Spring Team
Rob Winch

Rob Winch

Spring Security, Session, & LDAP project lead

Rob Winch is employed by Pivotal as the project lead of security related projects within Spring. He is also a committer on the core Spring Framework and co-author of the Spring Security 3.1 book. In the past he has worked in the health care industry, bioinformatics research, high performance computing, and as a web consultant. When he is not sitting in front of a computer he enjoys playing the guitar.
Blog Posts by Rob Winch

Spring Security 5.0.0 M5 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.0.0 M5. This release includes bug fixes & new features. The primary focus is being based off of Spring Framework 5.0.0.RELEASE, Reactor Bismuth-RELEASE, and Spring Data Kay-RELEASE.

This release also lays the foundation for Reactive and OAuth2 auto configuration in Spring Boot 2.0.0.M5

You can find complete details in the changelog.

Get Involved!

If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues, or via the comments section. You can also ping me @rob_winch or Joe @joe_grandja on Twitter.

Of course the best feedback comes in the form of contributions.

Read more...

Spring Security 5.0.0 M4 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.0.0 M4. This release includes bug fixes, new features, and is based off of Spring Framework 5.0.0 RC4. You can find complete details in the changelog. The highlights of the release include:

Read more...

Spring Session 2.0.0 M4

On behalf of the community I’m pleased to announce the release of Spring Session 2.0.0.M4. This release is focused primarily on refining WebFlux support. The highlights are:

Simplified WebFlux Configuration

Configuring Spring Session for WebFlux is simplified to be:

@Configuration
@EnableSpringWebSession
public class HelloWebfluxSessionConfig {

  @Bean
  public MapReactorSessionRepository reactorSessionRepository() {
    return new MapReactorSessionRepository(new ConcurrentHashMap<>());
  }
}

You can also switch the strategy for resolving session id’s by simply adding a WebSessionIdResolver Bean. For example, to switch from using cookies to resolve the session id to using headers, you can use Spring Framework’s new HeaderWebSessionIdResolver:

@Bean
public HeaderWebSessionIdResolver webSessionIdResolver() {
  return new HeaderWebSessionIdResolver();
}
Read more...

Spring Security 5.0.0 M2 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.0.0 M2. This release includes bug fixes, new features, and is based off of Spring Framework 5.0.0 RC2.

A complete example of using Spring Security to secure a Spring WebFlux application can be found in the Spring Security samples at hellowebflux and hellowebfluxfn.

The highlights of the release include:

Simplified Reactive Security Configuration

It is now very easy to setup a minimal Reactive Security Configuration. Add @EnableWebFluxSecurity and provide a UserDetailsRepository

Read more...

Spring Session 2.0.0 M2 Released

On behalf of the community I’m pleased to announce the release of Spring Session 2.0.0.M2. This release is focused primarily on ensuring compatibility with Spring Framework 5.0.0.RC2 and Spring Data Kay-M4 which is the minimum Spring version required.

We expect that Spring Session 2.0.0.M3 will have a new Java 8 friendly API along with Support for Spring WebFlux.

Supported Data Stores

As an update to our new story for supported repositories, we now have sub projects for Spring Session Geode (GemFire) and Spring Session MongoDB. You can find the Spring Session MongoDB release announcement here.

Read more...

Spring Security 5.0.0 M1

On behalf of the community, I’m pleased to announce the release of Spring Security 5.0.0 M1. This release includes bug fixes, new features, and is based off of Spring Framework 5.0.0 RC1. The highlights of the release include:

Initial Support for Reactive Web Applications

Following one of the primary themes of Spring Framework 5.0, Spring Security 5.0 will add support for Reactive applications by building on top of Spring’s reactive support. The first milestone focused on getting primary infrastructure in place.

Read more...

Spring Session 2.0.0 M1 Released

On behalf of the community I’m pleased to announce the release of Spring Session 2.0.0.M1. This release is focused primarily on ensuring compatability with Spring Framework 5 which is the minimum Spring version required.

Supported Data Stores

We have also removed some of the Spring Session implementations from the main repository. The goal is to allow the core Spring Session team to focus on delivering new features rather than needing to know the ins and outs of every data store. This will allow development of other modules to be done without the overhead of reviews from the Spring Session team.

Read more...

Spring Session 1.3.1 Released

On behalf of the community, I’m pleased to announce the release of Spring Session 1.3.1.RELEASE. This release contains numerous bug fixes. A special thanks to Vedran Pavić and John Blum for all their hard work!

Some of the highlights include:

  • #756 - Usage of Spring Data Redis 1.7.1 which has critical bug
  • #757 - Restore proper behavior of HttpSession created events in GemFire
  • #755 - Improve GemFire SessionRepository, (HTTP) Session copy logic

Project Site | Reference | Help

Read more...