Spring Team
Rob Winch

Rob Winch

Spring Security, Session, & LDAP project lead

Rob Winch is employed by Pivotal as the project lead of security related projects within Spring. He is also a committer on the core Spring Framework and co-author of the Spring Security 3.1 book. In the past he has worked in the health care industry, bioinformatics research, high performance computing, and as a web consultant. When he is not sitting in front of a computer he enjoys playing the guitar.
Blog Posts by Rob Winch

Spring Security 5.0.0.RELEASE Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.0.0.RELEASE. This release resolves 400+ tickets. For highlights and details about the release, refer to the What’s New in Spring Security 5.0 section.

We hope to see you at SpringOne Platform next week. It will be packed with many Spring talks, opportunities to learn about the latest and greatest features and of course some previews about what we’re planning to do next.

Read more...

Spring Session 2.0.0.RC1 Released

On behalf of the community I’m pleased to announce the release of Spring Session 2.0.0.RC1. This release puts some final touches to preparing for 2.0.0.RELEASE. You can find the complete changelog in github, with the highlights below:

  • #906 Simplified integration with the Servlet APIs. With this simplification, we have removed the support for supporting multiple sessions for a single user. We plan on looking into other ways to bring this feature back.

  • #907 Support for configuring Redis session cleanup cron

Read more...

Spring Security 5.0.0.RC1 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.0.0.RC1. This release resolves 150+ issues. Below are the highlights of this release:

Read more...

Spring Security 5.0.0 M5 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.0.0 M5. This release includes bug fixes & new features. The primary focus is being based off of Spring Framework 5.0.0.RELEASE, Reactor Bismuth-RELEASE, and Spring Data Kay-RELEASE.

This release also lays the foundation for Reactive and OAuth2 auto configuration in Spring Boot 2.0.0.M5

You can find complete details in the changelog.

Get Involved!

If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues, or via the comments section. You can also ping me @rob_winch or Joe @joe_grandja on Twitter.

Of course the best feedback comes in the form of contributions.

Read more...

Spring Security 5.0.0 M4 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.0.0 M4. This release includes bug fixes, new features, and is based off of Spring Framework 5.0.0 RC4. You can find complete details in the changelog. The highlights of the release include:

Read more...

Spring Session 2.0.0 M4

On behalf of the community I’m pleased to announce the release of Spring Session 2.0.0.M4. This release is focused primarily on refining WebFlux support. The highlights are:

Simplified WebFlux Configuration

Configuring Spring Session for WebFlux is simplified to be:

@Configuration
@EnableSpringWebSession
public class HelloWebfluxSessionConfig {

  @Bean
  public MapReactorSessionRepository reactorSessionRepository() {
    return new MapReactorSessionRepository(new ConcurrentHashMap<>());
  }
}

You can also switch the strategy for resolving session id’s by simply adding a WebSessionIdResolver Bean. For example, to switch from using cookies to resolve the session id to using headers, you can use Spring Framework’s new HeaderWebSessionIdResolver:

@Bean
public HeaderWebSessionIdResolver webSessionIdResolver() {
  return new HeaderWebSessionIdResolver();
}
Read more...

Spring Security 5.0.0 M2 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.0.0 M2. This release includes bug fixes, new features, and is based off of Spring Framework 5.0.0 RC2.

A complete example of using Spring Security to secure a Spring WebFlux application can be found in the Spring Security samples at hellowebflux and hellowebfluxfn.

The highlights of the release include:

Simplified Reactive Security Configuration

It is now very easy to setup a minimal Reactive Security Configuration. Add @EnableWebFluxSecurity and provide a UserDetailsRepository

Read more...

Spring Session 2.0.0 M2 Released

On behalf of the community I’m pleased to announce the release of Spring Session 2.0.0.M2. This release is focused primarily on ensuring compatibility with Spring Framework 5.0.0.RC2 and Spring Data Kay-M4 which is the minimum Spring version required.

We expect that Spring Session 2.0.0.M3 will have a new Java 8 friendly API along with Support for Spring WebFlux.

Supported Data Stores

As an update to our new story for supported repositories, we now have sub projects for Spring Session Geode (GemFire) and Spring Session MongoDB. You can find the Spring Session MongoDB release announcement here.

Read more...