Note: the source code and test for this blog continue to evolve, but the changes to the text are not being maintained here. Please see the tutorial version for the most up to date content.

In this article we continue our discussion of how to use Spring Security with Angular JS in a "single page application". Here we show how to build an API Gateway to control the authentication and access to the backend resources using Spring Cloud. This is the fourth in a series of articles, and you can catch up on the basic building blocks of the application or build it from scratch by reading the first article, or you can just go straight to the source code in Github. In the last article we built a simple distributed application that used Spring Session to authenticate the backend resources. In this one we make the UI server into a reverse proxy to the backend resource server, fixing the issues with the last…

Welcome to another installment of This Week in Spring! As usual, we've got a lot to cover so let's get to it!

1. Join Andy Wilkinson as he discusses REST API documentation, swagger, and more in a webinar on Tuesday, Feb 3rd - Documenting RESTful APIs
2. Sabby Anandan is joining us for the Spring XD 1.1 launch webinar on Tuesday, Feb 17th - Spring XD: A Platform for data at scale and developer productivity
3. Don't miss Rob Winch as he takes a fresh look at HTTPSession for the cloud. His webinar is on Tuesday, Feb 24th, 2015 Webinar: Introducing Spring Session
4. I put together a look at 12-factor app-style backing service consumption in Spring, and using Cloud Foundry
5. Check out this talk introducing system administration …

The 12 Factor App Manifesto talks about backing services at length. A backing service is, basically, any networked attached service that your application consumes to do its job. This might be a MongoDB instance, PostgreSQL database, a binary store like Amazon's S3, metrics-gathering services like New Relic, a RabbitMQ or ActiveMQ message queue, a Memcached or Redis-based cache, an FTP service, an email service or indeed anything else. The distinction is not so much what the service is so much as how it's exposed and consumed in an application. To the app, both are attached resources, accessed…

The microservice style of architecture is not so much about building individual services so much as it is making the interactions between services reliable and failure-tolerant. While the focus on these interactions is new, the need for that focus is not. We've long known that services don't operate in a vacuum. Even before cloud economics, we knew that - in a practical world - clients should be designed to be immune to service outages. The cloud makes it easy to think of capacity as ephemeral, fluid. The burden is on the client to manage this intrinsic complexity.

In this post, we'll look at how Spring Cloud helps you manage that complexity with a service registry like Eureka and Consul and client-side…

Note: the source code and test for this blog continue to evolve, but the changes to the text are not being maintained here. Please see the tutorial version for the most up to date content.

In this article we continue our discussion of how to use Spring Security with Angular JS in a "single page application". Here we start by breaking out the "greeting" resource that we are using as the dynamic content in our application into a separate server, first as an unprotected resource, and then protected by an opaque token. This is the third in a series of articles, and you can catch up on the basic building blocks of the application or build it from scratch by reading the first article, or you can just go straight to the source code in Github, which is in two parts: one where the …

Welcome to another installment of This Week in Spring! This week's roundup could've just as easily been titled, This Week in Spring Videos and Webinars, because we've got a lot of them!

1. The good Dr. Dave Syer continues his series introducing Spring Security and Angular.js integration, this time looking at breaking apart the resource server from the authorization server. This post looks
2. Our pal Nicoalas Frankel is back at it! Nicolas lives in both the Vaadin and the Spring communities. So, naturally, when Petter Holmström and I started the Vaadin4Spring project at the beginning of 2014, we weren't surprised when Nicolas started making great contributions. His latest contribution introduces an elegant implementation of the MVP pattern for Vaadin and he's written a very nice introduction to it…

Spring Roo 1.3.1 RC2 Available Now

On behalf on the Spring Roo team at Disid Corp, I am pleased to announce the 1.3.1 RC2 Release Candidate is out.

Spring Roo jar files have been published to Maven Central.

As always, the release is available in the Spring IO repository.

The candidate release fixes the following issues:

• NullPointerException at WarPackaging [ROO-3566]
• NullPointerException when run dbre [ROO-3567]
• Cannot uninstall or update any osgi bundles [ROO-3573]
• NullPointerException when create repository mongodb [ROO-3574]
• Roo commands allows to create two entities with the same name [ROO-3580]
• Focus set on non existing class [ROO-3581]
• Error adding InnerType constructor on ITD Generation [ROO-3583]
• JavaBean implementing Interface defining getters and setters [ROO-3584]
• JavaBean implementing Interface and overriding getter causing null pointer [ROO-3585]

It is recommended that all Spring Roo users upgrade to this version.

For full details on the changes made in the release, please refer to the [Release Notes in Jira]

For more project specific information please see the [Project Page] | [GitHub]

Thanks to the awesome users who came up with useful bug reports and suggestions. This is a candidate release, please try out the updates and provide feedback. As always, you'll also find Roo on Twitter - either follow @SpringRoo or just include #SpringRoo in your tweets.

Our current plan is to go 1.3.1.RELEASE in late january. Stay tuned!

Welcome to another installment of This Week in Spring. We've got a lot to talk about. Our own Pieter Humphrey has been tirelessly working to get the replays of the SpringOne2GX 2014 show available online and there are a slew of them this week! What a win!

• The good Dr. Syer, former lead of Spring Batch, co-lead of Spring Boot, Spring Cloud and Spring Security OAuth, and a rockstar to various Spring projects including Spring itself, over the years, has kicked off a series of posts on very practical matters related to securing Angular.js applications with Spring. The first one, Spring and Angular JS: A Secure Single Page Application, introduces the basics of connecting an Angular.js-based client to a backend API. The second, The Login Page: Angular JS and Spring Security Part II, introduces the login form. Bookmark this series!
• The amazing, sleep-intolerant, Rob Winch has just announced Spring Session 1.0. Spring Session, for those who've not been paying attention, is a drop in proxy API for the standard Servlet HTTP Session API. Install it, and then delegate HTTP session persistence to other backend implementations like Redis. This is ideal for a lot of reasons: if you are using a Java EE application server and want to scale out session replication, you can use an engine that was better designed for it. It's a safe bet that the team behind Cassandra and Redis have thought…

Let's establish some vocabulary, before we begin. When we talk about configuration in Spring, we're usually talking about the inputs into the Spring framework's various ApplicationContext implementations that help the container understand what it is you want done. This might be an XML file to be fed into a ClassPathXmlApplicationContext, or Java classes annotated a certain way to be fed into an AnnotationConfigApplicationContext.

Another type of configuration, as nicely described in the 12-Factor application manifesto, is any of an application's that is likely to vary between deploys (staging…