Joe Grandja is a core committer on the Spring Security team. He has been leading the efforts in building the next generation of OAuth2 and OpenID Connect support in Spring Security and Spring Authorization Server.
With over 25 years of industry experience, Joe has been a Solution Architect, a Software Engineer, a Team Lead, and a Consultant. His past experience has been mainly focused in the Financial Services sector in the Toronto, Canada, area. He has designed, built, and delivered enterprise grade banking applications and platforms in the Personal and Commercial and Brokerage and Investing divisions. He has worked closely with the InfoSec teams within banks to ensure security and regulatory compliance.
On behalf of the community, it is my pleasure to announce the general availability of Spring Security 5.1. This release closes off 50+ tickets.
Please check out the What’s New in Spring Security 5.1.
As always, we look forward to hearing your feedback!
I’m pleased to announce the releases of Spring Security OAuth 2.3.3, 2.2.2, 2.1.2 and 2.0.15. These maintenance releases primarily deliver bug fixes.
For a complete list of changes, please refer to:
2018-05-09 Update: The releases address a vulnerability. Please see this blog post published after the associated Spring Boot 1.5.13 release.
Project Page | GitHub | Documentation | Help
On behalf of the community, I’m pleased to announce the release of Spring Security OAuth 2.3.2.RELEASE.
This release resolves a runtime incompatibility issue with RedisTokenStore and Spring Data Redis 2.0.x. See #1319 and #1335. This release also includes a few minor enhancements and bug fixes.
Project Page | GitHub | Documentation | Help
On behalf of the community, I’m pleased to announce the release of Spring Security OAuth 2.3.0.RELEASE.
The 2.3.0 release adds new support for Elliptic Curve signature verification in JwkTokenStore. Thank you Michael Duergner for this contribution! This release also includes a few minor enhancements and bug fixes.
Project Page | GitHub | Documentation | Help
I’m pleased to announce the release of Spring Security OAuth Boot 2 Auto-config 2.0.0.
This project is intended to be used to help users transition between the old Spring Security OAuth 2.x support and the Next Generation OAuth 2.0 Support in Spring Security 5. It provides users of Spring Security OAuth 2.x the same auto-configuration capabilities in a Spring Boot 2.0 based application that is currently available in Spring Boot 1.5.x. For more details please refer to the documentation.
On behalf of the community, I’m pleased to announce the release of Spring Security OAuth 2.3.0.RC1.
The 2.3.0.RC1 release adds new support for Elliptic Curve signature verification in JwkTokenStore. This release also includes a few minor enhancements and bug fixes.
Project Page | GitHub | Documentation | Help
Note
See the latest announcements on Announcing the Spring Authorization Server and Spring Security OAuth 2.0 Roadmap Update
The current state of OAuth 2.0 Support, within the Spring projects portfolio, is spread out between Spring Security OAuth, Spring Cloud Security, Spring Boot 1.5.x, and the new support introduced in Spring Security 5. As a user of OAuth, you may be asking, "Which project(s) do I use? And why has Spring Security 5 introduced new support into the mix?"
To put it simply, there was a need to unify the OAuth 2.0 support into one project in order to provide a…
On behalf of the community, I’m pleased to announce the release of Spring Security OAuth 2.2.1.RELEASE.
The 2.2.1.RELEASE is a maintenance release that includes bug fixes and minor improvements.
Project Page | GitHub | Documentation | Help
On behalf of the community, I’m pleased to announce the release of Spring Security OAuth 2.2.0.RELEASE.
The 2.2.0.RELEASE includes the following new features:
JwtClaimsSetVerifier that provides the capability of verifying the claim(s) contained in a JWT Claims Set.
IssuerClaimVerifier that verifies the Issuer (iss) claim contained in the JWT Claims Set.
DelegatingJwtClaimsSetVerifier that simply delegates claims verification to it’s internal list of JwtClaimsSetVerifier(s).
ProviderDiscoveryClient that is capable of discovering provider configuration information as defined by the OpenID Connect Discovery 1.0 specification.
JwkTokenStore now supports multiple JWK Set URL’s.
The ability to supply a custom AccessTokenConverter to JwkTokenStore.
VMware offers training and certification to turbo-charge your progress.
Learn moreTanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreCheck out all the upcoming events in the Spring community.
View all