|
|
@@ -377,7 +377,8 @@ This will give you access to the entire project history (including all releases
|
|
|
[[new]]
|
|
|
== What's New in Spring Security 4.2
|
|
|
|
|
|
-There were https://github.com/spring-projects/spring-security/milestone/86?closed=1[50+ M1 issues] closed.
|
|
|
+Among other things, Spring Security 4.2 brings early support for Spring Framework 5.
|
|
|
+There were https://github.com/spring-projects/spring-security/milestone/86?closed=1[50+ M1 issues] and https://github.com/spring-projects/spring-security/milestone/91?closed=1[20+ RC1 issues] closed.
|
|
|
The overwhelming majority of these features were contributed by the community.
|
|
|
Below you can find the highlights of this release.
|
|
|
|
|
|
@@ -385,14 +386,18 @@ Below you can find the highlights of this release.
|
|
|
|
|
|
* https://github.com/spring-projects/spring-security/pull/3812[#3812] - <<jackson,Jackson Support>>
|
|
|
* https://github.com/spring-projects/spring-security/pull/3938[#3938] - Add <<request-matching,HTTP response splitting prevention>>
|
|
|
+* https://github.com/spring-projects/spring-security/issues/3949[#3949] - Add <<mvc-authentication-principal,bean reference support to @AuthenticationPrincipal>>.
|
|
|
* https://github.com/spring-projects/spring-security/pull/3978[#3978] - Support for Standford WebAuth and Shibboleth using the newly added http://docs.spring.io/spring-security/site/docs/4.2.x-SNAPSHOT/apidocs/org/springframework/security/web/authentication/preauth/RequestAttributeAuthenticationFilter.html[RequestAttributeAuthenticationFilter].
|
|
|
+https://github.com/spring-projects/spring-security/issues/4076[#4076] - Document <<appendix-proxy-server,Proxy Server>> Configuration
|
|
|
* https://github.com/spring-projects/spring-security/issues/3795[#3795] - `ConcurrentSessionFilter` supports `InvalidSessionStrategy`
|
|
|
* https://github.com/spring-projects/spring-security/pull/3904[#3904] - Add `CompositeLogoutHandler`
|
|
|
|
|
|
=== Configuration Improvements
|
|
|
|
|
|
* https://github.com/spring-projects/spring-security/pull/3956[#3956] - Central configuration of the http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html#m3to4-role-prefixing[default role prefix]. See the issue for details.
|
|
|
+* https://github.com/spring-projects/spring-security/issues/4102[#4102] - Custom default configuration in `WebSecurityConfigurerAdapter`. See <<jc-custom-dsls>>
|
|
|
* https://github.com/spring-projects/spring-security/issues/3899[#3899] - <<nsa-concurrency-control-max-sessions,concurrency-control@max-sessions>> supports unlimited sessions.
|
|
|
+* https://github.com/spring-projects/spring-security/issues/3899[#4097] - <<nsa-intercept-url-request-matcher-ref,intercept-url@request-matcher-ref>> adds more powerful request matching support to the XML namespace.
|
|
|
* https://github.com/spring-projects/spring-security/issues/3990[#3990] - Support for constructing `RoleHierarchy` from `Map` (i.e. `yml`)
|
|
|
* https://github.com/spring-projects/spring-security/pull/4062[#4062] - Custom cookiePath to `CookieCsrfTokenRepository`
|
|
|
* https://github.com/spring-projects/spring-security/issues/3794[#3794] - Allow configuration of `InvalidSessionStrategy` on `SessionManagementConfigurer`
|
|
|
@@ -400,9 +405,12 @@ Below you can find the highlights of this release.
|
|
|
|
|
|
=== Miscellaneous
|
|
|
|
|
|
+* https://github.com/spring-projects/spring-security/issues/4080[#4080] - Spring 5 support
|
|
|
+* https://github.com/spring-projects/spring-security/issues/4095[#4095] - `Add UserBuilder`
|
|
|
* https://github.com/spring-projects/spring-security/issues/4018[#4018] - Fix after `csrf()` is invoked, future `MockMvc` invocations use original `CsrfTokenRepository`
|
|
|
* Version Updates
|
|
|
|
|
|
+
|
|
|
[[samples]]
|
|
|
== Samples and Guides (Start Here)
|
|
|
|
Rob Winch