Spring LDAP 1.3.2 Released

Releases | Rob Winch | August 26, 2013 | ...

It is with great pleasure that I am announcing the release of Spring LDAP 1.3.2. This release contains lots of bug fixes and will provide a solid foundation for a Spring LDAP 2.0 release.

I'd like to thank Mattias Arthursson from 261 Consulting for all his hard work on this release.

Spring Framework 3.2 and the SpringSource EBR

News | Pieter Humphrey | August 23, 2013 | ...

Beginning with version 3.2, Spring Framework JAR files such as spring-core, spring-context, and spring-webmvc no longer contain MANIFEST.MF files with OSGi metadata. Likewise, builds are not automatically promoted to the SpringSource EBR. To ensure that OSGi users are able to upgrade to Spring Framework 3.2, SpringSource will create and publish bundles for Spring Framework 3.2 GA to the EBR in a separate process shortly following the GA release. At least one 3.2 milestone or release candidate will also be published such that the community can validate the OSGi metadata prior to going GA. Note that any future releases in the Spring Framework 3.1.x line will continue to contain OSGi metadata and will be published immediately to the EBR as per usual. Interested users may want to place a watch on SPR-8903 to be notified of further updates, e.g. when Spring Framework 3.2 bundles are published to the EBR.

Spring Data Redis 1.1 RC1 Released

Releases | Jennifer Hickey | August 23, 2013 | ...

Dear Spring Community,

I am pleased to announce the first release candidate of Spring Data Redis 1.1!

Downloads | JavaDocs | Reference Documentation | Changelog

Highlights include:

  • Support for millisecond precision in key expiration commands
  • Resubscription of message listeners on connection failure
  • Full implementation of ConcurrentMap contract in RedisMap and RedisProperties

For more information about Spring Data Redis please see the home page for a live sample and webinar recording.

We look forward to your feedback on the forum or in the issue tracker. We hope to see you at the upcoming SpringOne conference in Santa Clara, CA. Checkout the schedule and register!

Spring Security 3.2.0.RC1 Highlights: Security Headers

Engineering | Rob Winch | August 23, 2013 | ...


NOTE This blog post is no longer maintained. Refer to the Headers documentation for up to date information about Spring Security's Headers.

Original Article

This is my last post in a two part series on Spring Security 3.2.0.RC1. My previous post discussed Spring Security's CSRF protection. In this post we will discuss how to use Spring Security to add various response headers to help secure your application.

Security Headers

Many of the new Spring Security features in 3.2.0.RC1 are implemented by adding headers to the response. The foundation for these features came from hard work from Marten Deinum. If the name sounds familiar, it may because one of his 10K+ posts on the Spring Forums has helped you out.

If you are using XML configuration, you can add all of the default headers using Spring Security's element with no child elements to add all the default headers to the response:

<http ...>
    <headers />

If you are using Spring Security's Java configuration, all of the default security headers are added by default. They can be disabled using the Java configuration below:

```xml @EnableWebSecurity @Configuration public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Override protected void configure(HttpSecurity http) throws Exception { http .headers().disable() ...; } }

<p>The remainder of this post will discuss each of the default headers in more detail:</p>
<li><a href="#cache-control">Cache Control</a></li>
<li><a href="#content-type-options">Content Type Options</a></li>
<li><a href="#hsts">HTTP Strict Transport Security</a…

Spring Batch 3.0 Milestone 1 Released

Engineering | Michael Minella | August 23, 2013 | ...

Today we are pleased to announce the first milestone release towards Spring Batch 3.0 (download). With this release we take our first steps towards implementing the JSR-352 Java Batch specification. Spring Batch is a lightweight, comprehensive framework for the development of robust batch applications.


JSR-352 is billed as the standardization of batch processing for the java platform. As part of that standardization, this JSR has included three main pieces:

  • A XML based DSL for configuring jobs
  • An API for creating job related components (readers/writers/etc)
  • An API and description of behavior for a supporting classes and concepts

Spring has invested a large amount of time and resources in our contribution to this spec. Our collaboration with the other industry experts via the JCP, JSR-352 validates that the batch patterns that Spring Batch has implemented and battle tested over the past five years in countless production environments is the best approach for building mission critical batch applications.

Features in Milestone 1

This release is the first step towards Spring Batch being compliant with the JSR. Out of the 155 SE tests in the JSR-352 TCK, this release passes 70. The specific features implemented within this release are:

  • JobOperator implementation
  • Basic Job configuration via XML
  • batch.xml support


The JSR defines a JobOperator interface that is a combination of Spring Batch's JobOperator and JobExplorer interfaces. For the spec, this interface serves as the entry point for a batch application to both interact with the job itself (start/stop/restart/etc) as well as the job repository (providing the ability to query for previously run JobExecutions for example). Because of this, the JobOperator needs to provide a level of services out of the box. The JsrJobOperator (the Spring implementation of javax.batch.operations.JobOperator) bootstraps a Spring context similar to that of @EnableBatchProcessing. Out of the box, it includes a JobRepository, JobLauncher, JobOperator, JobExplorer, DataSource, TransactionManager, ParametersConverter, JobRegistry, and a PlaceholderPropertiesConfigurer. All of these can be overridden at runtime by overriding the default beans via the context provided when starting or restarting a job. By default, the JobRepository utilizes HSQLDB in an in-memory configuration.

Per the JSR, to launch a job is actually very easy:

JobOperator jobOperator = BatchRuntime.getJobOperator();
JobExecution jobExecution = jobOperator.start("jsrJob", new Properties());

The above two lines will bootstrap the previously defined base context (this occurs only once), then loads the batch.xml file from /META-INF (if it exists) and the context as defined at jsrJob.xml in /META-INF/batch-jobs. jsrJob.xml can be one of two configurations. It can be a standard Spring context configuration that defines any batch artifacts as Spring Beans and the job via the JSR-352 DSL, or it can be just the job definition as defined by the JSR. Per JSR-352, only one job can be defined within the jsrJob.xml context. The rest of the JsrJobOperator's functionality is virtually a direct wrapping of the existing JobOperator and JobExplorer's functionality (hence their inclusion in the base application context).

Basic Job configuration via XML

JSR-352 defines an XML based DSL that any Spring Batch user will immediately find familiar. Consisting of jobs, steps, readers and writers, most of the concepts that are found in the Spring Batch namespace are accounted for within JSR-352. As part of this release, developers will be able to configure basic jobs using the JSR defined DSL. Basic jobs include the following:

  • <job>
  • <step>
  • <chunk>
  • <batchlet>
  • <reader>
  • <processor>
  • <writer>
  • <decision>
  • <listeners>/<listener>
  • <properties>/<property>
  • <skippable-exception-classes> and related children
  • <retryable-exception-classes> and related children
  • <checkpoint-algorithm>
  • <next>/<end>//<code><fail>

With the JSR, a batch job that looks like this via the Spring Batch DSL:

<job id="data" xmlns="http://www.springframework.org/schema/batch">
    <step id="import" next="report">
            <chunk commit-interval="100"
                   writer="dataWriter" />
    <step id="report…

Free Spring - Hadoop Conference in Singapore

News | Michael Isvy | August 22, 2013 | ...

We are glad to announce that we will host a FREE conference about Spring and Hadoop on Friday August 30th in downtown Singapore from 6 to 8 PM.

Spring best practices: from Spring Petclinic to Spring Data Hadoop

Michael Isvy joined SpringSource (the company behind Spring, now part of Pivotal) in 2008. He has, since then, taught Spring to more than 1000 students in 10 different countries. He has presented on Spring at numerous conferences and is an active technical blogger on the SpringSource blog. Michael holds the position of Education Manager for the Asia-Pacific region at SpringSource…

Spring Security 3.2.0.RC1 Highlights: CSRF Protection

Engineering | Rob Winch | August 21, 2013 | ...

[callout title=Update]

This blog post is no longer maintained. Refer to the CSRF documentation for up to date information about Spring Security and CSRF protection.


On Monday I announced the release of Spring Security 3.2.0.RC1. This is the first of a two part blog series going over the new features found in Spring Security 3.2.0.RC1.

In this first entry, I will go over Spring Security's CSRF support. In the next post, I will go over the various security headers that have been added.

CSRF Attacks

Spring Security has added protection against Cross Site Request Forgery (CSRF) attacks. Great, but what is a CSRF attack and how can Spring Security protect me against it? Let's take a look at a concrete example to get a better…

Spring Security 3.2.0.RC1 Released (08/2013)

Engineering | Rob Winch | August 19, 2013 | ...

Spring Security 3.2.0.RC1 is now available from the SpringSource repository at http://repo.springsource.org. See here for a quick tutorial on resolving these artifacts via Maven.

This release includes tons of updates and fixes. The highlights include:

  • Polishing of Spring Security Java Configuration
  • Uses content negotiation to determine how to prompt user for authentication when multiple authentication mechanisms (i.e. HTTP Basic and Form login) enabled
  • AbstractSecurityWebApplicationInitializer allows registering Java Configuration directly
  • A number of bugs fixed
  • CSRF protection and automatic integration with Spring Web MVC jsp tags
  • Automatic cache control support
  • Defence against Clickjacking attacks
  • HTTP Strict Transport Security support to reduce Man in the Middle attacks
  • Samples include pom.xml so they can be imported as Maven projects
  • MediaTypeRequestMatcher for matching on requests with content negotiation
  • Over ten java configuration samples have been integrated into the samples directory
  • Three new guides that walk users through samples and provide detailed instructions on how to do specific tasks. More of these guides will follow in coming releases
  • Refer to Spring Security 3.2.0.RC1 preview for more details about this release.


    To learn about all the new features within Spring Security 3.2 attend my Getting Started with Spring Security 3.2 presentation at SpringOne2GX September 9-12, 2013. If you haven't already gotten your tickets, do so now before its too late!

    Changelog | Download | Reference Manual | Guides | FAQ

    Spring XD 1.0 Milestone 2 Released

    Releases | Mark Pollack | August 14, 2013 | ...

    Today we are pleased to announce the 1.0 M2 release of Spring XD (download)  Spring XD is a unified, distributed, and extensible system for data ingestion, real time analytics, batch processing, and data export.  The project’s goal is to simplify the development of big data applications.

    The second milestone release of Spring XD introduces several new features that make it even easier to ingest and process real-time streams of data as well as orchestrate Hadoop based batch jobs.  In this blog post we will cover

    • Shell
    • New sources, sinks and transports
    • DSL improvements
    • Batch Jobs


    The most noticeable new feature is the introduction of the interactive shell.  The shell provides you an easy way to create new streams and jobs, view metrics, interact with Hadoop, and more.  As an introduction to the shell I will redo some of the examples from the M1 blog post.


    This Week in Spring - Aug 13th, 2013

    Engineering | Josh Long | August 13, 2013 | ...

    Welcome back to another installment of This Week in Spring. As usual, we've got a lot to cover, so let's get to it!

    1. The How to do in Java blog has a nice post on how to setup Siteminder pre-authentication using Spring Security 3.
    2. Another great SpringOne2GX 2013 session's just been added to the SpringOne2GX 2013 lineup, Real Time Analytics with Spring. This talk introduces one use case for Project Reactor, a foundation for asynchronous applications on the JVM.
    3. Andy Clement has just cut a new release of AspectJ, 1.8.0.M1, which will be used in Spring 4 and support Java 8. It is available through the SpringSource Maven repository as 1.8.0.M1. It is also in today's release of AJDT for Eclipse 4.3.
    4. The GoPivotal blog has an in-depth look at Apache Tomcat 8. Definitely worth a look!
    5. Eberhard Wolff has put together a very nice video on using the recently announced Spring Boot. Nice job, Eberhard! (as usual)
    6. Our pal Petri Kainulainen has written a very cool post on unit testing Spring MVC REST APIs.
    7. The Being Java Guys blog has a code-heavy post on how to do file uploads with Spring MVC. Nice job!
    8. This post from the Matthew's Thoughts! blog explains a simple Spring REST starter project that demonstrates how to use regular Spring Security to add a username and password-based authentication with a Spring MVC-powered REST service.
    9. The Code with Zen Mind blog has a nice series on building and testing Spring MVC applications. The first post introduces how to setup a test-driven project. The second post demonstrates how to do refactoring and how to introduce new test cases. The third post demonstrates how to use the tests established in the first two posts to survice a major refactoring (the implementation of the service under test changes). Really insightful!
    10. This post from the public static void blog() blog introduces how Spring's logging layering works. The post is in what Google Translate insists is Slovak, however, the translation was pretty good and - if we're honest - the diagrams are quite explanatory by themselves! Good stuff. Take a look, and - if possible - a read.
    11. The 1.5 version of the Cloud Foundry integration for Eclipse, which supports pushing applications to Pivotal Cloud Foundry organizations and spaces, using new Cloud Foundry services, and incrementally updating applications from Spring Tool Suite. The new integration may be installed from the STS dashboard or using the update site in the Help > Install New Software menu.

    Get the Spring newsletter

    Thank you!

    Get ahead

    VMware offers training and certification to turbo-charge your progress.

    Learn more

    Get support

    Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

    Learn more

    Upcoming events

    Check out all the upcoming events in the Spring community.

    View all