Hi, Spring fans! In this installment, Josh Long (@starbuxman) talks to longtime Spring community member and legend Marten Deinum (@mdeinum) about scuba diving, software, Spring, community, and more.

Also: I fixed the odd silence in the middle of the last few episodes! thanks for suffering through it with me. I have no idea what went wrong but I know now how to fix it

Want to meet more amazing people in our ecosystem, like Marten? SpringOne 2022 is almost here! I feel like it’s that anxious, exciting time before, sort of important holiday where you get given gifts! And with it, Spring Boot…

On behalf of the community, I am pleased to announce that the Milestone 5 (M5) of the Spring Cloud 2022.0.0 Release Train is available today. The release can be found in Spring Milestone repository. You can check out the 2022.0.0 release notes for more information.

Notable Changes in the 2022.00-M5 Release Train

Spring Cloud Netflix

• Updated to Eureka 2.0.0-rc.3. Eureka 2.0.0 is a new branch of Eureka unrelated to the old 2.x-archive experiment from 7 years ago. The new 2.x branch is for compatibility with JakartaEE. This allows Spring Cloud Netflix to be compatible with Spring Framework 6.0 and Spring Boot 3.0. This is the first milestone that Spring Cloud Netflix has participated in the 2022.0 release train.
…

On behalf of the team and all contributors, I am pleased to announce that Spring Batch 5.0.0-M7 is now available from our milestone repository.

The main theme of this milestone is the improvement of job parameters handling in Spring Batch. Two main changes were introduced in this release:

• Add support to use any type as a job parameter
• Improve job parameters conversion

This blog post walks through these two major changes in details. For the complete list of changes, please check the release notes.

Add support to use any type as a job parameter

Up to version 4, Spring Batch supported only 4 types that can be used as job parameters, which are long, double, String and Date. While this was convenient to simplify job parameters handling on the framework's side, it turns out to be constraining on the user's side. For instance, what if one wants to use a boolean…

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Shell 2.1.2 and 3.0.0-M1 has been released and is now available from https://repo.spring.io/release, Maven Central and https://repo.spring.io/milestone respectively.

3.0.0-M1 is first milestone which builds on Spring Boot 3.x and requires JDK 17.

Please see the release notes 2.1.2 and release notes 3.0.0-M1 for more details.

Thanks to all those who have contributed with issue reports and pull requests.

How can you help?

Project Page | GitHub | Issues | Documentation

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's October 4th, 2022, and I'm in Austin, TX, for the new version of show formerly known as the Kafka Summit, here to talk to folks about the amazing opportunities for Spring Boot and Apache Kafka. On the 12th, I'll be in Antwerp, Belgium, for the amazing Devoxx show. On October 17-20th, I'll be in Las Vegas, for the new version of JavaOne. And, well, there's more but I can't say exactly. Stay tuned!

And as for now, well, I'm excited to be here! We've got a ton of cool stuff to cover this week, so let's dive right into it…

Hi, Spring fans! In this installment, Josh Long (@starbuxman) talks to his friend Chris Richardson (@crichardson), who helped articulate and advance cloud computing, reactive programming, microservices, domain-driven design, event sourcing, and so much more years before the zeitgeist. Also, we used to work together!

Want to meet more amazing people in our ecosystem, like Chris? SpringOne 2022 is almost here! I feel like it’s that anxious, exciting time before, sort of important holiday where you get given gifts! And with it, Spring Boot 3 and Spring Framework 6. We’re going to be announcing…

Using username/password credentials to access one application from another presents a huge security risk for many reasons. Today, we are announcing the preview of passwordless connections for Java applications to Azure database and eventing services, letting you finally shift away from using passwords.

Security Challenges with Passwords

Passwords should be used with caution, and developers must never place passwords in an unsecure location. Many Java applications connect to backend data, cache, messaging, and eventing services using usernames and passwords, or other sensitive credentials such as access tokens or connection strings. If exposed, the passwords could be used to gain unauthorized access to sensitive information such as a sales catalog that you built for an upcoming campaign, or simply all customer data that must be private.

Embedding passwords in an application itself presents a huge security risk for many reasons, including discovery through a code repository (see Figure 1 below). Many developers externalize such passwords using environment variables so that applications can load them from different environments. However, this only shifts the risk from the code itself to an execution environment. Anyone who gains access to the environment can steal passwords, which in turn, increases your data exfiltration risk.

Figure 1 – shows Java code with an embedded username and password to connect to a database

Our customers can have strict security requirements to connect to Azure services without exposing passwords to developers, operators, or anyone else. They often use a vault to store and load passwords into applications, and they further reduce the risk by adding password-rotation requirements and procedures. This, in turn, increases the operational complexity and can lead to application connection outages.

Passwordless Connections – Zero-Trust

Now you can use passwordless connections in your apps to connect to Azure-based services with a code-free configuration. You no longer need to rotate passwords. Using the principle of "never trust, always verify and credential-free", Zero-Trust helps to secure all communications by trusting machines or users only after verifying identity before granting them access to backend services.

Using managed identities and Azure RBAC (role-based access control) combination is the recommended authentication option for secure, passwordless connections from Java applications to Azure services. Developers or operators do not need to manually track and manage many different secrets for managed identities because these tasks are securely handled internally by Azure.

You can configure passwordless connections to Azure services using Service Connector (see Figure 2 below), or you can manually configure them. Service Connector enables managed identities in app hosting services like Azure Spring Apps, App Service and Azure Container Apps. It configures backend services with passwordless connections using managed identities and Azure RBAC, and supplies applications with necessary connection information – no more passwords.

Figure 2 – Service Connector configures passwordless connection for a Java app to a PostgreSQL database

If you inspect the running environment of an application configured for passwordless connections, you can see the full connection string. For example, Figure 3 shows how it carries database server address, database name, and an instruction to delegate authentication to Microsoft’s Azure’s JDBC authentication plugin.

Figure 3 – datasource configuration “spring.datasource.url” shows passwordless connection

Let’s consider a Spring Boot application that connects to a PostgreSQL database that uses Spring Cloud Azure starter. The starter composes a connection string without password for a Spring Data JPA module. From the connection string, the driver understands that it must load the Azure’s JDBC authentication plugin which uses the Azure Identity Client Library to get an access token. The driver logs into a database using the token as password - no more passwords.

For local development and testing, developers can use the same arrangement to connect to services without using passwords. You will authenticate through Azure CLI, IntelliJ or any development tool and use that identity to secure access for the application to connect with Azure services without passwords.

Learn More and Delete Passwords!

You can shift away from using passwords in your apps. Migrate your existing Java applications to use passwordless connections for Azure services today!

Read more about passwordless connections – https://aka.ms/Delete-Passwords

Resources

<tbody>

<tr>
    <td>Azure Service</td>
    <td>Java Quickstart</td>
    <td>Spring Quickstart</td>
    <td>Migration Guide</td>
</tr>


<tr>
    <td> Azure Database for MySQL</td>
    <td>
    <a href="https://learn.microsoft.com/en-us/azure/mysql/single-server/connect-java?toc=%2Fazure%2Fdeveloper%2Fintro%2Ftoc.json&amp;bc=%2Fazure%2Fdeveloper%2Fintro%2Fbreadcrumb%2Ftoc.json&amp;tabs=passwordless">JDBC</a>
    </td>
    <td>
        <div><a href="https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-data-jdbc-with-azure-mysql?tabs…

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all