We are please to announce the release of Spring Security 4.0.0.RC2.

We were very keen on doing a GA release, but due to community feedback we decided that another RC was necessary. Ultimately, this release resolved nearly 50 tickets.

A summary of changes can be seen below:

• Support for enforcing Same Origin for WebSocket connections
• Refinements in WebSocket Configuration (SEC-2827 SEC-2833 SEC-2853 )
• More intuitive HTTP Response Headers Configuration (SEC-2846)

Assuming everything goes smoothly, the plan is to do a GA release in approximately two weeks. In the meantime, make sure to try…

Welcome to another installment of This Week in Spring! We've got a lot to cover so let's get to it!

1. Our pal Adam Koblentz (from ZeroTurnaround) put up this great post introducing building a websocket application with Spring Boot and JRebel. Check it out!
2. Check out this replay of Mark Fisher, Dr. Mark Pollack, and Sabby Anandan's webinar introducing Spring XD - A Platform for data at scale and developer productivity
3. A huge part of the Pivotal Data Suite, of course, is Spring XD. Last week I surfaced some of the amazing Spring XD wiki content on the new stream processing supports in Spring XD 1.1. Check out the Wiki page for a more detailed look by Spring XD ninja Ilayaperumal Gopinathan.
4. Spring Cloud co-lead Spencer Gibb has been improving the Spring Cloud Netflix integration. Check out this example demonstrating using RxJava's Observable<T> return-values from Spring MVC. Here are the changes…

Speaker: David Syer

Pivotal Spring Security, Spring Boot and Angular JS all have nice features for making it really easy to produce modern applications, so there is potentially a lot of value in making them work together very smoothly. Things to consider are cookies, headers, native clients, various security vulnerabilities and how modern browser technology can help us to avoid them. In this session we show how nice features of the component frameworks can be integrated simply to provide a pleasant and secure user experience. We start with a very basic single-server implementation and scale it up in stages, splitting out backend resources and authentication to separate services. The final state includes a simple API Gateway on the front end implemented declaratively using Spring Cloud, and using this we are able to neatly sidestep a lot of the problems people encounter securing a javascript front end with a distributed back end.

Tuesday, March 10th, 2015 2:00PM GMT (London GMT)Register

Tuesday, March 10th, 2015 10:00AM PDT (San Francisco GMT-07:00) Register

 

Speaker: Julien Dubois

JHipster focuses on generating a high quality application with a Java back-end using an extensive set of Spring technologies; Spring Boot, Spring Security, Spring Data, Spring MVC (providing a framework for websockets, REST and MVC), etc. an Angular.js front-end and a suite of pre-configured development tools like Yeoman, Maven, Gradle, Grunt, Gulp.js and Bower. JHipster creates a fully configured Spring Boot application with a set of pre-defined screens for user management, monitoring, and logging. The generated Spring Boot application is specifically tailored to make working with Angular.js a smoother experience. Join Julien for a quick-live coding session to build a simple application, and deploy it to Cloud Foundry.

Tuesday, March 17th, 2015 2:00PM GMT (London GMT) Register

Tuesday, March 17th, 2015 10:00AM PDT (San Francisco GMT-07:00) Register

 

Speaker: Scott Deeg

Polymer is the latest web framework out of Google. Designed completely around the emerging Web Components standards, it has the lofty goal of making it easy to build apps based on these low level primitives. Along with Polymer comes a new set of Elements (buttons, dialog boxes and such) based on the ideas of "Material Design". These technologies together make it easy to build responsive, componentized "Single Page" web applications that work for browsers on PCs or mobile devices. But what about the backend, and how do we make these apps secure? In this talk Scott Deeg will take you through an introduction to Polmyer and its related technologies, and then through the build out of a full blown cloud based app with a secure, RESTful backend based on Spring REST, Spring Cloud, and Spring Security and using Thymeleaf for backend rendering jobs. At the end he will show the principles applied in a tool he's currently building. The talk will be mainly code walk through and demo, and assumes familiarity with Java/Spring and JavaScript.

Tuesday, March 24th, 2015 2:00PM GMT (London GMT) Register

Tuesday, March 24th, 2015 10:00AM PDT (San Francisco GMT-07:00) Register

 

Recorded at SpringOne2GX 2014

Speakers: Roy Clarkson, Greg Turnquist

Slides: http://www.slideshare.net/SpringCentral/spring-one2gx-2014widedatameetshypermedia

Spring Data REST bridges the gap between the convenient data access layers provided by Spring Data's repository abstraction and hypermedia-driven REST web services, effectively taking out the boilerplate needed during implementation. This talk will give a quick overview of the project, explain fundamental design decisions and introduce new features of the latest version (namely service documentation and discoverability). We will then look at the Spring-A-Gram sample application (built using Spring Data REST), focusing on the implementation of the frontend bits and pieces.

Learn more about Spring Boot at http://projects.spring.io/spring-boot

Maven's dependency management includes the concept of a bill-of-materials (bom). A bom is a special kind of pom that is used to control the versions of a project's dependencies and provides a central place to define and update those versions.

A number of Spring projects including Spring Framework, Spring Cloud, Spring Boot, and the Spring IO Platform provide boms to make things easier for Maven users. Unfortunately, things haven't been quite so easy if you're using Gradle.

Dependency management in Gradle

Gradle's dependency management uses a ResolutionStrategy to take control of a project's dependency versions. This offers a lot of power and flexibility but doesn't provide a way to reuse the dependency management that's already been declared in a Maven bom. As a result, you have to do so manually. Depending on the bom, this can easily equate to tens of additional lines in your build.gradle…

Recorded at SpringOne2GX 2014.

Speakers: Erdem Gunay, Turkcell - Tim Hobson, Intuit - Zach Lendon, Independent

Slides: http://www.slideshare.net/SpringCentral/spring-one2gx-2014wideerdemgunay-41125935

Core Spring Track

In this Panel session, each of these presenters will have 20 minutes to respond to the question: tell us about your experiences with Spring Boot? Following that is about 30 minutes of moderated panel discussion. Erdem Gunay from Turkcell will present his experience of re-writing a Mobile BaaS originally written with Spring 3.x. He wrote the service from scratch using Boot in one week, integrating spring security, elasticsearch, mongodb, camel, angular.js, for the win: 40x throughput, 100% availability - zero crashes, 3x the users - used on 300k mobile devices. Tim Hobson from Intuit will present his lessons learned from using with Boot - he will take you through what configuration was necessary, what needed to be built, and how the project leveraged Boot to minimize cross-cutting code and configuration, maximize testability, and focus on the application domain. Zach will present a view of Boot from the hospitality industry, where they are using JAX-RS, DropWizard, and Spring Boot to create micro-service applications. He will help you understand which dropwizard-spring integrations work, and which one's don't, what to watch out for, and how to integrate your Spring applications into dropwizard whether you configure your Spring applications with xml, annotations, and/or java config files.

Learn more about Spring Boot at http://projects.spring.io/spring-boot

Recorded at SpringOne2GX 2014.

Speakers: Michael Hunger, Lorenzo Speranzoni - Neo Technology

Slides: http://www.slideshare.net/SpringCentral/artistic-spring-data-neo4j-3x-with-spring-boot-and-van-gogh

This session will show, how easy it is to get started with Spring Data Neo4j using Spring Boot. After a quick introduction of the concepts behind the Neo4j NoSQL graph database and its Spring Data integration library, we will discuss the general approach used in Spring Data Neo4j and highlight the exciting, new features of the new 3.x releases which now works with the most recent Neo4j 2.x versions. During the session we'll demonstrate the development steps of an exciting and unusual application - tracking an famous' artists journey connecting him to the places, paintings, people and other aspects that influenced him. Having this data in a graph allows us to find new insights and conclusions as well as quickly adding different aspects to it. This application will use Spring Boot and Spring Data Neo4j to get started quickly. We import the data, look at it as a graph visualization and then build a web-application using Spring Boot's supporting infrastructure. As a final step we show how evolving this application from being a just Neo4j client application to a REST extension of the Neo4j server requires only a few steps and can leverage Spring Data REST to provide the neccessary endpoints for consumers.

Learn more about Spring Boot at http://projects.spring.io/spring-boot