Ever wondered if you're handling passwords securely in Java? 🤔 I switched to char[] instead of String — it’s mutable, log-safe, and I can wipe it from memory after use. But here's the kicker: Spring Security still expects String in many places. 🔄

Is it worth using char[] despite the framework limits? What’s your go-to strategy for securing passwords in memory?

Full breakdown on my blog: https://manueltechlabs.com/posts/why-i-used-char%5B%5D-for-passwords-in-spring-security-and-what-i-learned/
#Java #SpringSecurity #Cybersecurity #DevCommunity

This #InfoQ article explores a solution for Registering & Authenticating users through a client-side JavaScript application using the #SpringSecurity infrastructure, access and refresh tokens.

🎯 The goal is to explain the process in greater detail through clear and easy-to-follow #FlowDiagrams.

👉 Read it here: https://bit.ly/3DWoKFX

#Java #Spring #InfoQ

🔍 Explore the best of #Java in 2025!

We’ve handpicked our favorite #InfoQ articles to help you master the trends that defined last year and are already shaping 2026. These are the must-reads for every JVM developer:

➡️ Building a RAG Application with Spring Boot, Spring AI, MongoDB Atlas Vector Search, and OpenAI by Matteo Rossi
https://bit.ly/47KRUUX

➡️ Spring Security Configuration with Flow Diagrams by Alexandr Manunin
https://bit.ly/3DWoKFX

➡️ Infusing AI into Your Java applications by Don Bourne, Michal Broz, Laura Cowen, Daniel Oh, Kevin Dubois
https://bit.ly/4oNmLqH

➡️ Spring AI 1.0 Delivers Easy AI Systems and Services by Josh Long
https://bit.ly/4lTYBc3

➡️ Jakarta EE 11 Overview: Virtual Threads, Records, and the Future of Persistence by Otavio Santana
https://bit.ly/46Pj4tX

Stay informed. Stay inspired. And always #StayAhead of the curve! Knowledge is power! 💪

#SpringAI #SpringSecurity #AI #RAG #JakartaEE #SoftwareEngineering

There is also #SpringSecurity integration and #Actuator integration examples on the website. Really interested to hear feedback from #Spring developers.

Wie bleibt #OAuth2 sicher nach dem Login? #XDEV SSE löst das per Auto-Revalidierung statt komplexem Backchannel-Logout – effizient, fail-safe, frontend-ready.

Mehr von Alexander Bierler: https://javapro.io/de/xdev-sse-verbesserung-der-spring-security-fuer-moderne-anwendungen/

@xdevsoftware #OpenSource #Vaadin @vaadin #JAVAPRO #SpringSecurity

Dive into the latest releases from #Spring 👉 https://bit.ly/3K9wRmf

GA releases of Spring Boot, Spring Security, Spring for GraphQL, Spring Integration, Spring Modulith, Spring REST Docs and Spring Batch.

#Java #SpringBoot #SpringSecurity #SpringFramework #ApacheKafka #AMQP #GraphQL

You log users in, but can you log them out—across instances, reliably, after revocation? A #SpringSecurity add-on closes critical gaps in #OAuth2/OIDC session control.

Learn what #XDEV SSE solves: https://javapro.io/2025/07/25/exploring-xdev-sse-enhancing-spring-security-for-modern-applications/

@xdevsoftware #OpenSource #Vaadin

🍃 The next installment of the Road to GA series about a cross-project, collaborative effort on new capabilities for HTTP service clients in #Spring is now live!

https://spring.io/blog/2025/09/23/http-service-client-enhancements

#SpringFramework #SpringBoot #SpringCloud #SpringSecurity

Mehr Sicherheit für verteilte Spring-Anwendungen? #XDEV SSE schützt Sessions über Instanzen hinweg, integriert Frontends wie #Vaadin & liefert Metriken via Actuator. Mehr dazu von Alexander Bierler: https://javapro.io/de/xdev-sse-verbesserung-der-spring-security-fuer-moderne-anwendungen/

#OAuth2 #OpenSource #Vaadin @vaadin #SpringSecurity

Spring Security для начинающих: конспект от аутентификации до JWT

На Хабре уже много статей про Spring Security — от кратких заметок до глубоких разборов. В этой статье я решил собрать всё в формате конспект-мануала, который можно читать как пошаговое введение: от базовой аутентификации и фильтров до JWT и OAuth2. Это материал, собранный по официальной документации и дополненный разъяснениями «на простом языке». Я не работал в больших enterprise-командах, поэтому буду рад комментариям и советам от более опытных коллег. Местами я использовал помощь ChatGPT: он помог структурировать материал и сделать стиль более читабельным, ближе к документации.

https://habr.com/ru/articles/946912/

#java #spring_security #springsecurity

#SpringSecurity works—until you need distributed logout, token checks, & frontend feedback. Read what #XDEV SSE adds & how it simplifies what’s usually hard to implement.

A must-read for security-conscious teams: https://javapro.io/2025/07/25/exploring-xdev-sse-enhancing-spring-security-for-modern-applications/

@xdevsoftware @vaadin #Vaadin #OAuth2

Check out what's new in the #Spring community 👉 https://bit.ly/3JyVeZX

The second milestone releases of Spring Boot, Spring Security, Spring Authorization Server, Spring for GraphQL, Spring Session, Spring Integration, Spring REST Docs, Spring Batch and Spring for Apache Pulsar.

#Java #SpringBoot #SpringSecurity SpringFramework #SpringBatch

#SpringSecurity reicht oft nicht aus – besonders bei #OAuth2 & verteilten Systemen. #XDEV SSE liefert automatische Token-Revalidierung, Frontend-Logout-Handling & Security-Metriken. Wie es funktioniert? Lese #JAVAPRO: https://javapro.io/de/xdev-sse-verbesserung-der-spring-security-fuer-moderne-anwendungen/

#OpenSource #Vaadin @vaadin

Session Handling, OIDC, verteilte Logins: #XDEV SSE erweitert #SpringSecurity um das, was in komplexen Systemen oft fehlt. Alexander Bierler zeigt das #OpenSource-Toolkit – inkl. Revalidierung, Metriken & #Vaadin-Support.

Code & Docs: https://javapro.io/de/xdev-sse-verbesserung-der-spring-security-fuer-moderne-anwendungen/

#OAuth2 @vaadin

Struggling with secure session handling in multi-instance Spring apps? This deep dive shows how #XDEV SSE automates token revalidation, prevents stale sessions, & improves frontend sync.

Read it if #SpringSecurity alone isn’t enough: https://javapro.io/2025/07/25/exploring-xdev-sse-enhancing-spring-security-for-modern-applications/
@xdevsoftware #Vaadin

Session expiry, user revocation, token validation: #SpringSecurity doesn’t cover it all. #XDEV SSE adds practical, production-ready solutions—without complex back-channel workarounds. Secure distributed apps with less code!

Read #JAVAPRO: https://javapro.io/2025/07/25/exploring-xdev-sse-enhancing-spring-security-for-modern-applications/

@xdevsoftware

@xdevsoftware

🔐 We built it because we needed it – now it’s yours!

We often ran into the same challenge: handling OAuth2/OIDC securely and cleanly with #SpringSecurity.

So we created XDEV SSE – a practical extension born out of real-world needs. It simplifies authentication flows, boosts security, and integrates seamlessly with Vaadin.

Check out our latest blog post on XDEV SSE! 🔐 Learn how our extension for #SpringSecurity simplifies OAuth2/OIDC handling, improves security, and integrates seamlessly with #Vaadin.

Dive into the code & discover its features: https://xdev.software/news

#Java #OpenSource

Dive into the latest releases from #Spring 👉 https://bit.ly/44v29Lx

The first milestone release of Spring Vault 4.0; and point releases of Spring Boot, Spring Security, Spring Authorization Server, Spring Session, Spring Integration, Spring Modulith, Spring REST Docs, Spring AMQP, Spring for Apache Kafka, Spring for Apache Pulsar and Spring Web Services.

#Java #SpringBoot #SpringSecurity #SpringModulith #SpringVault

Dive into the latest releases from #Spring 👉 https://bit.ly/3STMS0b

GA releases of Spring Boot, Spring Security, Spring Authorization Server, Spring Session, Spring Integration, Spring for GraphQL, Spring AI and Spring Web Services.

#Java #SpringBoot #SpringSecurity #SpringAI