Speakers: Oliver Gierke and Thomas Darimont

The repository abstraction layer is one of the core pieces of the Spring Data projects. It provides a consistent, interface-based programming model to allow implementing data access layers easily for relational and NoSQL databases. We will have a look at the lessons learned from the application of it in various customer projects and summarize best practices for you to apply in your projects. The session will also discuss advanced features like the Querydsl integration, the integration of custom implementation code as well as hooks into Spring MVC and Spring HATEOAS.

Tuesday, February 18, 2014 3:00pm GMT Time (London GMT) Register

Tuesday, February 18, 2014 10:00am PST (San Francisco, GMT-08:00) Register

Introduction

Developers often incorrectly use encryption in an attempt to provide authenticity. For example, a RESTful application may mistakenly use an encrypted cookie to embed the current user's identity.

The mistake is that encryption can only be used to keep a secret while signing is used to verify authenticity of a message. In this post, I will explain and provide an example of why encryption is not a guarantee of authenticity.

If you just want to see code, feel free to skip to the end which has a sample Java application that demonstrates the exploit.

Encrypted Cookies (whoops)

Assume we…

Welcome back to another installment of This Week in Spring!

As usual, we've got a lot to cover, so let's dive right into it!

By the way, due to overwhelming demand, we're going to repeat the webinar introducing Spring 4 with Juergen Hoeller on January 23rd. Watch this space for when we open up registration. The expected times are:

Thursday, January 23, 2014 - 3:00pm GMT Time (London GMT)

• closed as of Jan 20th
  

Thursday, January 23, 2014 - 10:00am PST (San Francisco, GMT-08:00)

• registration open

1. The replay of Ben Hale's talk on RESTful API evolution from SpringOne2GX 2013 is now available online
2. Spring and Groovy/Grails Tool Suite lead Martin Lippert just refreshed the most popular article ever written on JavaLobby, Spring IDE and the Spring Tool Suite - Using Spring in Eclipse. Check it out!
3. Spring XD lead Dr. Mark Pollack has just announced that Spring XD 1.0.0.M5 is now available
4. Oliver Gierke's talk from SpringOne2GX "Spring RESTBucks: a Hypermedia Driven REST webservice" is now available online.
5. Following the crazy success of the Spring 4 webinar on the 9th, Spring project lead Juergen Hoeller has just written a blog detailing the next steps for the framework, including Spring 4.1 and Spring 3.2.7.
6. Have you tried the crazy cool shell built into Spring Boot? It's powered by CRaSH, which you can learn more about in this video
7. The replay from Gunnar Hillert and Michael Minella's talk from SpringOne2GX 2013, Integrating Spring Batch and Spring Integration, is now available online.
8. Matt Stine webinar, Spring with Immutability, is now available online.
9. Rob Winch just announced that Spring LDAP 2.0.0 is now available online!
10. Our pal Eugen Paraschiv is back at it again, this time with a post on Spring's HttpMessageConverters.
11. Jakub Kubrynski has a nice post on integration testing Spring Integration and Spring 4
12. Gary Russell has just announced that Spring AMQP 1.3.0.M1 and 1.2.1 RELEASE are now available. The new release is very meaty, so if you're using it, I strongly suggest upgrading!
13. Sproogle 0.3.0, which is an integration with Spring and parts of the Google stack (that don't so far as I can tell include the OAuth pieces that Spring Social Google takes care of), is now available.
14. On the GoPivotal blog, Steve Greenberg has a nice post on how to add a service to your Cloud Foundry architecture using Spring. Nice! I've been waiting for something like this for a long time!
15. Our pals on the Vaadin team are doing a webinar on Spring and Vaadin integration best-practices on January 30th, 2014. Check it out!
16. A little late, but RestHub, which integrates a full Spring-powered REST and web application stack, has just released RESTHub 2.1.4. Check it out!
17. Rest Assured, which provides an alternative testing API for REST services, has just released a new version that supports Spring MVC.
18. New Relic has just announced dedicated Grails support.
19. Zan Thrash did a nice talk on InfoQ about using Node.js ecosystem tools for client-side development along with Grails. The talk has very little to do with Grails, actually, and could as easily be applied to Java and Spring MVC development. These tools are front-and-center for many different types of web application developers, and this talk is a good primer.

The Spring XD team is pleased to announce that Spring XD 1.0.0 Milestone 5 is now available for download.

Spring XD makes it easy to solve common big data problems such as data ingestion and export, real-time analytics, and batch workflow orchestration. This release includes several notable new features:

• Pre-defined batch jobs for JDBC to HDFS
• Many additional job shell commands for controlling and reporting on batch jobs.
• Hadoop Dataset Avro sink that uses the Kite SDK
• HDFS sink now supports codecs (gzip, snappy, bzip2, lzo) and fine-grained control over file naming
• JMS source module now support Topics in addition to Queues
• Improved support for use of Gemfire Locators
• Aggregator module for batching that also supports a backing message store for checkpointing the event stream to memory, Redis, or a relational database.
• Support for separate control and data transport protocols
• XD servers are now built on top of …

Welcome back to another installment of This Week in Spring! Things are starting to ramp up considerably here on the Spring team. This week, on the 9th, we have the very anticipated Spring 4 release webinar Registration has been crazy! I'll be there, watching and helping to MC. I hope you'll be there too!

Also, if you're in the Bay Area, I'll be speaking at the Oakland JUG on January 22nd for a few hours in an evening we're calling Have You Seen Spring Lately?. We'll look at the epic last year's worth of awesome, including the release of Spring 4, Spring Boot and Spring XD. I hope you'll join us there, too! Bring questions!

1. On Jan 16th, 2014, our Spring Security lead Rob Winch will introduce the Spring Security 3.2 release and talk about it's support for Java Configuration, CSRF Protection, Security Related HTTP response headers, optional Spring MVC integration, and of course, Spring Framework 4.0.
2. Patrick Grimard has put together a nice post on using Spring Security 3.2.0's CSRF protection with a Backbone (or, really, any client-facing application). There is, as Spring Security Rob Winch points out, a simpler still way to achieve this.
3. Feburary is Security month! We've just released a SpringOne2GX 2013 Replay: Data Modelling and Identity Management with OAuth2, with Dr. David Syer..
4. On the REST front, also just released another SpringOne2GX 2013 Replay: Spring RESTBucks - A hypermedia-driven REST webservice, with Oliver Gierke.
5. Roy Clarkson put together a great post on how to use WebJars, which lets you manage client-side dependencies like JavaScript using traditional JVM-based build-management tools like Gradle and Maven, along with Spring Boot.
6. This post - about application instrumentation for logging, is a little old, but I thought it worth mention because it's generally pretty insightful and it demonstrates its concepts in terms of not only the canonical Spring Pet Clinic application, but also the Node.js Node Cellar, and the .NET Music Store. Not bad!
7. Our pal Petri Kainulainen is back! He's written a nice post on how to use the JOOQ typesafe query API with Spring
8. This post has so very little to do with Spring, but it does have to do with GemFire XD (our in-memory, distributed data-store that can work in-memory or with HDFS) and a bit of clever Python tinkering to access GemFire XD from Python.
9. Did you see this epic post on running a Spring Boot-powered web service on a Raspberry Pi?
10. Ned Lowe's put together a nice post on migrating from Spring MVC 2.0-style MVC applications to the annotation-centric approach available since Spring MVC 2.5.
11. Thys Michels has put together a nice post on JUnit testing Spring MVC services.
12. And thanks to the Learning Spring blog for the friendly reminder that Spring applications expose a lot of valuable logging for your exploitation if you simply modify the right configuration files.
13. Tomas Zezula put together a nice post on Spring's @Primary annotation, which lets you disambiguate the choice for which dependency to use from among many possible dependencies.

Welcome to 2014! 2013 was an exciting year for Spring, and we look forward to another great year. We have focused on client-side development in a few recent posts, including that we have published several new client-side getting started guides. In a previous post, I also reviewed how easy it is to serve static web content with Spring Boot.

In this post I will continue the discussion about client-side development with Spring Boot as we explore another built-in capability. My previous post included the following excerpt from the source code for WebMvcAutoConfiguration which illustrates how static resources are automatically added to a Spring MVC ResourceHandlerRegistry…

Happy New Year! Welcome back to this year's final installment of This Week in Spring!

We'll do some of the news, as usual, and then I'll take a look back over the last year in news surrounding Spring, of which there's been much indeed!

1. Matt Raible, who we know has also been looking at Spring Boot, just wrote up our just-released Spring 4 for InfoQ. Definitely worth a read if you have the time!

• Xavier Padró has a nice post on retrying web service operations with RequestHandlerRetryAdvice.
• There's a great discussion on Stack Overflow on Spring's CrudRepository vs. the more JPA-specific JpaRepository with an awesome answer by Spring Data lead Oliver Gierke
• Ken Blair has put together a nice introduction to doing bean mapping using the Orika bean-mapping framework alongside Spring
• Groovy ninja Guillaume LaForge has started putting together a nice roundup of all the latest happenings in the Groovy community, and I'd just like to invite readers of …

Happy holidays! Hopefully with the holiday season comes some time off, and a chance to relax and more fully catch up on fun stuff you missed during a busy year. Readers of this column will know there are many channels for developers learning about Spring, and studying the field of technologies that Spring supports. Don't forget about our SpringSource YouTube page, Twitter account, our 15-30 minute "Getting Started" guides, the blog, and of course our Facebook and Google+ pages. I personally want to go back and watch as many SpringOne2GX talks on the YouTube channel as I can.

1. Remeber JHipster? Julien Dubois's Yeoman-powered code generator for Spring applications? Well, 0.0.6 has been released and it has no required Spring XML (and Java EE's web.xml's the last one!) and provides code-generation support for services.
…

We made a few announcements recently about the Spring getting started guides, including that the catalog of guides have been migrated to Asciidoctor. We also added several new client-side guides illustrating how to connect to Spring services from a variety of client technologies.

In this post I want to highlight an interesting capability of Spring Boot; within many of the client-side guides we utilized Spring Boot to stand up a Tomcat instance and serve static content. In these guides we are demonstrating JavaScript client code, not Java or Groovy! If you are already familiar with Boot, then…