Hi Spring fans, and welcome to the first day of the Spring season! This week I'm in San Francisco visiting some customers and just hanging out, working on new Spring Tips installments, enjoying the amazing weather. As if today wasn't exciting enough, Java 10 also shipped today! I know that all seems like enough already, but read on as we have a lot of good stuff this week!

• We want your feedback on this Spring Cloud Contract proposal to support fetching stubs over different protocols
• Spring Cloud Data Flow ninja Gunnar Hillert has just announced Spring Cloud Data Flow 1.4.0. The new release includes improved dashboards, versioned streams, a new stream deployment builder, support for Docker compose, security improvements, proxy server support for the shell, LDAP Role Mapping support and improved documentation, among other things. This is a massive release with a lot of good stuff, so don't miss it!
• Spring Security and OAuth-ninja Joe Grandja has just released Spring Security OAuth 2.3.0 which now supports Elliptic Curve signature verification in JwkTokenStore…

Table of Contents

• What is it?
• What do I get out of the box?
• Which monitoring systems does Micrometer support?
• The distinction between metrics and tracing
• The importance of dimensionality
• Meter filters
• Why the /actuator/metrics endpoint changed in Spring Boot 2
• Get involved

What is it?

Micrometer is a dimensional-first metrics collection facade whose aim is to allow you to time, count, and gauge your code with a vendor neutral API. Through classpath and configuration, you may select one or several monitoring systems to export your metrics data to. Think of it like SLF4J, but for metrics!

Micrometer is the metrics collection facility included in Spring Boot 2’s Actuator. It has also been backported…

Hi Spring fans! Welcome to another installment of This Week in Spring! This week I'm in blizzard-besieged Boston, Massachusetts, for the epic Spring One Tour Boston event. Unfortunately, due to this crazy snow storm / blizzard, the event's been postponed one day as we all grapple with the weather. Hope you were able to join the Spring Boot 2.0 launch webinar! If not the replay will be available here and don't forget to check out the launch blog!

Snow or no snow! The show must go on, at least here on the Spring blog, so without further ado:

• The Reactor team is looking for a motivated new engineer to join the team - apply now!
• Spring Cloud Data Flow ninja Gunnar Hillert has just announced Spring Cloud Data Flow 1.4 RC1
• Spring IO Platform Cairo-RC1 lead Andy Wilkinson has just announced the latest updates, including Spring Boot 2.0. Check it out and make sure works as you expect it to.
• I love this post by Spring team legend Stéphane Nicoll on upgrading the Spring Initializr (http://start.spring.io) to Spring Boot 2.0.
• The Spring Data JDBC project has added @Modify for marking queries that perform DML or DDL. Modifying queries will return type boolean or Boolean…

Spring Boot 2 was released recently and the production instance of Spring Initializr (start.spring.io) was upgraded to Spring Boot 2 the same day.

In this post, I'd like to walk you through the process of upgrading a Spring Boot 1.x app to Spring Boot 2.

Release notes and migration guide

A good first step is to get yourself familiar with the main changes in Spring Boot 2 by reading the migration guide and the release notes.

Build upgrade

If you are using Maven and the spring-boot-starter-parent, you need to be aware that several plugins are going to be updated as part of the upgrade. If you're not using the parent, it is worthwhile to inspect your build and upgrade the plugins that you are using. Spring Initializr is built with Maven so the easiest way is to scan spring-boot-dependencies…

Auto-configuration is one of the most powerful features of Spring Boot. Tests for auto-configuration classes usually follow the same pattern. Most tests start up an ApplicationContext with the auto-configuration class under test and depending on the test, also load additional configuration to simulate user behavior. The recurrence of this pattern can add a lot of repetition in the code base.

Spring Boot 2.0 provides a suite of new test helpers for easily configuring an ApplicationContext to simulate auto-configuration test scenarios. The following example configures an ApplicationContextRunner to test the UserServiceAutoConfiguration…

Spring Web Flow 2.5 is now GA and available for use. This release provides an upgrade path for applications using Web Flow to Spring Framework 5 with Java 8, Servlet 3.1, Hibernate 5, Tiles 3, and JSF 2.2 as minimum requirements.

One of the key features in Spring Security 5 is support for writing applications that integrate with services that are secured with OAuth 2. This includes the ability to sign into an application by way of an external service such as Facebook or GitHub.

But with a little bit of extra code, you can also obtain an OAuth 2 access token that can be used to perform authorized requests against the service’s API.

In this article, we’re going to look at how to develop a Spring Boot application that, using Spring Security 5, integrates with Facebook. You can find the complete code for this article at https://github.com/habuma/facebook-security5…

Last fall, a security vulnerability affecting Spring Data REST was discovered. We patched the affected modules and published a CVE. We've seen some recent news about this that's led to confusion. Here's the scoop:

tl;dr:

• There was a security vulnerability allowing arbitrary code execution in Spring Data REST up to version 2.6.8 and 3.0.0.
• This vulnerability has been fixed in the following versions:

-- Spring Data REST 2.6.9 (Ingalls SR9, Oct. 27th, 2017), included in Spring Boot 1.5.9 (Oct, 28th 2017). -- Spring Data REST 3.0.1 (Kay SR1, Oct. 27th 2017), included in Spring Boot 2.0 M6, (Nov…

The Spring Security SAML project has been an integral part of the Spring ecosystem since its inception nearly 9 years ago. This critically important project was born through the incredible effort and contributions of Vladimír Schäfer. I’d like to take the time to personally thank Vladimír and our fantastic community for their tireless work. Without all of their efforts, this project would not be what it is today.

Vladimír, our amazing community, and the Spring engineering team are planning to team up to enhance Spring Security SAML to achieve the following primary goals:

• Ensuring all dependencies are up to date

• Ensure all Spring Security APIs do not expose any dependency APIs

• Graduate Spring Security SAML from an extension into Spring Security proper

…