Spring Security Java Config Preview: Web Security

Engineering | Rob Winch | July 03, 2013 | ...

Update

Users should refer to the Spring Security Reference which contains more up to date information.

Original Blog Post

In my previous post, I introduced Spring Security Java configuration and discussed some of the logistics of the project. In this post, we will start off by walking through a very simple web security configuration. We will then spice things up a bit with configuration that has been customized some.

Hello Web Security

In this section we go through the most basic configuration for web based security. It can be broken into four steps:

Spring Data Redis 1.1 M1 and 1.0.5 Released

Releases | Jennifer Hickey | July 02, 2013 | ...

Dear Spring Community,

I am pleased to announce the first milestone release of Spring Data Redis 1.1!

Downloads | JavaDocs | Reference Documentation | Changelog

Highlights include:

  • Support for several new Redis 2.6 commands and options
  • Support for Redis 2.6 scripting
  • Connection pool enhancements

There is also a new GA release, Spring Data Redis 1.0.5!

Downloads | JavaDocs | Reference Documentation | Changelog

Spring Data Redis 1.0.5 is a maintenance release containing a few bug fixes and minor enhancements. See the Changelog for more information.

For more information about Spring Data Redis please see the home page for a live sample and webinar recording.

We look forward to your feedback on the forum or in the issue tracker

Spring Security Java Config Preview: Introduction

Engineering | Rob Winch | July 02, 2013 | ...

Yesterday I announced the release of Spring Security Java Configuration support and the release of Spring Security 3.2.0.M2 which contains Java Configuration support.

Spring Security's Java Configuration support is intended to provide a complete replacement of the XML namespace configuration. It is also designed to be extensible, so that Spring Security's extension projects can work nicely with the Java Configuration support.

In this first post of a five part Spring Security Java Configuration blog series, I discuss the logistics of the Spring Security Java Configuration project.

[callout title="Required Versions"]Regardless of how you decide to integrate with Spring Security, it is important to ensure you are using Spring 3.2.3.RELEASE+ to ensure that you avoid SPR-10546.[/callout]

Availability

Before we get started, I'd like to talk about the two modules that Spring Security's Java Configuration can be found.

Availability in Spring Security 3.2.0.M2+

Spring Security Java Configuration has been copied into the Spring Security 3.2.0.M2+ code base. This means if you are using Spring Security 3.2.0.M2+ you should ensure to have the spring-security-config jar on your classpath. For example, you might have the following…

Spring Security 3.2.0.M2 Released

Releases | Rob Winch | July 01, 2013 | ...

The second milestone release toward Spring Security 3.2 is now available from the SpringSource repository at http://repo.springsource.org. See here for a quick tutorial on resolving these artifacts via Maven.

I'd like to extend a special thanks to all those that contributed to this release by submitting bugs, pull requests, and feedback.

The highlights of this release include:

  • Spring Security Java Configuration Support
  • SEC-2111 resolves an issue with Async support when a timeout occurs and the same Thread handles both the original request and the timeout.
  • Added support for configuring the remember me parameter via the XML namespace. Special thanks to Oliver Becker for submitting a pull request for this feature!
  • SEC-2002 Added SessionFixationProtectionEvent. Special thanks to Nick Williams for submitting a pull request for this feature!
  • Improvements to the Embedded LDAP container
Stay tuned to the SpringSource Blog over the coming week for more information about Spring Security Java Configuration.

Changelog | Download | Reference Manual | FAQ

Spring Security Java Configuration 1.0.0.M1 Released

Releases | Rob Winch | July 01, 2013 | ...

I'm pleased to announce the release of Spring Security Java Configuration as a stand alone module. The milestone is compatible with Spring 3.2.3.RELEASE+ and Spring Security 3.1.4.RELEASE.

This code has been merged into Spring Security 3.2.0.M2 release and will be maintained within the Spring Security code base going forward. We hope that by making the release available for stable versions of Spring and Spring Security it will encourage you to try it sooner and provide us feedback before the final release.

Stay tuned to the SpringSource blog for an article that walks you through how to use Spring Security Java Configuration. In the mean time, you can find out how to obtain spring-security-javaconfig, documentation, and samples at http://github.com/SpringSource/spring-security-javaconfig

This Week in Spring - June 25, 2013

Engineering | Josh Long | June 26, 2013 | ...

Welcome back to another installment of This Week in Spring. As usual, we've got a lot to cover. In particular, you'll note that this week's roundup features a lot of great Spring Batch content. So, let's get to it -- and don't forget the SpringOne2GX early bird rate ends Aug 9th!

  1. I did a webinar introducing how to build REST APIs with Spring's rich REST stack a few weeks ago, and I'm happy to report that the talk - which introduces Spring MVC, Spring HATEOAS, Spring REST Shell, Spring Data REST, Spring Security OAuth and Spring Social in terms of a simple sample application that we refine - is now available on the SpringSourceDev YouTube Channel. As I mentioned last week, the slides are available on my SlideShare.net page and the code is available on my GitHub page. Enjoy, and don't hesitate to feedback/ask questions at josh(dot)long(at)SpringSource(dot)com!
  2. InfoQ has a great post introducing JSR 352, the Java Batch specification. If you're a Spring Batch user, then a lot of this will look very familiar! I think this is a particularly nice JSR, and encourage you to check it out. Spring
  3. Chris Schaefer has put together a brilliant Spring Batch refcard for DZone which went up yesterday, head over to DZone for the free download.
  4. Craig Walls has announced that Spring Social Facebook 1.0.3 is now available. The new release addresses breaking changes in the upcoming Facebook API revision.
  5. Gary Russell has announced that Spring AMQP 1.2.0 release candidate is now available. The new release features many improvements and bug fixes.
  6. Johnathan Mark Smith is back at it again, with a blog on RESTTemplate To Post Data to a Web Service. Nice work Jonathan!
  7. This week SpringSource is offering a four-day Groovy & Grails class in San Francisco, check it out here
  8. Our pal Tobias Flohre is back with the 4th installment of his series introducing Java configuration with Spring Batch.
  9. Leleu Jérôme has released a Spring Security Pac4J client. It has OAuth with providers, OpenID, CAS, and HTTP.
  10. Are you a Spring Champion? Enter to win a free SpringOne2GX 2013 pass!
  11. Vamsi Kancharla put together a nice sample project with Spring MVC, bean-validation, error handling (using @ControllerAdvice), protection against XSS and input form attacks, and a lot more. Check it out!
  12. Kim Saabye Pedersen put together a nice post reinforcing some useful (and hopefully well-understood!) principles of singletons in Spring.
  13. Hantsy Bai has put together a very nice post explaining how to create a Spring project from the Spring Tool Suite.

Webinar: Introducing Reactor - A framework for asynchronous applications on the JVM

News | Pieter Humphrey | June 26, 2013 | ...

The sheer volume of non-human-generated data in modern applications can easily overtake a traditional single-threaded, blocking design model. Reactor aims to address this volume, by providing a foundational framework for JVM applications -- applications that need high throughput when performing reasonably small chunks of stateless, asynchronous processing. Join Jon Brisbin as he discusses the motivations behind the project, the design patterns and existing technology that inspired the project, and how it fits in the asynchronous ecosystem today, as a teaser to his upcoming session at SpringOne 2GX 2013.


About the speaker

Chris Harris

Jon Brisbin

Jon works with the Spring Data, Grails, RabbitMQ, and other teams to provide next-generation data and messaging capabilities for modern Ajax and mobile applications. He's been working with Spring Data to provide mapping capabilities for NoSQL databases like MongoDB and Riak and he's working with RabbitMQ and NoSQL to provide modern evented and message-driven data utilities. He authored the Grails support for Riak as well as contributes Erlang-based utilities for the Riak and RabbitMQ communities. Prior to SpringSource, Jon developed private cloud architectures at the world's largest Pizza Hut franchisee, developed Lotus Domino, J2EE, PHP and even Perl CGI applications in BBEdit on an aged Mac, and got his start in web-based development 15 years ago, as an intelligence analyst for the US Air Force, when NCSA Mosaic 1.0 was cool

More About Jon »




Webinar Replay: Building REST-ful services with Spring

News | Pieter Humphrey | June 25, 2013 | ...

Today's applications don't exist in isolation. REST applications and web services are a great way to connect applications together. REST is a design principle that imposes no constraints on the client except basic HTTP support, which all platforms provide. Designing REST services, however, is still as much art as it is science, as standards are emerging. Join Spring Developer Advocate Josh Long as he introduces some of the ins-and-outs of REST API design with Spring, building on Spring MVC, Spring HATEOAS and answers some commonly- asked questions like how to secure REST-ful services, and how…

This Week in Spring - June 18, 2013

Engineering | Josh Long | June 19, 2013 | ...

Welcome back to another installation of This Week in Spring! What a week! We're fast approaching the final stretch of the journey to SpringOne2GX 2013 and preparations are underway at full tilt. This year's going to be memorable. I wish I could tell you more, but trust me when I say you need to be at this show this year! :)

Anyway, let's get on with the roundup!

  1. Mark Pollack has announced the release of Spring XD 1.0 milestone 1. Spring XD is a unified, distributed, and extensible system for data ingestion, real time analytics, batch processing, and data export. The project’s goal is to simplify the development of big data applications.
  2. Join Tony Erksine from Liberty University on June 27th as he instructs us How to talk Spring and Influence People, a pragmatic lesson on soft skills and technology adoption strategies needed to help get other people in your company excited about and using, new technology -- in this case, with Spring.
  3. Want a pass to SpringOne 2GX 2013? If you're a Spring champion, show off your stuff on our champions forum and follow these instructions by June 21, 2013. You might be one of our 5 lucky winners! (If you're a Groovy & Grails or Cloud Foundry champion, never fear, we will be rolling out future contests for you!)
  4. Head over to gopivotal.com for the next blog in the Hadoop 101 series -- How to Use Spring Batch with Spring for Apache Hadoop.
  5. We're excited to launch A Week of Spring in conjunction with Manning Publications. Check out this post for more information on great discounts for titles covering SpringSource technologies! Every day we're posting a new 50% discount code for two books.
  6. Our pal Tobias Fiohre is back at it again, this time with not one, not two, but three posts on Java configuration support for Spring Batch, just released in the latest Spring Batch 2.2.0.RELEASE of Spring Batch. The first post looks at how Spring Batch's Java configuration support compares with the XML equivalents. The second post looks at the Spring Batch StepScope, which lets you configure jobs with parameters provided at runtime (as opposed to design-time. The third post looks at how to use the new configuration style with Spring's environment profiles feature.
  7. Johnathan Mark Smith has put together a post on how use Spring MVC and Spring MVC Test
  8. Xavier Padró's has put together a nice post that introduces Spring's core Aspect-Oriented Programming support.
  9. The video replay of the webinar from the Broadleaf Commerce project on their migration from GWT to Spring MVC is now online at our SpringSourceDev YouTube channel.
  10. This isn't strictly Spring-related, but I felt it worth mentioning: Java 9 is slated to drop support for compiling Java 1.4-or-older source code. Java 8 is approaching (finally!), and Spring 4 will offer first class support for Java 8 lambas. Java 6 is EOL as of February 2013, so if you're not already on Java 7, consider just making the jump to Java 8 when it drops early next year. If you're migrating right now, definitely consider looking at Java 7 at a minimum. Spring, of course, works well with older JDK versions, but we often provide functionality specific to newer language releases if they're available. For example, we debuted annotations (like @Transactional) when Java 5 made it feasible, as an addition to our then primary support for commons annotations, even while we supported Java 1.3 and 1.4. Java 8 is no different.
  11. I did a webinar last week on building REST APIs with Spring. The webinar video will be up soon on our SpringSource Developer YouTube channel. For the many who've asked, the code is available on my GitHub account, and the slides are available on my SlideShare account. Check them out!
  12. Petri Kainulainen has put together a really detailed, easily-read post on how to plugin a property from a property file when configuring the @Scheduled annotation's CRON expression

Get the Spring newsletter

Stay connected with the Spring newsletter

Subscribe

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all