Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Các tập tin Các vấn đề 0 Wiki
Tree: 765bdf1ed0
Branches Tags
spring-security
/
docs
/
modules
/
ROOT
/
pages
/
whats-new.adoc

whats-new.adoc 4.6 KB
Lịch sử Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. [[new]]
    2. 

  2. = What's New in Spring Security 7.0
    3. 

  3. 

  4. Spring Security 7.0 provides a number of new features.
    5. 

  5. Below are the highlights of the release, or you can view https://github.com/spring-projects/spring-security/releases[the release notes] for a detailed listing of each feature and bug fix.
    6. 

  6. 

  7. == Removals
    8. 

  8. 

  9. Being a major release, there are a number of deprecated APIs that are removed in Spring Security 7.
    10. 

  10. Each section that follows will indicate the more notable removals as well as the new features in that module
    11. 

  11. 

  12. == Modules
    13. 

  13. 

  14. * The https://github.com/spring-projects/spring-security-kerberos[Spring Security Kerberos Extension] is now part of Spring Security. See the xref:servlet/authentication/kerberos/index.adoc[Kerberos] section of the reference for details.
    15. 

  15. 

  16. == Core
    17. 

  17. 

  18. * Removed `AuthorizationManager#check` in favor of `AuthorizationManager#authorize`
    19. 

  19. * Added javadoc:org.springframework.security.authorization.AllAuthoritiesAuthorizationManager[] and javadoc:org.springframework.security.authorization.AllAuthoritiesReactiveAuthorizationManager[] along with corresponding methods for xref:servlet/authorization/authorize-http-requests.adoc#authorize-requests[Authorizing `HttpServletRequests`] and xref:servlet/authorization/method-security.adoc#using-authorization-expression-fields-and-methods[method security expressions].
    20. 

  20. * Added xref:servlet/authorization/architecture.adoc#authz-authorization-manager-factory[`AuthorizationManagerFactory`] for creating `AuthorizationManager` instances in xref:servlet/authorization/authorize-http-requests.adoc#customizing-authorization-managers[request-based] and xref:servlet/authorization/method-security.adoc#customizing-authorization-managers[method-based] authorization components
    21. 

  21. * Added `Authentication.Builder` for mutating and merging `Authentication` instances
    22. 

  22. * Moved Access API (`AccessDecisionManager`, `AccessDecisionVoter`, etc.) to a new module, `spring-security-access`
    23. 

  23. 

  24. == Config
    25. 

  25. 

  26. * Support modular configuration in xref::servlet/configuration/java.adoc#modular-httpsecurity-configuration[Servlets] and xref::reactive/configuration/webflux.adoc#modular-serverhttpsecurity-configuration[WebFlux]
    27. 

  27. * Removed `and()` from the `HttpSecurity` DSL in favor of using the lambda methods
    28. 

  28. * Removed `authorizeRequests` in favor of `authorizeHttpRequests`
    29. 

  29. * Simplified expression migration for `authorizeRequests`
    30. 

  30. * Added support for SPA-based CSRF configuration:
    31. 

  31. 

  32. Java::
    33. 

  33. +
    34. 

  34. [source,java,role="primary"]
    35. 

  35. ----
    36. 

  36. http.csrf((csrf) -> csrf.spa());
    37. 

  37. ----
    38. 

  38. 

  39. == Crypto
    40. 

  40. 

  41. * Added Password4j-based password encoders providing alternative implementations for popular hashing algorithms:
    42. 

  42. ** `Argon2Password4jPasswordEncoder` - xref:features/authentication/password-storage.adoc#password4j-argon2[Argon2]
    43. 

  43. ** `BcryptPassword4jPasswordEncoder` - xref:features/authentication/password-storage.adoc#password4j-bcrypt[BCrypt]
    44. 

  44. ** `ScryptPassword4jPasswordEncoder` - xref:features/authentication/password-storage.adoc#password4j-scrypt[SCrypt]
    45. 

  45. ** `Pbkdf2Password4jPasswordEncoder` - xref:features/authentication/password-storage.adoc#password4j-pbkdf2[PBKDF2]
    46. 

  46. ** `BalloonHashingPassword4jPasswordEncoder` - xref:features/authentication/password-storage.adoc#password4j-balloon[Balloon Hashing]
    47. 

  47. 

  48. == Data
    49. 

  49. 

  50. * Added support to Authorized objects for Spring Data types
    51. 

  51. 

  52. == LDAP
    53. 

  53. 

  54. * Removed `ApacheDsContainer` and related Apache DS support in favor of UnboundID
    55. 

  55. 

  56. == OAuth 2.0
    57. 

  57. 

  58. * Removed support for password grant
    59. 

  59. * Added OAuth2 Support for xref:features/integrations/rest/http-interface.adoc[HTTP Interface Integration]
    60. 

  60. * Added support for custom `JwkSource` in `NimbusJwtDecoder`, allowing usage of Nimbus's `JwkSourceBuilder` API
    61. 

  61. * Added builder for `NimbusJwtEncoder`, supports specifying an EC or RSA key pair or a secret key
    62. 

  62. * Added support for `@ClientRegistrationId` at the xref:features/integrations/rest/http-interface.adoc#type[type level], eliminating the need for method level repetition
    63. 

  63. 

  64. == SAML 2.0
    65. 

  65. 

  66. * Removed API methods based on `AssertingPartyDetails` class in favor of `AssertingPartyMetadata` interface
    67. 

  67. * Removed GET request support from `Saml2AuthenticationTokenConverter`
    68. 

  68. * Added JDBC-based `AssertingPartyMetadataRepository`
    69. 

  69. * Made so that SLO still returns `<saml2:LogoutResponse>` even when validation fails
    70. 

  70. * Removed Open SAML 4 support; applications should migrate to Open SAML 5
    71. 

  71. 

  72. == Web
    73. 

  73. 

  74. * Removed `MvcRequestMatcher` and `AntPathRequestMatcher` in favor of `PathPatternRequestMatcher`
    75. 

  75. * Added javadoc:org.springframework.security.web.authentication.preauth.x509.SubjectX500PrincipalExtractor[]
    76. 

  76. * Added support for propagating exceptions in Authorized proxies through Spring MVC controllers
    77. 

  77. * Added support to Authorized objects for Spring MVC types
    78.