We're pleased to an announce the GA release of Spring Security 3.1

The release is available from the Spring Community Downloads area and jars are available from Maven central repository. See the project website for more information.

There's a high level summary of changes in the What's New? section of the reference manual and a full list of changes can be found in the issue tracker.

Download | Reference Manual | FAQ

In a previous article, Behind the Spring Security Namespace, I talked about how the Spring Security namespace has been very successful in providing a simple alternative to plain Spring bean configuration, but how there is still a steep learning curve when you want to start customizing its behaviour. Behind the XML elements and attributes, various filters and helper strategies are created and wired together, but, short of reading the code which handles the XML parsing, there is no easy way of working out which classes are involved or the details of how they interact.

For some time now, we've been trying to come up with an alternative Java-based solution using Spring's @Configuration classes that retains the simplicity of the XML namespace but also makes the underlying behavior more transparent and easier to customize. While theoretically possible, no Java-based solution seemed to meet…

We're pleased to an announce the second release candidate for Spring Security 3.1

Please see the changelog for a full list of updates.

The release is available from the Spring Community Downloads area and also from the SpringSource maven repository.

Download | Changelog | Reference Manual | FAQ

We're pleased to an announce the first release candidate for Spring Security 3.1

Please see the changelog for a full list of updates since the M2 release.

The release is available from the Spring Community Downloads area and also from the SpringSource maven repository.

Download | Changelog | Reference Manual | FAQ

We're pleased to an announce the second milestone release of Spring Security 3.1

Please see the changelog for a full list of updates since the M1 release.

The release is available from the Spring Community Downloads area and also from the SpringSource maven repository.

Download | Changelog | Reference Manual | FAQ

We're pleased to an announce the release of Spring Security 3.0.5.

This release fixes a few bugs which were causing problems with 3.0.4. Please see the changelog for a full list of issues which have been addressed.

The release is available from the Spring Community Downloads area and should be available from the Maven Central repository soon.

Download | Changelog | Reference Manual | FAQ

We're pleased to an announce the release of Spring Security 3.0.4.

This release provides a fix for the vulnerability CVE-2010-3700. A 2.0.6 release has also been provided for users who have not yet to upgraded to Spring Security 3.

Please see the changelog for a full list of issues which have been addressed.

Both releases are available from the Spring Community Downloads area and also from the Maven Central repository.

Download | Changelog | Reference Manual | FAQ

Spring Security is well-known for being highly customizable, so for my first attempt at working with Google App Engine, I decided to create a simple application which would explore the use of GAE features by implementing some core Spring Security interfaces. In this article we'll see how to:

• Authenticate using Google Accounts.
• Implement "on-demand" authentication when a user accesses a secured resource.
• Supplement the information from Google Accounts with application-specific roles.
• Store user account data in an App Engine datastore using the native API.
• Setup access-control restrictions based on the roles assigned to users.
• Disable the accounts of specific users to prevent access.

You should already be familiar with deploying applications to GAE. It doesn't take long to get a basic application up and running and you'll find lots of guidance on this on the GAE website.

Sample Application

The registered users are stored as GAE datastore entities. On first authenticating, new users are redirected to a…

We're pleased to an announce the release of Spring Security 3.0.3.

This is mainly a minor bugfix release. Please see the changelog for a list of issues which have been addressed. You must be using Spring 3.0.3 or later to use this version.

Download | Changelog | Reference Manual | FAQ

With the introduction of the security schema in Spring Security 2, it became much easier to get a simple secured application up and running. In older versions, users had to declare and wire-up all the implementation beans individually, resulting in large and complicated Spring application context files which were difficult to understand and maintain. There was a pretty steep learning curve and I can still remember that it took me some time to get my head round it all when I started working on the project (then Acegi Security), back in 2004. On the positive side, this exposure to the basic…