Big, big news, people: The Stormpath Java SDK has left release candidates behind and is now at 1.0!

The goal for any Stormpath SDK has always been to make it super easy for developers to work with Stormpath using the latest in technologies and integrations. With the 1.0 release of our Java SDK, it’s a snap to integrate Stormpath’s Identity Management platform into your application. Little to no additional coding is required. It’s easier than ever to use popular frontend technologies (such as ReactJS and Angular) along with the Stormpath Java integrations (such as Servlet and Spring Boot).

We’ve added a ton of new features to the Java SDK, including the servlet integration and integrations for Spring, Spring Security, and Spring Boot (see the laundry list at the end).

One of the most important new features in this release is compliance with the Stormpath Framework Specification. Spec compliance guarantees that all our SDKs work the same way, and gives you the ability to create SPAs (Single Page Applications) using any of our client-side integrations, like Angular, with any of our Java integrations.

With the 1.0 release, we pack lots of features into the Java SDK and integrations, provide examples and tutorials right in the github repo, and make it nearly code-less to integrate Stormpath with modern frameworks like Angular and Spring Security.

But, don’t just take our word for it. Here’s an easy Angular SPA example.

Angular + Spring Boot

To demonstrate the new SPA capability, I copied the client folder from an Angular + Express + Stormpath example into a basic Spring Boot + Stormpath example. The result is a basic Angular + Spring Boot + Stormpath example application.

There’s a single Spring controller that simply forwards back to the angular app for the auth endpoints (like /login and /register). Using simple properties configuration, we delegate responsibility for the HTML views to the angular app and responsibility for the JSON models (GET) and form submissions (POST) to the Spring Boot app.

Here’s the entire login.html file from the Angular app in the example:

So, how do we get from that to this?


The sp-login-form makes use of the Stormpath Angular SDK. It retrieves the login model, which is served by the Spring Boot app.

You can see this in action using the httpie command line http client:

http localhost:8080/login


The Angular app uses this login model to render the login view, including the Facebook button. When you submit the login form, it makes a POST to the /login endpoint, which again is handled by the Spring Boot app. Easy peasy!

The Full Java SDK 1.0 Feature List

In addition to SPA support across all the integrations, the following is included in the 1.0 release:

  1. Angular Example: This new example joins the other examples we have in the SDK repo in the examples folder. It demonstrates how easy it is to create an application with an Angular front end and Spring Boot backend, all integrated with Stormpath.
  2. Content Negotiation: The rules spelled out in the framework specification determine whether to return JSON or HTML responses. This makes it very easy to configure a mixed application, such as Angular on the front end and Spring Boot on the back end. This is done in configuration with no additional coding.
  3. Social Providers: Login and registration support for Google, Facebook, Linkedin and Github. Simply map the appropriate Directory type to your application and the Login View will show the correct button for the Social Provider. No additional coding is needed.
  4. SAML Providers: You can easily add external SAML providers to your application. Simply maps the SAML Directory to your application and the Login view will show a button with the Directory name. No additional coding is needed.
  5. OAuth2 client_credentials grant type: You can allocate and manage API keys for your users with Stormpath. Now, you can use those API keys to get an Access Token for use in hitting protected endpoints in your application with support for the client_credentials grant type.
  6. Single Sign-on: Support for Stormpath’s SSO service – ID Site – is now available in the Servlet integration (ID Site is already supported in the other integrations)
  7. Event Handlers: Support for Pre and Post login and register handlers makes it easy to have side effects, such as logging, when these events occur.
  8. Custom Registration Fields: Easily add additional fields to the default registration form. This is expressed in properties with no additional coding required. Non-standard fields are automatically stored as Custom Data.
  9. Profile Endpoint: Added /me endpoint to return JSON profile information for authenticated users.

Additionally, the following dependency and code updates are included in this release:

  1. Significant Spring Security performance improvements
  2. Internationalization (i18n) support / improvements
  3. Our account cookie (the way we used to keep client-side state) has been replaced by an access_token and refresh_token cookie.
  4. All our controllers are filters now (we were previously using handlers). This allows a request to pass through to be handled by custom client code.
  5. Removed support for JDK 6
  6. Removed all code and docs for previously deprecated interfaces
  7. Upgraded all external dependencies to latest versions, including Spring Security 4.1.2 and Spring Boot 1.4.0

Along the way, we built a Framework Test Compatibility Kit for all of Stormpath’s integration developers to use. It ensures that whether you’re using the Node.js Express integration or the PHP Laravel integration, you can expect uniform responses to your requests as defined in the Stormpath Framework Specification.

The five primary Java integrations in the Java SDK project (Servlet, Spring WebMVC, Spring Security Spring WebMVC, Spring Boot WebMVC, and Spring Security Spring Boot WebMVC) each pass all 112 tests in the TCK.

All the things! – Java SDK Documentation Edition

You can get to all of the Java SDK documentation here. Or get started with Java and Stormpath in 10 minutes or less? Check out our Quickstart.

If you want to take a deep dive into the Core Java SDK, jump into the Product Guide. We’ll take you from a basic Spring Boot application to a Stormpath integrated Spring Security Spring Boot WebMVC application, complete with fine-grained access controls in our Spring Boot Tutorial.