I'm pleased to announce the first milestone release of Spring Test MVC HtmlUnit. The project’s aim is to provide integration between Spring MVC Test and HtmlUnit. This simplifies performing end to end testing when using HTML based views. Stay tuned to the Spring Blog for a mini blog series introducing this exciting new library. If you can't wait to get your feet wet, refer to the project's Getting Started section on GitHub.

Spring Security 3.2.2 (change log) and 3.1.6 (change log) have been released and are available in Maven Central. Among the highlights, these two releases resolve CVE-2014-0097 which allows a malicious user to impersonate a user with an empty password if ALL of the following hold true: The application is using ActiveDirectoryLdapAuthenticator The directory allows anonymous binds (not recommended) NOTE: This does NOT impact users of LdapAuthenticationProvider or For full details on the releases, please refer to the previously mentioned change logs.

Spring Security 3.2.1 (changelog) and 3.1.5 (changelog) have been released and are now available from Maven Central. Spring Security 3.2.1 brings a number of bug fixes including fixing ordering issues with Java Configuration changes to support Spring LDAP 2.0.1.RELEASE

I'm pleased to announce the release of Spring LDAP 2.0.1. This release can be found in Maven Central and contains a number of bug fixes including a fix to work with Spring Security 3.2. For additional details, please see the changelog.

Introduction Developers often incorrectly use encryption in an attempt to provide authenticity. For example, a RESTful application may mistakenly use an encrypted cookie to embed the current user's identity. The mistake is that encryption can only be used to keep a secret while signing is used to verify authenticity of a message. In this post, I will explain and provide an example of why encryption is not a guarantee of authenticity. If you just want to see code, feel free to skip to the end which has a sample Java application that demonstrates the exploit. Encrypted Cookies (whoops) Assume we…

I'm pleased to announce that Spring LDAP 2.0.0.RELEASE is now available from Maven Central and Bintray. A special thanks to Mattias Arthursson for all the work he put into this release! Refer to the What's new in Spring LDAP 2.0 to find the full details of this release. A list of changes can be found within JIRA's change logs. Highlights include: Spring Data Repository and QueryDSL support is now included in Spring LDAP. Fluent LDAP query support has been added. A custom XML namespace is now provided to simplify configuration of Spring LDAP. Spring LDAP core has been updated with Java…

I am pleased to announce the release of Spring Security 3.2.0.RELEASE. You can view the highlights of this release within the What’s new in Spring Security 3.2 section of the reference. A list of changes since 3.1.x and since the last release can be found within JIRA's change logs. To learn more about Spring Security 3.2, I'd like to encourage you to view the new Spring Security guides and to attend the free Spring Security 3.2 Webniar on January 16th. Please consider helping us spread the word on Twitter, ask questions on Stackoverflow with the spring-security tag and log any issues to the…

Spring Security 3.2.0.RC2 is now available from the SpringSource repository at http://repo.springsource.org. See here for a quick tutorial on resolving these artifacts via Maven. What's new? The release resolves 80+ issues. Most of the issues for this release were fixing bug, adding documentation, and converting our documentation to Asciidoctor. Refer to the recently added What's new in Spring Security 3.2 to find all the highlights of this release. You will notice there are some nice features that have been added that I have not blogged about. Be sure to follow the links to see and links to…

I'm pleased to announce that Spring LDAP 2.0.0.M1 is now available from the SpringSource repository at http://repo.springsource.org. See here for a quick tutorial on resolving these artifacts via Maven. What's New? The release adds lots of new functionality! Some of the highlights can be found below: Spring Data Repository and QueryDSL support is now included in Spring LDAP. Fluent LDAP query support has been added. A custom XML namespace is now provided to simplify configuration of Spring LDAP. Spring LDAP core has been updated with Java 5 features such as generics and varargs. The ODM…