Hi reader! My name is Daniel Fernández and I am the author of the Thymeleaf template engine as well as several other open source technologies. I recently helped update the Spring Travel sample application and migrate its view layer to Thymeleaf, and the nice folks at SpringSource have given me the opportunity to write Read more…

So What Does It Take to Operate at China Scale? The challenges inherent to building enterprise applications that meet China-scale demand are unparalleled. One exemplary Chinese organization using Spring heavily to solve very unique challenges is the Alibaba group. Alibaba is itself an online auction site, like eBay in the west. The Alibaba group in Read more…

Last week I announced the release of Spring Security 3.2 M1 that contains improved Servlet 3 support. In this post, I will introduce some of the more exciting features found in the 3.2 M1 release. Specifically, we will take a look at the following new Spring Security features: Concurrency Support Servlet 3 API Integration Servlet Read more…

Introduction The Grails Framework provides a lot of tools and techniques to web application developers to simplify solving common application development challenges. Among those are a number of things which simplify the complicated and tedious problems often associated with data binding. In general, data binding is made very simple by Grails as it offers several Read more…

In this short article we look at Cross Site Request Forgery in the context of OAuth2, looking at possible attacks and how they can be countered when OAuth2 is being used to protect web resources. OAuth2 is a protocol enabling a Client application, often a web application, to act on behalf of a User, but Read more…

In a previous article, Behind the Spring Security Namespace, I talked about how the Spring Security namespace has been very successful in providing a simple alternative to plain Spring bean configuration, but how there is still a steep learning curve when you want to start customizing its behaviour. Behind the XML elements and attributes, various Read more…

Spring Security is a powerful library for securing your applications that comes with a bewildering number of options. Based on Spring, it can be readily integrated into a Grails application. But why not save the hassle and use the new improved Grails plugin? The plugin has gone through several evolutionary stages that started with the Read more…

Spring Security is well-known for being highly customizable, so for my first attempt at working with Google App Engine, I decided to create a simple application which would explore the use of GAE features by implementing some core Spring Security interfaces. In this article we'll see how to: Authenticate using Google Accounts. Implement "on-demand" authentication Read more…

SpringSource dm Server 2.0.1 is released today. The release fixes a few minor bugs and one security issue. The Admin Console's version of dojo is upgraded from 1.3.2 to 1.3.3 to prevent an open redirect attack. The release also includes the final Reference Implementation of the OSGi Web Container. The OSGi Web Container specification was Read more…

With the introduction of the security schema in Spring Security 2, it became much easier to get a simple secured application up and running. In older versions, users had to declare and wire-up all the implementation beans individually, resulting in large and complicated Spring application context files which were difficult to understand and maintain. There Read more…