Spring Boot 1.4 includes a major overhaul of testing support and one of these features is test slicing. I'd like to take the opportunity in this blog post to further explain what it is and how you can easily create your own slices.

Test slicing is about segmenting the ApplicationContext that is created for your test. Typically, if you want to test a controller using MockMvc, surely you don't want to bother with the data layer. Instead you'd probably want to mock the service that your controller uses and validate that all the web-related interaction works as expected. This can be summarized in…

Welcome to another installment of This Week in Spring! This week I've been in San Francisco, (where I live and) where I addressed the Silicon Valley Spring User Group. Now it's off to beautiful China to bring some Spring and Pivotal (and, maybe, take a little vacation!)

As usual, we have a lot to get to so let's!

• Spring ninja Greg Turnquist has just announced that Spring Web Services 2.3.1 and 2.4.0 are now available
• Spring Cloud ninja Marcin Grzejszczak just announced that Spring Cloud Camden M1 is now available
• Spring Cloud Data Flow ninja Thomas Risberg just announced that Spring Cloud Data Flow for Mesos 1.0.RC2 is now available
• Marius Bogoevici just announced Spring Cloud Stream Brooklyn M1 is now available. This release is packed full of new features including support for reactive programming
• Spring Cloud Data Flow ninja Eric Bottard just announced …

Greetings Spring community,

Spring Web Services has just released versions 2.3.1.RELEASE and 2.4.0.RELEASE.

2.3.1.RELEASE is a minor patch release.

2.3.1 Release Notes | 2.3.1 Documentation.

2.4.0.RELEASE rebases Spring Web Services to run on Spring Framework 4.2.x & Spring Security 4.0.x, the stable baselines behind Spring 4.3/Spring Security 4.1. At the same time, it remains compatible with Java 7. This version includes changes to the code base making it forward compatible with Spring 4.3 and 5.0, so you are free to move up to whichever version of Spring/Spring Security you wish to use.

2.4.0 Release Notes | 2.4.0 Documentation…

It was brought to our attention that the spring-security-saml sample application contained an XML External Entity (XXE) vulnerability. This meant that a malicious user could view any file that the Spring Application’s process had access to.

The issue was a direct result of OpenSAML Java ParserPool and Decrypter Vulnerable To XML Attacks. The default behavior of the ParserPool implementations is fixed in OpenSAML 2.6.1+ (which Spring Security SAML uses). However, the vulnerability is still possible if users construct their own ParserPool without the proper settings.

Note

We did not consider this a CVE because the exploit was only found in the sample application which is not considered production code. However, we expect that our users may have copied this code to create their own applications. For this reason, we wanted to be transparent and communicate the issue and…

Welcome to another installation of This Week in Spring! This week I'm in NYC (for the NYC Java SIG), Austin and San Francisco (for the Silicon Valley Spring User Group) talking to customers and doing meetups! We've got a lot to cover, as usual, so let's get to it!

• Spinnaker is a continuous delivery platform from Netflix built on Spring Boot. It supports a build-and-bake pipeline and works naturally with Spring Boot and various cloud platforms. It's enjoyed contributions from Microsoft, Google and Pivotal. In this post, Spring ninja Greg Turnquist introduces Spring Cloud Spinnaker 1.0.0.M1. Definitely worth a look!
• this seemed interesting - a code generator that supports Spring-based applications called Sifu
• JAX London just announced their top 20 social influencers for Java. Spring Data lead Oliver Gierke and I made the list…

Greetings Spring community,

I am happy to release the first milestone for Spring Cloud Spinnaker. Spring Cloud Spinnaker bundles up the continuous delivery Spinnaker platform, and provides a 1-click installer to let you install it to any certified Cloud Foundry provider.

At this year’s SpringOne Platform 2016 conference, there were two talks about Spinnaker. If you have early release access and missed them, you can watch right now. Otherwise you can catch them on the SpringDeveloper YouTube Channel once they are published.

If your team/meetup/JUG is interested in hearing more about Spinnaker, check in with me and we can arrange a…

Welcome to another installment of This Week in Spring! Since we last spoke I've presented at conferences and to customers in London, Beijing, Shanghai and Singapore - where I am now. Tomorrow, Wednesday, I'll be speaking at the Singapore Spring Meetup - join me! It's been quite a few days!

• Spring Data ninja Mark Paluch has done another great post looking at Spring Cloud Vault
• Spring Security lead Rob Winch just announced Spring Security 4.1.2
• Spring Integration ninja Artem Bilan just announced Spring for Apache Kafka 1.0.3
• Check out this deck to learn about how Spring Boot is used at PayPal
• I liked my buddy Richard Seroter's review of our SpringOne Platform event a few weeks ago
• I loved Camille Fournier's post on some real-life architecture patterns of microservices and, particularly, her observations on the challenges of …

In my previous post about Managing Secrets with Vault, I introduced you to Vault and how to store arbitrary secrets using the generic secret backend. Vault can manage more than just secret data like API keys, passwords, and other sensitive string-like data. Today we’re taking a look at Vault’s integration with databases, services, and certificates.

Database credentials tend to be static

When it comes to databases, the regular workflow of getting credentials applying for a database is asking some operator or a self-service tool to give you credentials so your application can log into the…

Welcome to another installment of This Week in Spring! This week I'm recovering from a crazy awesome week at SpringOne Platform while visiting customers here in summer-time London.

We've got a lot to cover so let's get to it!

• the IntelliJ IDEA folks have updated their coverage on Spring
• there were several wrapup blogs from last week's SpringOne Platform event, including the two we published on this very blog for day 1

and day 2 and the posts on Pivotal's main blog for day 1, day 2, day 3, and final call

• while we're at the Pivotal blog, those of you wondering about Blockchain on Cloud Foundry might appreciate this post
• SpringOne Platform was filled with excellent keynotes, all of which will be available online already (or soon). Naturally, you have to watch Adrian Cockroft (@adrianco) 's excellent Simplifying the Future keynote: "Let's just do Spring Boot on Cloud Foundry."
• want to know about the future of the leading application server on the JVM, Apache Tomcat, for whose development Pivotal is a large sponsor? Check out this InfoQ interview with Pivotal's own Mark Thomas
• Last week we had the likes of James Governor from Redmonk and Charles Humble from InfoQ taking in the show and talking about it. I liked Charles Humble's coverage of the first day keynote - …