

to this final part of our series about the new Spring Boot Dashboard in the Spring Tool Suite. In this final part we will take a deeper look at using the Spring Boot Devtools in combination with the boot dashboard. Again, this feature is new with Spring Boot 1.3, so you need to be on that version in order to use the following features.

Quickly deploy code changes

For local apps, using the Spring Boot Devtools is extremely easy and straightforward. As soon as you add the Spring Boot Devtools to your project as a dependency (there is an easy menu option for that in the Spring category of your context menu) and start your app, it will listen for local changes to configuration and class files and kick a restart of the app for you automatically. You don’t even need to restart the app yourself, the Spring Boot Devtools will do that for you automatically. Since STS/Eclipse produces and updates class files whenever you save a file, all this happens automatically for you when working within STS.

This story gets more interesting if you run your Spring Boot apps on a remote runtime like Cloud Foundry. In principle, you can use the Spring Boot Devtools in such a remote setting as well, but it requires a bit more work. The good news is that the Spring Boot Dashboard helps you with that.

As soon as you deploy or restart (and therefore update) a Spring Boot app on Cloud Foundry (using the boot dashboard) that has the Spring Boot Devtools on its classpath, the boot dashboard will configure the boot app on CF for the remote usage of the devtools automatically. This includes primarily the setting of a remote secret - to allow remote devtools access to it.

Once the devtools-enabled boot app is running on Cloud Foundry, you can easily start the boot devtools remote client application for it. This client application runs locally on your machine and connects to the remote application on Cloud Foundry. It watches for file changes, uploads them to the app on Cloud Foundry and triggers a restart of the app on Cloud Foundry.

Since the remote client app will watch for file changes within the project on your local machine, you can continue to work within your IDE as usual. Changed files are automatically updated to the Cloud Foundry version of the app by the remote client app. The counterpart on Cloud Foundry will restart the boot app once those changed files are stored to the app on Cloud Foundry. This works for newly compiled source code as well as for changed resource files.

This allows you to achieve quick turnaround cycles when working on your project even if it is deployed to a remote cloud runtime.

Debugging in the cloud

In addition to the automatic restart feature, the Spring Boot Devtools also enable full debugging of remote apps on a cloud runtime. This is supported by the Spring Boot Dashboard in STS, too. If you have the Spring Boot Devtools on the classpath of your application, you can press the (re)debug button for the Cloud Foundry instance of the app. This will restart the app on Cloud Foundry in debug mode, automatically start the corresponding remote client app on your machine, and hook up the Eclipse debugger to it.

You can debug the application that is running on the cloud runtime in the same way as local applications, including setting breakpoints, inspecting variables, or even hot-swapping code. However, the automatic restart feature is not available for apps running in debug mode (due to technical limitations of the boot devtools at the moment).

If you try the remote debugging of apps on Cloud Foundry, you will notice a significant slowdown in debugging. This is caused by the tunneling of the remote debug protocol of the JVM through a HTTP connection, something the remote debug protocol is not designed for. We are working on improving this by using a different transport mechanism. But the remote debugging of the app on Cloud Foundry should be something you rarely do. For more frequent debugging you might want to consider running and debugging the app locally and connecting it up with the rest of your application services via the ngrok tunneling feature that we described in the previous part of this blog series.


This concludes the blog series on the Spring Boot Dashboard, a new feature in the Spring Tool Suite since its 3.7.1 release. Let us know about your experiences using the dashboard.

This Week in Spring ( SpringOne2GX replay / Pieter Humphrey edition!) - October 21, 2015

Engineering | Josh Long | October 21, 2015 | ...

Welcome to another installation of This Week in Spring! This week is the first week (of many) where the crazy awesome [https://twitter.com/pieterhumphrey](Pieter Humphrey) has released scores of SpringOne2GX 2015 videos for our binge watching enjoyment! Most of this week's bountiful roundup is thanks to Pieter's meticulous transcoding, uploading and posting videos from SpringOne2GX 2015 - thanks Pieter! So without further ado, let's take a look at some of this week's selection including a LOT of content from SpringOne2GX, including..

Spring Boot 1.3.0.RC1 Available Now

Releases | Phil Webb | October 21, 2015 | ...

Spring Boot v1.3.0.RC1 is available now from the Spring milestone repository. This release closes almost 140 issues and merges 53 pull-requests! Thanks to everyone that has contributed.

We're not planning on having a long release candidate phase, so please do try RC1 and let us know if you find any problems.

For a complete list of changes, and upgrade instructions, see the Spring Boot 1.3 Release Notes on the wiki and the updated reference documentation.

Project Page | GitHub | Issues | Documentation

SpringOne2GX 2015 replay: Modern Java Component Design with Spring Framework 4.2

News | Pieter Humphrey | October 19, 2015 | ...

Recorded at SpringOne2GX 2015 Speakers: Juergen Holler, Stephane Nicoll Slides: http://www.slideshare.net/SpringCentral/modern-java-component-design-with-spring-framework-42 Spring's programming and configuration model has a strong design philosophy with respect to application components and configuration artifacts. Spring's annotation-based component story is fine-tuned for source code readability as well as consistency across an entire application's codebase. This session presents selected Spring Framework 4 component model highlights, with a focus on the upcoming Spring Framework 4.2 and…

SpringOne2GX 2015 replay: Spring Cloud *: Exploring Alternative Spring Cloud Implementations

News | Pieter Humphrey | October 19, 2015 | ...

Recorded at SpringOne2GX 2015 Speaker: Spencer Gibb Slides: http://www.slideshare.net/SpringCentral/spring-cloud-alternative-implementations-of-discovery-config-bus In this session we will discuss the Spring Cloud abstractions and interfaces that an implementation might choose to implement: DiscoveryClient, LoadBalancerClient, Configuration and Bus. We will compare and contrast some target technologies and discus the tradeoffs and nuances of each, such as: netflix, consul, etcd, zookeeper and lattice. We will then show and demonstrate Spring Cloud implementations of those technologies.

Get the Spring newsletter

Thank you!

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all