Joe Grandja
Joe Grandja is a core committer on the Spring Security team. He has been leading the efforts in building the next generation of OAuth2 and OpenID Connect support in Spring Security and Spring Authorization Server.
With over 25 years of industry experience, Joe has been a Solution Architect, a Software Engineer, a Team Lead, and a Consultant. His past experience has been mainly focused in the Financial Services sector in the Toronto, Canada, area. He has designed, built, and delivered enterprise grade banking applications and platforms in the Personal and Commercial and Brokerage and Investing divisions. He has worked closely with the InfoSec teams within banks to ensure security and regulatory compliance.
Blog posts by Joe Grandja
Spring Authorization Server moving to Spring Security 7.0
Spring Authorization Server has come a long way since 1.0 was officially released in November 2022.
Starting as a project separate from Spring Security, has allowed it to iterate quickly on feature development and ultimately grow a rich feature set for building OAuth2 Authorization Servers.
It has reached that point of maturity and stability and we believe the time is now to move it to Spring Security 7.0.
The main benefit this will provide our users is a streamlined developer experience. Whether you are working with OAuth2 Client or OAuth2 Authorization Server, you won’t need to switch between projects any longer as the source, javadoc and reference documentation will live in Spring Security. Furthermore, issues and pull requests will be solely managed…
Spring Authorization Server 1.5.2 and 1.4.5 available now
On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.5.2 and 1.4.5.
See the 1.5.2 and 1.4.5 release notes for complete details.
To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.
Spring Authorization Server 1.5.1, 1.4.4 and 1.3.7 available now
On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.5.1, 1.4.4 and 1.3.7.
See the 1.5.1, 1.4.4 and 1.3.7 release notes for complete details.
To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.
Spring Authorization Server 1.5 goes GA
On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Authorization Server 1.5.
The 1.5 release contains a few noteworthy new features:
- Add support for OAuth 2.0 Pushed Authorization Requests (PAR) (gh-1925)
- Support OAuth 2.0 Demonstrating Proof of Possession (DPoP) (gh-1813)
- Support POST for authorization code request flow (gh-1874)
To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.
Spring Authorization Server 1.5.0-RC1, 1.4.3 and 1.3.6 available now
On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.5.0-RC1, 1.4.3 and 1.3.6.
See the 1.5.0-RC1, 1.4.3 and 1.3.6 release notes for complete details.
To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.
Spring Security 5.7.17, 5.8.19, 6.0.17, 6.1.15, 6.2.11, 6.3.9, 6.4.5 Released, includes fix for CVE-2025-22234
On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 5.7.17, 5.8.19, 6.0.17, 6.1.15, 6.2.11, 6.3.9, and 6.4.5 are available now which fix CVE-2025-22234.
Please refer to the releases page for more details.
Commercial customers using Spring Boot 2.7, 3.0, 3.1, or 3.2 will be able to update to Spring Boot 2.7.24.2, 3.0.19.2, 3.1.15.2, or 3.2.13.2 respectively to receive the corresponding Security releases 5.7.17, 6.0.17, 6.1.15, and 6.2.11. These Security versions are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription…
Spring Authorization Server 1.5.0-M2 available now
On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Authorization Server 1.5.0-M2.
See the 1.5.0-M2 release notes for complete details.
To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.
Spring Authorization Server 1.5.0-M1, 1.4.2 and 1.3.5 available now
On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.5.0-M1, 1.4.2 and 1.3.5.
See the 1.5.0-M1, 1.4.2 and 1.3.5 release notes for complete details.
To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.
Spring Authorization Server 1.4 goes GA
On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Authorization Server 1.4.
The 1.4 release contains a few noteworthy new features:
- Simplified configuring authorization server using
HttpSecurity.with()(gh-1725) - Support for OpenID Connect 1.0
prompt=noneparameter (gh-501) - Ability to customize validation of OpenID Connect 1.0 RP-Initiated Logout Requests (gh-1723)
- Ability to customize success handling of OpenID Connect 1.0 RP-Initiated Logout Requests (gh-1244)
- Added How-to guide demonstrating how to implement the core services with Redis …
Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreGet support
Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all