Spring blog

All Posts
Engineering
Releases
News and Events

Spring Data Redis 1.1 RC1 Released

Releases | Jennifer Hickey | August 23, 2013 | ...

Dear Spring Community,

I am pleased to announce the first release candidate of Spring Data Redis 1.1!

Downloads | JavaDocs | Reference Documentation | Changelog

Highlights include:

  • Support for millisecond precision in key expiration commands
  • Resubscription of message listeners on connection failure
  • Full implementation of ConcurrentMap contract in RedisMap and RedisProperties

For more information about Spring Data Redis please see the home page for a live sample and webinar recording.

We look forward to your feedback on the forum or in the issue tracker. We hope to see you at the upcoming SpringOne conference in Santa Clara, CA. Checkout the schedule and register!

Read more

Spring Security 3.2.0.RC1 Highlights: Security Headers

Engineering | Rob Winch | August 23, 2013 | ...

UPDATE

NOTE This blog post is no longer maintained. Refer to the Headers documentation for up to date information about Spring Security's Headers.

Original Article

This is my last post in a two part series on Spring Security 3.2.0.RC1. My previous post discussed Spring Security's CSRF protection. In this post we will discuss how to use Spring Security to add various response headers to help secure your application.

Security Headers

Many of the new Spring Security features in 3.2.0.RC1 are implemented by adding headers to the response. The foundation for these features came from hard work from Marten Deinum. If the name sounds familiar, it may because one of his 10K+ posts on the Spring Forums has helped you out.

If you are using XML configuration, you can add all of the default headers using Spring Security's element with no child elements to add all the default headers to the response:

<http ...>
    ...
    <headers />
</http>

If you are using Spring Security's Java configuration, all of the default security headers are added by default. They can be disabled using the Java configuration below:

```xml @EnableWebSecurity @Configuration public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Override protected void configure(HttpSecurity http) throws Exception { http .headers().disable() ...; } }


<p>The remainder of this post will discuss each of the default headers in more detail:</p>
<ul>
<li><a href="#cache-control">Cache Control</a></li>
<li><a href="#content-type-options">Content Type Options</a></li>
<li><a href="#hsts">HTTP Strict Transport Security</a…
Read more

Spring Batch 3.0 Milestone 1 Released

Engineering | Michael Minella | August 23, 2013 | ...

Today we are pleased to announce the first milestone release towards Spring Batch 3.0 (download). With this release we take our first steps towards implementing the JSR-352 Java Batch specification. Spring Batch is a lightweight, comprehensive framework for the development of robust batch applications.

JSR-352

JSR-352 is billed as the standardization of batch processing for the java platform. As part of that standardization, this JSR has included three main pieces:

  • A XML based DSL for configuring jobs
  • An API for creating job related components (readers/writers/etc)
  • An API and description of behavior for a supporting classes and concepts

Spring has invested a large amount of time and resources in our contribution to this spec. Our collaboration with the other industry experts via the JCP, JSR-352 validates that the batch patterns that Spring Batch has implemented and battle tested over the past five years in countless production environments is the best approach for building mission critical batch applications.

Features in Milestone 1

This release is the first step towards Spring Batch being compliant with the JSR. Out of the 155 SE tests in the JSR-352 TCK, this release passes 70. The specific features implemented within this release are:

  • JobOperator implementation
  • Basic Job configuration via XML
  • batch.xml support

JobOperator

The JSR defines a JobOperator interface that is a combination of Spring Batch's JobOperator and JobExplorer interfaces. For the spec, this interface serves as the entry point for a batch application to both interact with the job itself (start/stop/restart/etc) as well as the job repository (providing the ability to query for previously run JobExecutions for example). Because of this, the JobOperator needs to provide a level of services out of the box. The JsrJobOperator (the Spring implementation of javax.batch.operations.JobOperator) bootstraps a Spring context similar to that of @EnableBatchProcessing. Out of the box, it includes a JobRepository, JobLauncher, JobOperator, JobExplorer, DataSource, TransactionManager, ParametersConverter, JobRegistry, and a PlaceholderPropertiesConfigurer. All of these can be overridden at runtime by overriding the default beans via the context provided when starting or restarting a job. By default, the JobRepository utilizes HSQLDB in an in-memory configuration.

Per the JSR, to launch a job is actually very easy:

JobOperator jobOperator = BatchRuntime.getJobOperator();
JobExecution jobExecution = jobOperator.start("jsrJob", new Properties());

The above two lines will bootstrap the previously defined base context (this occurs only once), then loads the batch.xml file from /META-INF (if it exists) and the context as defined at jsrJob.xml in /META-INF/batch-jobs. jsrJob.xml can be one of two configurations. It can be a standard Spring context configuration that defines any batch artifacts as Spring Beans and the job via the JSR-352 DSL, or it can be just the job definition as defined by the JSR. Per JSR-352, only one job can be defined within the jsrJob.xml context. The rest of the JsrJobOperator's functionality is virtually a direct wrapping of the existing JobOperator and JobExplorer's functionality (hence their inclusion in the base application context).

Basic Job configuration via XML

JSR-352 defines an XML based DSL that any Spring Batch user will immediately find familiar. Consisting of jobs, steps, readers and writers, most of the concepts that are found in the Spring Batch namespace are accounted for within JSR-352. As part of this release, developers will be able to configure basic jobs using the JSR defined DSL. Basic jobs include the following:

  • <job>
  • <step>
  • <chunk>
  • <batchlet>
  • <reader>
  • <processor>
  • <writer>
  • <decision>
  • <listeners>/<listener>
  • <properties>/<property>
  • <skippable-exception-classes> and related children
  • <retryable-exception-classes> and related children
  • <checkpoint-algorithm>
  • <next>/<end>//<code><fail>

With the JSR, a batch job that looks like this via the Spring Batch DSL:


<job id="data" xmlns="http://www.springframework.org/schema/batch">
    <step id="import" next="report">
        <tasklet>
            <chunk commit-interval="100"
                   reader="itemReader"
                   writer="dataWriter" />
        </tasklet>
    </step>
    <step id="report…
Read more

Free Spring - Hadoop Conference in Singapore

News | Michael Isvy | August 22, 2013 | ...

We are glad to announce that we will host a FREE conference about Spring and Hadoop on Friday August 30th in downtown Singapore from 6 to 8 PM.

Spring best practices: from Spring Petclinic to Spring Data Hadoop

Michael Isvy joined SpringSource (the company behind Spring, now part of Pivotal) in 2008. He has, since then, taught Spring to more than 1000 students in 10 different countries. He has presented on Spring at numerous conferences and is an active technical blogger on the SpringSource blog. Michael holds the position of Education Manager for the Asia-Pacific region at SpringSource…

Read more

Spring Security 3.2.0.RC1 Highlights: CSRF Protection

Engineering | Rob Winch | August 21, 2013 | ...

[callout title=Update]

This blog post is no longer maintained. Refer to the CSRF documentation for up to date information about Spring Security and CSRF protection.

[/callout]

On Monday I announced the release of Spring Security 3.2.0.RC1. This is the first of a two part blog series going over the new features found in Spring Security 3.2.0.RC1.

In this first entry, I will go over Spring Security's CSRF support. In the next post, I will go over the various security headers that have been added.

CSRF Attacks

Spring Security has added protection against Cross Site Request Forgery (CSRF) attacks. Great, but what is a CSRF attack and how can Spring Security protect me against it? Let's take a look at a concrete example to get a better…

Read more

Spring Security 3.2.0.RC1 Released (08/2013)

Engineering | Rob Winch | August 19, 2013 | ...

Spring Security 3.2.0.RC1 is now available from the SpringSource repository at http://repo.springsource.org. See here for a quick tutorial on resolving these artifacts via Maven.

This release includes tons of updates and fixes. The highlights include:

  • Polishing of Spring Security Java Configuration
  • Uses content negotiation to determine how to prompt user for authentication when multiple authentication mechanisms (i.e. HTTP Basic and Form login) enabled
  • AbstractSecurityWebApplicationInitializer allows registering Java Configuration directly
  • A number of bugs fixed
  • CSRF protection and automatic integration with Spring Web MVC jsp tags
  • Automatic cache control support
  • Defence against Clickjacking attacks
  • HTTP Strict Transport Security support to reduce Man in the Middle attacks
  • Samples include pom.xml so they can be imported as Maven projects
  • MediaTypeRequestMatcher for matching on requests with content negotiation
  • Over ten java configuration samples have been integrated into the samples directory
  • Three new guides that walk users through samples and provide detailed instructions on how to do specific tasks. More of these guides will follow in coming releases

    • Refer to Spring Security 3.2.0.RC1 preview for more details about this release.

    SpringOne2GX

    To learn about all the new features within Spring Security 3.2 attend my Getting Started with Spring Security 3.2 presentation at SpringOne2GX September 9-12, 2013. If you haven't already gotten your tickets, do so now before its too late!

    Changelog | Download | Reference Manual | Guides | FAQ

    Read more

    Spring XD 1.0 Milestone 2 Released

    Releases | Mark Pollack | August 14, 2013 | ...

    Today we are pleased to announce the 1.0 M2 release of Spring XD (download)  Spring XD is a unified, distributed, and extensible system for data ingestion, real time analytics, batch processing, and data export.  The project’s goal is to simplify the development of big data applications.

    The second milestone release of Spring XD introduces several new features that make it even easier to ingest and process real-time streams of data as well as orchestrate Hadoop based batch jobs.  In this blog post we will cover

    • Shell
    • New sources, sinks and transports
    • DSL improvements
    • Batch Jobs

    Shell

    The most noticeable new feature is the introduction of the interactive shell.  The shell provides you an easy way to create new streams and jobs, view metrics, interact with Hadoop, and more.  As an introduction to the shell I will redo some of the examples from the M1 blog post.

    Start…

    Read more

    This Week in Spring - Aug 13th, 2013

    Engineering | Josh Long | August 13, 2013 | ...

    Welcome back to another installment of This Week in Spring. As usual, we've got a lot to cover, so let's get to it!

    1. The How to do in Java blog has a nice post on how to setup Siteminder pre-authentication using Spring Security 3.
    2. Another great SpringOne2GX 2013 session's just been added to the SpringOne2GX 2013 lineup, Real Time Analytics with Spring. This talk introduces one use case for Project Reactor, a foundation for asynchronous applications on the JVM.
    3. Andy Clement has just cut a new release of AspectJ, 1.8.0.M1, which will be used in Spring 4 and support Java 8. It is available through the SpringSource Maven repository as 1.8.0.M1. It is also in today's release of AJDT for Eclipse 4.3.
    4. The GoPivotal blog has an in-depth look at Apache Tomcat 8. Definitely worth a look!
    5. Eberhard Wolff has put together a very nice video on using the recently announced Spring Boot. Nice job, Eberhard! (as usual)
    6. Our pal Petri Kainulainen has written a very cool post on unit testing Spring MVC REST APIs.
    7. The Being Java Guys blog has a code-heavy post on how to do file uploads with Spring MVC. Nice job!
    8. This post from the Matthew's Thoughts! blog explains a simple Spring REST starter project that demonstrates how to use regular Spring Security to add a username and password-based authentication with a Spring MVC-powered REST service.
    9. The Code with Zen Mind blog has a nice series on building and testing Spring MVC applications. The first post introduces how to setup a test-driven project. The second post demonstrates how to do refactoring and how to introduce new test cases. The third post demonstrates how to use the tests established in the first two posts to survice a major refactoring (the implementation of the service under test changes). Really insightful!
    10. This post from the public static void blog() blog introduces how Spring's logging layering works. The post is in what Google Translate insists is Slovak, however, the translation was pretty good and - if we're honest - the diagrams are quite explanatory by themselves! Good stuff. Take a look, and - if possible - a read.
    11. The 1.5 version of the Cloud Foundry integration for Eclipse, which supports pushing applications to Pivotal Cloud Foundry organizations and spaces, using new Cloud Foundry services, and incrementally updating applications from Spring Tool Suite. The new integration may be installed from the STS dashboard or using the update site in the Help > Install New Software menu.
    Read more

    SpringSource Training Schedule: September 2013

    News | Mark Baars | August 09, 2013 | ...

    If you are a Java developer looking to increase your Spring knowledge, Spring Training by Pivotal is the place to start. We are providing several Spring trainings across the globe closely connected to your needs as a professional developer. This month we provide the new 4-day Groovy & Grails class in Boston, MA. SpringSource has also started offering new Hibernate with Spring Classes in the Bay Area, Germany, London (GB) and the United States (Online Courses)

    The complete Spring training schedule for September, 2013 can be found below:

    Step 1: Core Spring

    Americas

    Asia Pacific

    Europe, Middle East & Africa

    Step 2: Spring Web / Enterprise Integration with Spring / Hibernate with Spring

    Americas

    Asia Pacific

    Europe, Middle East & Africa

    If you cannot find a professional training near you, you can always request an onsite SpringSource training

    Read more

    This Week in Spring - Aug 6th, 2013

    Engineering | Josh Long | August 07, 2013 | ...

    Welcome back to another installment of This Week in Spring. On August 1, I celebrated my third year at SpringSource. I continue to enjoy the ride of my life and a huge part of that is my interaction with you, the most amazing community ever. Thanks for that, folks.

    Have you booked your tickets for SpringOne2GX? This year's show is a special one. In my work as the Spring Developer Advocate, I speak at many conferences all around the world. Ask any developer with a pulse, and they'll confirm that big data (and Hadoop), reactive web applications, REST, mobile application development, and cloud computing are sizzling hot topics today. Pivotal, and Spring, support today's developers, and SpringOne2GX's agenda represents in my estimation the perfect blend of content for today's developers. Check out the agenda. We've just recently added talks on big data, and REST service security with OAuth. This will be our first show under Pivotal, and it's the only place where you can talk to the developers working on the technologies you care about both at SpringSource and in the community. As you know, we've just announced our Cloud Foundry conference, Platform, and SpringOne2GX full pass ticket holders may register for that show - which is at the same venue as SpringOne2GX just two days earlier - for free! If I had to pay for just one show a year, this would be that show. Hurry the early bird rate expires this friday!

    1. Major news: Phil Webb and Dr. David Syer have just announced Spring Boot, which simplifies Spring application development. Spring Boot provides an opinionated layer on top of Spring and in so doing makes it dead simple to get an application up and running with a minimum of fuss. Seriously, this stuff will blow your mind. Do not read any further until you've read this short and sweet post! Give it a go and be sure to let us know about your experiences!
    2. Spring Framework 3.2.4 maintenance release is now available, with an important security fix for SpringOXM..
    3. Spring Data Redis-lead and ninja Jennifer Hickey just announced the availability of two Spring Data releases. Spring Data Redis 1.1, M2, featuring a lot of new features, including enhanced data pipelining, Redis 2.6 scripting, and more. Spring Data Redis 1.0.6 is also available, and features bug fixes and smaller improvements.
    4. Spring Mobile and Android lead Roy Clarkson just announced Spring Mobile 1.1.0.RC1, which features improvements to device detection and view resolution in Spring Mobile. Roy also announced a new cut of the stable line of Spring Mobile, 1.0.2, which features similar improvements, some backported.
    5. Spring Data ninja Oliver Gierke has just announced that the final release candidate for Spring Data Babbage is now available. This release is named for Charles Babbage. This release features support for the MongoDB Aggregation Framework and improved the execution of polymorphic queries, support to use SpEL expressions in manually defined queries with JPA, improved handling of entities using @IdClass, a countBy(..) method for Neo4j repositories, and much more.
    6. The replay for the webinars Functional Programming without Lamba and Spring with Cucumber for Automation are now available online. Be sure to check them out!
    7. A few weeks ago, our friend Johnathan Mark Smith put together a video introducing how to use Spring Data MongoDB and Java configuration. Check it out! And, if you're doing awesome videos, feel free to share. I'd love to post them on This Week in Spring, too!
    8. I smiled when I saw a tweet by the Reactor project lead Jonathan Brisbin in which he says, "Processor throughput: 90M ops/sec on a laptop. 1 thread + @LMAX Disruptor. Not #fastdata, #uberfastdata" and then links to a test case in the code. Needless to say, Reactor is going to shake things up big time! (And, of course, we'll have more content on Reactor at SpringOne2GX.
    9. The latest release of Tomcat, Apache Tomcat 8.0.0-RC1 (alpha), is now available! There are a lot of new features. Notably, Tomcat 8 will be the first Tomcat to support JSR 356, web sockets. This is the perfect compliment to Spring 4's recently announced web socket support.
    10. Mohan Srihari Kantipudi has put together a nice post on Spring's basic REST capabilities
    11. I liked Gregor Riegler's post on Spring Loaded, the best kept secret in open source. Spring Loaded is a Java agent that lets you reload code as you're working on it (no need to redeploy!). This is a very cool post and I hope you'll consider using Spring Loaded, too.
    Read more

    Get the Spring newsletter

    Thank you for your interest. Someone will get back to you shortly.