탐색 도움말
가입하기 로그인
github
/
spring-security
의 미러 https://github.com/spring-projects/spring-security
2
0
포크 0
파일 이슈 0 위키
트리: 7b7f579746
브랜치 태그
spring-security
/
docs
/
manual
/
src
/
docs
/
asciidoc
/
_includes
/
preface
/
whats-new.adoc

whats-new.adoc 2.3 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 
  1. [[new]]
    2. 

  2. == What's New in Spring Security 5.1
    3. 

  3. 

  4. Spring Security 5.1 provides a number of new features.
    5. 

  5. Below are the highlights of the release.
    6. 

  6. 

  7. === Servlet
    8. 

  8. 

  9. * {gh-samples-url}/boot/oauth2webclient[OAuth 2.0 Client]
    10. 

  10. ** Customizable Authorize and Token requests
    11. 

  11. ** `authorization_code` grant support
    12. 

  12. ** `client_credentials` grant support
    13. 

  13. * OAuth 2.0 Resource Server - support for {gh-samples-url}/boot/oauth2resourceserver[JWT-encoded bearer tokens]
    14. 

  14. * {gh-samples-url}/boot/oauth2webclient[OAuth 2.0 Web Client Extensions] - Supports `authorization_code`, `client_credentials`, and `refresh_token` grants
    15. 

  15. * <<request-matching>> - Protection against HTTP Verb Tampering and Cross-site Tracing
    16. 

  16. * <<exception-translation-filter>> - Support for selecting an `AccessDeniedHandler` by `RequestMatcher`
    17. 

  17. * <<csrf>> - Support for disabling csrf by `RequestMatcher`
    18. 

  18. * <<headers-feature>>
    19. 

  19. * <<session-mgmt>> - Support for `@Transient` authentication tokens
    20. 

  20. * A modern look-and-feel for the default log in page
    21. 

  21. 

  22. === WebFlux
    23. 

  23. 

  24. * Added <<webflux-oauth2,OAuth2>> support
    25. 

  25. ** Added <<webflux-oauth2-client,OAuth2 Client>> support
    26. 

  26. ** Added<<webflux-oauth2-resource-server,OAuth2 Resource Server>> support
    27. 

  27. ** Added OAuth2 <<webclient,WebClient>> integration
    28. 

  28. * <<test-method>> - `@WithUserDetails` now works with `ReactiveUserDetailsService`
    29. 

  29. * <<cors>> - Support for CORS was added
    30. 

  30. * Added support for the following <<webflux-headers,HTTP headers>>
    31. 

  31. ** <<webflux-headers-csp,Content Security Policy>>
    32. 

  32. ** <<webflux-headers-feature,Feature Policy>>
    33. 

  33. ** <<webflux-headers-referrer,Referrer Policy>>
    34. 

  34. * Support for redirecting to HTTPS
    35. 

  35. 

  36. === Integrations
    37. 

  37. 

  38. * <<core-services-password-encoding>> - New service to support password upgrades
    39. 

  39. * <<jackson>> - Support for `BadCredentialsException`
    40. 

  40. * <<test-method>> - Support for customizing when the `SecurityContext` is setup in the test.
    41. 

  41. For example, `@WithMockUser(setupBefore = TestExecutionEvent.TEST_EXECUTION)` will setup a user after JUnit's `@Before` and before the test executes.
    42. 

  42. * <<ldap>> - Support for setting up an `LdapContext` from custom environment variables
    43. 

  43. * <<x509>> - Support for deriving the X.509 principal via a strategy
    44. 

  44. * <<mvc-authentication-principal>>
    45. 

  45. ** Support for resolving beans in WebFlux (support already exists for Spring MVC)
    46. 

  46. ** Support for resolving `errorOnInvalidType` in WebFlux (support already exists for Spring MVC)
    47. 

  47. 

  48.