Spring Security OAuth 2.0.4.RELEASE is available now in the usual repositories. It's a bug fix release, so upgrading is recommended, but there is also a small set of new features:

• The OAuth2Request (and hence OAuth2Authentication) can now be

queried explicitly to find the grant type for the associated token. If the token is being refreshed the grant type in the OAuth2Request presented to a TokenEnhancer is the original grant type, not "refresh_token".

• The client authorities are exposed in the "/check_token" endpoint

• Password grants are more flexible and open to extension because both client and server can add additional parameters to the request. A custom AuthenticationManager on the server side should still expect a UsernamePasswordAuthenticationToken, but the additional parameters will be available in the AuthenticationDetails. Multi-factor authentication for mobile devices could be implemented in this way, for instance.

• Keystore support for JWT token signing and verification.

…

Dear Spring community,

It's my pleasure to announce the immediate availability of Spring Framework 4.1.2, accompanied by 4.0.8 and 3.2.12 maintenance releases.

Spring Framework 4.1.2 is our second maintenance release in the 4.1.x line but also comes as a key feature release, including many user-suggested and user-contributed improvements: in total, more than one hundred issues have been addressed. 4.1.2 also serves as the core framework release to go into Spring Boot 1.2 which is just around the corner...

-> List of resolved JIRA issues for Spring Framework 4.1.2

Note that aside from fixing…

Platform Reinvented

Recorded at SpringOne2GX 2014

Speakers: Hugh Williams, Juergen Hoeller, Dave Syer, Andy Glover (NetFlix), Graeme Rocher

 

Link to Slides: http://www.slideshare.net/SpringCentral/spring-one2gx-2014keynotev8

!{iframe width="560" height="315" src="//www.youtube.com/embed/xU267-YHN5c" frameborder="0" allowfullscreen}{/iframe}

Platform Reinvented

Recorded at SpringOne2GX 2014

Speakers: Juergen Hoeller, Mark Fisher, Dave Syer, Jon Brisbin

Link to Slides: http://www.slideshare.net/SpringCentral/springone2gx-2014

 

!{iframe width="560" height="315" src="//www.youtube.com/embed/WVSnKHOlyrE" frameborder="0" allowfullscreen}{/iframe}

Recorded at SpringOne2GX 2014 in Dallas, TX.

Speaker: Damien Dallimore, Splunk

Today we are facing an ever-increasing speed of product delivery. DevOps practices like continuous integration and deployment increase the dependence of systems like task tracking and source code repositories with build servers and test suites. With data moving rapidly through these different tools, it becomes challenging to maintain a grasp of the process, especially as the data is distributed and in a variety of formats. But it is still critical to maintain full visibility of the product development journey – from user stories to production data. By starting at the beginning of the Product Development Lifecycle, you can track a problem in production all the way back to the code that was checked into the build and the developer responsible for the code. In this session I'll demonstrate some of the ways in which Splunk software can be used to collect and correlate data throughout the various stages of the lifecycle of your code, to ultimately make you more efficient and make your code better.

Link to Slides:http://www.slideshare.net/SpringCentral/gaining-application-lifecycle-intelligence

!{iframe width="560" height="315" src="//www.youtube.com/embed/v2xNJGefxx4" frameborder="0" allowfullscreen}{/iframe}

Recorded at SpringOne2GX 2014

Speaker: Ashley Puls, New Relic

With Spring and Hibernate on your stack, your application's bytecode is likely enhanced or manipulated at runtime. This session examines three common byte code manipulation frameworks: ASM, CGLib, and Javassist (Java Programming Assistant). We will discuss how these tools work and why frameworks like Spring use them. You will learn enough to begin integrating these frameworks directly into your own code.

Link to Slides: http://www.slideshare.net/SpringCentral/bytecode-spring2gx2014

!{iframe width="560" height="315" src="//www.youtube.com/embed/39kdr1mNZ_s" frameborder="0" allowfullscreen}{/iframe}

Recorded at SpringOne2GX 2014.

Speakers: Emad Benjamin, Jamie O'Meara

Slides: http://www.slideshare.net/SpringCentral/tuning-large-scale-java-platforms

The session will cover various GC tuning techniques, in particular focus on tuning large scale JVM deployments. Come to this session to learn about GC tuning recipe that can give you the best configuration for latency sensitive applications. While predominantly most enterprise class Java workloads can fit into a scaled-out set of JVM instances of less than 4GB JVM heap, there are workloads in the in memory database space that require fairly large JVMs. In this session we take a deep dive into the issues and the optimal tuning configurations for tuning large JVMs in the range of 4GB to 128GB. In this session the GC tuning recipe shared is a refinement from 15 years of GC engagements and an adaptation in recent years for tuning some of the largest JVMs in the industry using plain HotSpot and CMS GC policy. You should be able to walk away with the ability to commence a decent GC tuning exercise on your own. The session does summarize the techniques and the necessary JVM options needed to accomplish this task. Naturally when tuning large scale JVM platforms, the underlying hardware tuning cannot be ignored, hence the session will take detour from the traditional GC tuning talks out there and dive into how you optimally size a platform for enhanced memory consumption. Lastly, the session will also cover Pivotal Application Fabric reference architecture where a comprehensive performance study was done.

!{iframe width="560" height="315" src="//www.youtube.com/embed/CJujGwjUQDo" frameborder="0" allowfullscreen}{/iframe}

Speaker: Dave Syer

Slides: http://www.slideshare.net/SpringCentral/syer-microservicesecurity

OAuth2 is a lightweight security protocol that is well-suited for use with HTTP, the protocol at the heart of many modern architectures. Spring Security OAuth2 has a load of new features, not the least of which being the `@Configuration` support in version 2.0. Combine these with Spring Boot and you have a platform which can get you a secure HTTP service application in about 20 lines of code. This presentation shows how the combination of rapid development and production-ready features in the modern Spring stack are a perfect mixture for developing secure components in a system composed of microservices. We explore the new features in Spring OAuth2, guide you through the choice of which to use and when, and show how easy they are to enable quickly.

Learn more about Spring Security OAUTH: http://projects.spring.io/spring-security-oauth

Learn more about Spring Cloud: http://projects.spring.io/spring-cloud

 

!{iframe width="420" height="315" src="//www.youtube.com/embed/yePeJ6NDZQk" frameborder="0" allowfullscreen}{/iframe}

If you are building microservices with Spring you will be interested to see that Spring Cloud 1.0.0.M2 hit the streets yesterday and today, and can now be found in the Spring repository. Visit the individual project pages links in the main umbrella page or look at their github repositories for detailed instructions about how to get started using the individual components. There is also a Reference Guide covering the core modules.

Since Spring Cloud is an umbrella project we have a "release train" of related updates to all the sub-projects (like with Spring Data). The 1.0.0.M2 release has updates to spring Cloud Config, Spring Cloud Netflix, Spring Cloud Bus, Spring Cloud Security and Spring Cloud CLI…