Maven : Spring 4 + Spring Security - spring

Can you explain to me how to properly build a web app with Spring? I know that the latest version of Spring framework is 4.0.0.RELEASE, but the latest version of Spring Security is 3.2.0.RELEASE, and it depends on spring 3.2.6... maybe i'm wrong :)
How can I integrate it with Maven?
Can I use Spring 4 or must I use the previous version?
What is the proper way?
If it`s not hard for you could you show me you pom.xml?

You should be fine using Spring 4. As described in the documentation:
"Spring Security builds against Spring Framework 3.2.6.RELEASE, but is also tested against Spring Framework 4.0.0.RELEASE. This means you can use Spring Security 3.2.0.RELEASE with Spring Framework 4.0.0.RELEASE."
They go on to describe strategies for integrating Spring 4 with Spring Security in your project. Like this one:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>4.0.0.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>

Related

Spring Boot 1.5.9 - Jaxb2Marshaller

Trying to learn Spring Boot. Taking existing Spring application and rebuilding it in a new boot project. One of my clasess relies upon a dependency org.springframework -> spring-oxm which is for the Jaxb2Marshaller.
In my Spring Boot project when I add this dependency
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-oxm</artifactId>
<version>3.2.2.RELEASE</version>
</dependency>
When I add the above to my POM it never pulls the jar in so I cannot import the Jaxb2Marshaller. I believe Spring Boot logic is keeping this from being pulled in because of the version. I tried other versions, but no luck. What is the proper way to pull in this spring dependency with the right version?

Spring Boot 2 and ResourceServerProperties

We have Spring Boot Application(version 1.5.8). We tried to check if it's compatible with upcoming Spring Boot 2 release (currently it's M5).
And two classes are missing in spring-boot-autoconfigure dependency(UserInfoTokenServices and ResourceServerProperties).
Are there any replacements of them?
Thanks
Try it this. it's helped me with Oauth2 after migration to SpringBoot 2.
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.0.RELEASE</version>
</dependency>
Quoting Spring Boot 2.0.0.M5 release notes
Functionality from the Spring Security OAuth project is being migrated
to core Spring Security. OAuth 2.0 client support has already been
added and additional features will be migrated in due course.
If you depend on Spring Security OAuth features that have not yet been
migrated you will need to add
org.springframework.security.oauth:spring-security-oauth2 and
configure things manually. If you only need OAuth 2.0 client support
you can use the auto-configuration provided by Spring Boot 2.0. We’re
also continuing to support Spring Boot 1.5 so older applications can
continue to use that until an upgrade path is provided.
I think you have to define oauth2 dep, like
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>

Combining a spring REST Service with a JSF Page

ive tried the spring REST tutorial and i also got a simple JSF application (running on glassfish), both projects are maven based and i would like to "combine" them.
Meaning, putting the REST project jar into the JSF project.
Does that make sense?
The JSF page should send a request to the microservice REST project when it starts and display the result.
the REST project uses spring-boot and therefore tomcat.
this pom.xml is supposed to use glassfish instead of tomcat, at least thats what the author tells on a spring blog.
Theres a part in it:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
That says to "exclude" tomcat - which is fine, but how does maven or spring know to use glassfish instead?
Is there maybe a better way to combine these two projects?
I would like to keep the projects seperate because of the dependencys in the pom.xml.
Answer #1 in this question solves the confusion:
Using JSF as view technology of Spring MVC
spring mvc and jsf are rivals.

Which one should I use among spring boot, spring BOM and spring IO?

I tried to read documents regarding Spring BOM, Spring Boot and Spring IO. But there is no clarification on, how we should use them together or not?
In my project, we already have our own Parent POM, So I can’t use as parent them but all they have alternative way to use, Like below by defining dependency management
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>${org.springframework-version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<!-- Import dependency management from Spring Boot -->
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>1.2.5.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
Spring BOM, Spring Boot and Spring IO resolve version required for you
So what is exactly difference between them? Which one should I prefer? And in Which condition?
The Spring Framework bom provides dependency management for all of Spring Framework's modules. The Spring Boot bom is a superset of this. In addition to providing dependency management for Spring Framework, it also provides dependency management for Spring Boot's modules, a number of other Spring projects, and various third-party dependencies which Spring Boot supports. The Spring IO Platform bom is, in turn, a superset of the Spring Boot bom. The main change is that it adds dependency management for all of the Spring projects' dependencies.
If you're not using Spring Boot, or if you want to use your own dependency management, then you may want to use the Spring Framework bom . If you're using Spring Boot, or you want some help with dependency management, then you should choose between using Spring Boot's bom or the Spring IO Platform bom. The main choice here is how close to the leading edge you want to be. If you favour being up-to-date then use the Spring Boot bom. If your project is more conservative and backwards compatibility is of paramount importance, then you should consider using the Spring IO platform bom.

Spring framework compatibility between various projects

I am learning Spring framework and while trying "various" sub-projects within this, I got this doubt.
Spring framework has "core spring" at the heart of it. Now, as the project grows, e.g. trying other features like: spring-mvc, spring-web flow , spring security etc. Are all those sub-projects part of same release. For example, if I look for spring 4.0.2 release, would all these sub-projects be included in this? (hence release for various sub-project with same number: 4.0.2).
If this is not correct, then how do we ensure to chose the compatible sub-projects?
Thanks
spring-mvc is part of the spring framework, the others are separate projects following their own versioning. In general there is a minimum version for the projects and most work fine with newer versions.
If you want to be sure use the Spring IO Platform to manage your dependencies.
In your pom add
<dependencyManagement>
<dependencies>
<dependency>
<groupId>io.spring.platform</groupId>
<artifactId>platform-bom</artifactId>
<version>1.1.0.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
Then you can simply add the dependencies (without version) to your dependencies section
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
</dependencies>
For a list of managed dependencies (and version) check Appendix A of the reference guide.
Spring framework has "core spring" at the heart of it. Now, as the
project grows, e.g. trying other features like: spring-mvc, spring-web
flow , spring security etc. Are all those sub-projects part of same
release
spring-mvc and spring-web are both individual artifacts that you'll find within a single Spring release. They are versioned together, and you should always use the same version for all of them in any given project.
spring-security, however, is a completely different beast. It sits on top of Spring, but it's versioned completely separately. You need to make sure that the version of Spring Security you use is combined with a compatible version of Spring.

Resources