close

Spring Cloud Security

2.2.5.RELEASE

Spring Cloud Security offers a set of primitives for building secure applications and services with minimum fuss. A declarative model which can be heavily configured externally (or centrally) lends itself to the implementation of large systems of co-operating, remote components, usually with a central indentity management service. It is also extremely easy to use in a service platform like Cloud Foundry. Building on Spring Boot and Spring Security OAuth2 we can quickly create systems that implement common patterns like single sign on, token relay and token exchange.

Features

Spring Cloud Security features:

  • Relay SSO tokens from a front end to a back end service in a Zuul proxy

  • Relay tokens between resource servers

  • An interceptor to make a Feign client behave like OAuth2RestTemplate (fetching tokens etc.)

  • Configure downstream authentication in a Zuul proxy

Getting Started

If your app also has a Spring Cloud Zuul embedded reverse proxy (using @EnableZuulProxy) then you can ask it to forward OAuth2 access tokens downstream to the services it is proxying. Thus the SSO app above can be enhanced simply like this:

@SpringBootApplication
@EnableOAuth2Sso
@EnableZuulProxy
class Application {

}

and it will (in addition to logging the user in and grabbing a token) pass the authentication token downstream to the /proxy/* services. If those services are implemented with @EnableResourceServer then they will get a valid token in the correct header.

Spring Initializr

Quickstart Your Project

Bootstrap your application with Spring Initializr.

Documentation

Each Spring project has its own; it explains in great details how you can use project features and what you can achieve with them.
2.2.5.RELEASE CURRENT GA Reference Doc.
2.2.6.BUILD-SNAPSHOT SNAPSHOT Reference Doc.
Branch Initial Release End of Support End Commercial Support *
2.2.x
 2019-11-26 2020-11-26 2022-03-26

OSS support

Free security updates and bugfixes with support from the Spring community. See VMware Tanzu OSS support policy.

Commercial support

Business support from Spring experts during the OSS timeline, plus extended support after OSS End-Of-Life.
Publicly available releases for critical bugfixes and security issues when requested by customers.

Future release

Generation not yet released, timeline is subject to changes.

About commercial support (*)

This page shows the current state of project releases and does not define the commercial support policy. Please refer to the official support policy for more information.
Learn more about commercial support.