Blog post Authors
Joe Grandja

Joe Grandja

Joe Grandja is a core committer on the Spring Security team. He has been leading the efforts in building the next generation of OAuth2 and OpenID Connect support in Spring Security and Spring Authorization Server.

With over 25 years of industry experience, Joe has been a Solution Architect, a Software Engineer, a Team Lead, and a Consultant. His past experience has been mainly focused in the Financial Services sector in the Toronto, Canada, area. He has designed, built, and delivered enterprise grade banking applications and platforms in the Personal and Commercial and Brokerage and Investing divisions. He has worked closely with the InfoSec teams within banks to ensure security and regulatory compliance.

Recent Blog posts by Joe Grandja

Spring Authorization Server 1.5.0-M1, 1.4.2 and 1.3.5 available now

Releases | February 18, 2025 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.5.0-M1, 1.4.2 and 1.3.5. See the 1.5.0-M1, 1.4.2 and 1.3.5 release notes for complete details. To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration. Project Page | GitHub Issues | Project Board
Read more

Spring Authorization Server 1.4 goes GA

Releases | November 19, 2024 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Authorization Server 1.4. The 1.4 release contains a few noteworthy new features: Simplified configuring authorization server using HttpSecurity.with() (gh-1725) Support for OpenID Connect 1.0 prompt=none parameter (gh-501) Ability to customize validation of OpenID Connect 1.0 RP-Initiated Logout Requests (gh-1723) Ability to customize success handling of OpenID Connect 1.0 RP-Initiated Logout Requests (gh-1244) Added How-to guide demonstrating how to implement the core services with…
Read more

Spring Authorization Server 1.4.0-RC1, 1.3.3 and 1.2.7 available now

Releases | October 23, 2024 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.4.0-RC1, 1.3.3 and 1.2.7. See the 1.4.0-RC1, 1.3.3 and 1.2.7 release notes for complete details. To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration. Project Page | GitHub Issues | Project Board
Read more

Spring Authorization Server 1.4.0-M2 available now

Releases | September 17, 2024 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Authorization Server 1.4.0-M2. See the 1.4.0-M2 release notes for complete details. To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration. Project Page | GitHub Issues | Project Board
Read more

Spring Authorization Server 1.4.0-M1, 1.3.2 and 1.2.6 available now

Releases | August 20, 2024 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.4.0-M1, 1.3.2 and 1.2.6. See the 1.4.0-M1, 1.3.2 and 1.2.6 release notes for complete details. To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration. Project Page | GitHub Issues | Project Board
Read more

Spring Authorization Server 1.3.1 and 1.2.5 available now

Releases | June 19, 2024 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.3.1 and 1.2.5. See the 1.3.1 and 1.2.5 release notes for complete details. To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration. Project Page | GitHub Issues | Project Board
Read more

Spring Authorization Server 1.3 goes GA

Releases | May 22, 2024 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Authorization Server 1.3. The 1.3 release contains a few noteworthy new features: RFC 8705 OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens (gh-101) RFC 8693 OAuth 2.0 Token Exchange (gh-1525) Multitenancy support (gh-1342) -- see the guide How-to: Implement Multitenancy See the 1.3 release notes for complete details. To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become…
Read more

Spring Authorization Server 1.3.0-RC1, 1.2.4 and 1.1.7 available now

Releases | April 16, 2024 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.3.0-RC1, 1.2.4 and 1.1.7. See the 1.3.0-RC1, 1.2.4 and 1.1.7 release notes for complete details. To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration. Project Page | GitHub Issues | Project Board
Read more

Spring Authorization Server 1.2.3, 1.1.6 and 1.0.6 Available Now Including Fixes for CVE-2024-22258

Releases | March 19, 2024 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 1.2.3, 1.1.6 and 1.0.6. The releases address CVE-2024-22258 for PKCE Downgrade in Spring Authorization Server. Tanzu Spring Runtime Commercial customers using Spring Boot 2.7 or 3.0 can make use of the new Spring Boot Hotfix release mechanism, providing versions 2.7.20.2 and 3.0.15.2. Spring Boot Hotfix releases are timely releases that patch dependency management to use the latest Spring artifacts when a CVE fix is released. The hotfix versions released…
Read more

Spring Authorization Server 1.2.2 and 1.1.5 available now

Releases | February 21, 2024 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 1.2.2 and 1.1.5. See the 1.2.2 and 1.1.5 release notes for complete details. To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration. Project Page | GitHub Issues | Project Board
Read more

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all