Dive into the latest releases from #Spring https://bit.ly/44v29Lx

The first milestone release of Spring Vault 4.0; and point releases of Spring Boot, Spring Security, Spring Authorization Server, Spring Session, Spring Integration, Spring Modulith, Spring REST Docs, Spring AMQP, Spring for Apache Kafka, Spring for Apache Pulsar and Spring Web Services.

Dive into the latest releases from #Spring https://bit.ly/3EJAUTq

First release candidates of Spring Boot, Spring Data 2025.0.0, Spring Security, Spring Authorization Server, Spring Session, Spring Integration, Spring Modulith & Spring Web Services.

Dive into the latest releases from #Spring https://bit.ly/3Y32ilE

Spring Boot, Spring Security, Spring Authorization Server, Spring for GraphQL, Spring Integration, Spring AMQP, Spring for Apache Kafka and Spring Web Services.

Securing #Vaadin Applications with One-Time Token by @SimonMartinelli

https://martinelli.ch/securing-vaadin-applications-with-one-time-token/

connect2id's Nimbus OAuth2/OIDC SDK is underrated, particularly as a direct dependency!

https://connect2id.com/products/nimbus-oauth-openid-connect-sdk

Many people use it through Spring Security or Pac4j but the lib is relatively easy to use directly (particularly if you know the protocols) and can be used to add OIDC support to Java apps with much less complexity than those Spring or Pac4j authentication frameworks (but at the cost of having to handle some of the Web security yourself, mainly around CSRF)

I just updated a ~10 year old application I started in pre #SpringBoot 1 from v2.7 to the latest 3.2, and I have to say, it was flawless now that with ActiveMQ finally has a Jakarta version out.

Hat tip to the #SpringSecurity team, for once I do find the "new" way here way nicer, well done.

https://github.com/michael-simons/biking2/commit/375794d17d26dab57857339475154fef4e122c51#diff-0fc50569f01085d89698d1197aa9db2a1b9a3190746e2427fc5c4b1cd3ac6350

#SpringSecurity — The Security Filter Chain

https://kasunprageethdissanayake.medium.com/spring-security-the-security-filter-chain-2e399a1cb8e3

I see so many #SpringBoot and #SpringSecurity tutorials store usernames and passwords in a database. Sure, the passwords are appropriately encrypted, but why are folks rolling their own database storage and not being shown how to use OAuth or OpenID and authenticate against a third-party system where they've done this for you?

There's so many more important things to learn than storing usernames/passwords in a database table (integrating with OAuth/OpenID is hard enough!), which folks will unlikely every do in their career.

Make your security policy auditable

https://blog.frankel.ch/security-policy-auditable/

YES! Spring Security 6.1.3 funktioniert wieder. MvcMatcher ist tot, lang lebe der AntMatcher!

Damit ist die Migration von javax auf jakarta endlich abgeschlossen und es kann mit der eigentlichen Implementation weitergehen.

#StickySessions with @ApacheAPISIX - the demo https://blog.frankel.ch/sticky-sessions-apache-apisix/2/

Make your #security #policy auditable https://blog.frankel.ch/security-policy-auditable/