Dear Spring Community,

I'm happy to announce the availability of Spring Social 1.1.0.RC1 as well as Spring Social Facebook 1.1.0.RC1, and Spring Social Twitter 1.1.0.RC1. These release candidates are the first step toward a GA release coming soon. They include several improvements, bug fixes, and a few new features, including:

• New Thymeleaf 3 and 4 dialects to match Spring Social's JSP tag library.
• A generic connection factory for quick configuration of an API for which there is no formal connection factory support. Provides a RestOperations as the API binding.
• Optimized use of RestTemplate in API bindings when using Spring 3.2+.
• A new streamlined and more flexible Java configuration option.
• SecurityConfigurerAdapter for enabling provider-based authentication with Spring Security's Java configuration.
• A pluggable session-abstraction.
• Support for Facebook's built-in OpenGraph actions in the API binding.
• …

Spring Security 3.2.2 (change log) and 3.1.6 (change log) have been released and are available in Maven Central.

Among the highlights, these two releases resolve CVE-2014-0097 which allows a malicious user to impersonate a user with an empty password if ALL of the following hold true:

• The application is using ActiveDirectoryLdapAuthenticator
• The directory allows anonymous binds (not recommended)

NOTE: This does NOT impact users of LdapAuthenticationProvider or <ldap-authentication-provider>

For full details on the releases, please refer to the previously mentioned change logs.

Recorded at SpringOne2GX 2013 in Santa Clara, CA

Speaker: John Hann

So you've been toying around with JavaScript. You have a basic feel for the language but don't quiet feel productive, yet. If so, this talk is for you. We'll peel away the abstractions, libraries, and frameworks to uncover the more interesting fundamentals of JavaScript. Specifically, we'll delve into the following:

• Prototypal inheritance (and alternatives to classical inheritance)
• Closures
• Scope versus context and this
• Public vs privileged vs private variables
• Modules
• Promises / Futures
• Recent improvements from EcmaScript 5 and 6
• Functional programming strategies
• Documentation using JSDoc
• Testing strategies
• and more!

!{iframe width="560" height="315" src="//www.youtube.com/embed/EZW-ngSHK6o" frameborder="0" allowfullscreen}{/iframe}

Recorded at SpringOne2GX 2013 in Santa Clara, CA

Speaker: Emanuel Rabina

With the disconnect between the languages of the web (HTML, CSS, Javascript) and the languages of the server (Java, Groovy, Scala, etc), many libraries and frameworks have been invented over the years to fill this void, often resulting in views filled with back-end code, views filled with specialized syntaxes, or even the invention of completely new view languages abstractions; all for the purpose of transforming our server-side ideas into HTML, and few of which actually look like the HTML that it ends up as. Enter Thymeleaf - a templating framework that uses HTML to create good old HTML. In this presentation, you'll be introduced to Thymeleaf, some of its features, how you can use it in your Spring web projects, the growing ecosystem being developed around it, and how it uses natural templates to keep the web designer on your team, and inside each and every one of us, happy.

Learn more about Thymeleaf at www.thymeleaf.org

Learn more about Spring MVC at: http://projects.spring.io/spring-framework

!{iframe width="560" height="315" src="//www.youtube.com/embed/xjVBAsGFUiY" frameborder="0" allowfullscreen}{/iframe}

I am happy to announce the availability of the last service release of the Spring Data Babbage release train. The release includes the following modules:

• Spring Data Commons 1.6.5 - Changelog - JavaDoc - Artifacts
• Spring Data JPA 1.4.5 - Changelog - JavaDoc - Artifacts
• Spring Data MongoDB 1.3.5 - Changelog - JavaDoc - Artifacts
• Spring Data Neo4j 2.3.5 - Changelog - JavaDoc - Artifacts

The release bundles a bunch of important enhancements and bug fixes and is a recommended upgrade. The release forms the last service release of the Babbage release train. Users are recommended to have a look at the latest releases of Spring Data Codd…

We are pleased to announce the availability of the Spring AMQP (for Java) 1.3.0.RC1 release candidate. It is expected to be the final candidate before GA.

The release includes some significant new features, including:

• Listener Container

• The listener container concurrency can be changed without first stopping the container and the listeners will be adjusted accordingly

• The listener container can dynamically adjust the concurrent consumers, based on workload

• The listener container now supports consumer priority (with RabbitMQ 3.2.x or greater)

• The listener container now supports the configuration of an exclusive consumer

• Rabbit Template

• The RabbitTemplate now has several convenient receiveAndReply methods

• The RabbitTemplate can now be configured with a RetryTemplate, enabling clients to not have to deal directly with broker connectivity issues.

  …

Spring Boot 1.0 RC4 just dropped and 1.0 can't be too far behind, and there are all sort of cool features coming!

One of the many questions I get around this concerns deployment strategies for Boot applications. Spring Boot builds on top of Spring and serves wherever Spring can serve. It enjoys Spring's portability. Spring Boot lets the developer focus on the application's development first, and removes the need to be overly concerned with every other aspect of its lifecycle, including deployment and management.

It aims to be production ready, out of the box. As part of this, Spring Boot does a few things differently, by default, that may be at first alien to some. In this post, I hope to briefly cover some of the common strategies for deploying a Spring Boot applications. I'll ever so briefly introduce it, and some sample code, before we dive deeper. Feel free to skip this section and start at the Embedded Web Server Deployment…

Speakers: Oliver Gierke and Thomas Darimont

Slides: https://speakerdeck.com/olivergierke/spring-data-repositories-best-practices

The repository abstraction layer is one of the core pieces of the Spring Data projects. It provides a consistent, interface-based programming model to allow implementing data access layers easily for relational and NoSQL databases. We will have a look at the lessons learned from the application of it in various customer projects and summarize best practices for you to apply in your projects. The session will also discuss advanced features like the Querydsl integration, the integration of custom implementation code as well as hooks into Spring MVC and Spring HATEOAS.

Learn more about Spring Data at: http://projects.spring.io/spring-data

Learn more about Spring HATEOAS at: http://projects.spring.io/spring-hateoas

Learn more about Spring MVC at: http://projects.spring.io/spring-framework

!{iframe width="560" height="315" src="//www.youtube.com/embed/hwNyzkWENE0" frameborder="0" allowfullscreen}{/iframe}

Welcome to another installment of This Week in Spring.

As usual, we've got a lot to cover so let's get to it!

1. Spring Batch and Boot co-founder Dr. Dave Syer has announced that Spring Boot RC4 is now available. Check out the latest cut for all the goodies!
2. There is a new guide that details how to use Spring Data REST
3. Spring Data ninja Christoph Strobl has announced that Spring Data Redis 1.2 is now available.
4. Don't miss Mattias Arthursson on a webinar March 18th, presenting Spring LDAP 2.0.0.
5. Join Juergen Hoeller and the Spring Team for a webinar on Java 8 and Spring Framework 4.0 on March 25!
6. David Turanski has put together a nice post on how to use Groovy for bean configuration
7. Alvaro Videla's and Jan Machacek's talk from SpringOne2GX 2013, RabbitMQ is the new King, is now available online
8. Gary Russell's SpringOne2GX 2013 talk introducing Spring Integration's internals is now online
9. Pance Cavkovski has a nice post demonstrating the web socket support from the JavaWebSocket project, Java EE 7 and Spring 4.
10. Norris Shelton Jr. has a nice post on accessing the Spring Security principal from the currently installed Authentication object using a custom annotation
11. Quinten Krijger has a nice post on how to manage session concurrency with Spring Security and Spring MVC
12. Tomasz Nurkiewicz writes about how to build a custom Spring XML namespace. He makes a great point at the beginning, though: Spring doesn't require XML!
13. The Not Just Another Blog blog looks at how to override the Spring Security filter chain
14. Thys Michels has a short-and-sweet post on how to configure a Spring application using Java configuration to consume an ElasticSearch service on Heroku.