Blog post Authors
Joe Grandja

Joe Grandja

Joe Grandja is a core committer on the Spring Security team. He has been leading the efforts in building the next generation of OAuth2 and OpenID Connect support in Spring Security and Spring Authorization Server.

With over 25 years of industry experience, Joe has been a Solution Architect, a Software Engineer, a Team Lead, and a Consultant. His past experience has been mainly focused in the Financial Services sector in the Toronto, Canada, area. He has designed, built, and delivered enterprise grade banking applications and platforms in the Personal and Commercial and Brokerage and Investing divisions. He has worked closely with the InfoSec teams within banks to ensure security and regulatory compliance.

Recent Blog posts by Joe Grandja

Spring Authorization Server 1.5.0-RC1, 1.4.3 and 1.3.6 available now

Releases | April 23, 2025 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.5.0-RC1, 1.4.3 and 1.3.6. See the 1.5.0-RC1, 1.4.3 and 1.3.6 release notes for complete details. To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration. Project Page | GitHub Issues | Project Board
Read more

Spring Security 5.7.17, 5.8.19, 6.0.17, 6.1.15, 6.2.11, 6.3.9, 6.4.5 Released, includes fix for CVE-2025-22234

Releases | April 22, 2025 | ...
On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 5.7.17, 5.8.19, 6.0.17, 6.1.15, 6.2.11, 6.3.9, and 6.4.5 are available now which fix CVE-2025-22234. Please refer to the releases page for more details. Commercial customers using Spring Boot 2.7, 3.0, 3.1, or 3.2 will be able to update to Spring Boot 2.7.24.2, 3.0.19.2, 3.1.15.2, or 3.2.13.2 respectively to receive the corresponding Security releases 5.7.17, 6.0.17, 6.1.15, and 6.2.11. These Security versions are available now on the Spring commercial artifact repository and can be accessed…
Read more

Spring Authorization Server 1.5.0-M2 available now

Releases | March 18, 2025 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Authorization Server 1.5.0-M2. See the 1.5.0-M2 release notes for complete details. To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration. Project Page | GitHub Issues | Project Board
Read more

Spring Authorization Server 1.5.0-M1, 1.4.2 and 1.3.5 available now

Releases | February 18, 2025 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.5.0-M1, 1.4.2 and 1.3.5. See the 1.5.0-M1, 1.4.2 and 1.3.5 release notes for complete details. To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration. Project Page | GitHub Issues | Project Board
Read more

Spring Authorization Server 1.4 goes GA

Releases | November 19, 2024 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Authorization Server 1.4. The 1.4 release contains a few noteworthy new features: Simplified configuring authorization server using HttpSecurity.with() (gh-1725) Support for OpenID Connect 1.0 prompt=none parameter (gh-501) Ability to customize validation of OpenID Connect 1.0 RP-Initiated Logout Requests (gh-1723) Ability to customize success handling of OpenID Connect 1.0 RP-Initiated Logout Requests (gh-1244) Added How-to guide demonstrating how to implement the core services with…
Read more

Spring Authorization Server 1.4.0-RC1, 1.3.3 and 1.2.7 available now

Releases | October 23, 2024 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.4.0-RC1, 1.3.3 and 1.2.7. See the 1.4.0-RC1, 1.3.3 and 1.2.7 release notes for complete details. To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration. Project Page | GitHub Issues | Project Board
Read more

Spring Authorization Server 1.4.0-M2 available now

Releases | September 17, 2024 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Authorization Server 1.4.0-M2. See the 1.4.0-M2 release notes for complete details. To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration. Project Page | GitHub Issues | Project Board
Read more

Spring Authorization Server 1.4.0-M1, 1.3.2 and 1.2.6 available now

Releases | August 20, 2024 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.4.0-M1, 1.3.2 and 1.2.6. See the 1.4.0-M1, 1.3.2 and 1.2.6 release notes for complete details. To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration. Project Page | GitHub Issues | Project Board
Read more

Spring Authorization Server 1.3.1 and 1.2.5 available now

Releases | June 19, 2024 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.3.1 and 1.2.5. See the 1.3.1 and 1.2.5 release notes for complete details. To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration. Project Page | GitHub Issues | Project Board
Read more

Spring Authorization Server 1.3 goes GA

Releases | May 22, 2024 | ...
On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Authorization Server 1.3. The 1.3 release contains a few noteworthy new features: RFC 8705 OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens (gh-101) RFC 8693 OAuth 2.0 Token Exchange (gh-1525) Multitenancy support (gh-1342) -- see the guide How-to: Implement Multitenancy See the 1.3 release notes for complete details. To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become…
Read more

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all