Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Tree: 99f689eb52
Branches Tags
spring-security
/
docs
/
modules
/
ROOT
/
pages
/
whats-new.adoc

whats-new.adoc 2.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 
  1. [[new]]
    2. 

  2. = What's New in Spring Security 7.0
    3. 

  3. 

  4. Spring Security 7.0 provides a number of new features.
    5. 

  5. Below are the highlights of the release, or you can view https://github.com/spring-projects/spring-security/releases[the release notes] for a detailed listing of each feature and bug fix.
    6. 

  6. 

  7. == Removals
    8. 

  8. 

  9. Being a major release, there are a number of deprecated APIs that are removed in Spring Security 7.
    10. 

  10. Each section that follows will indicate the more notable removals as well as the new features in that module
    11. 

  11. 

  12. == Core
    13. 

  13. 

  14. * Removed `AuthorizationManager#check` in favor of `AuthorizationManager#authorize`
    15. 

  15. 

  16. == Config
    17. 

  17. 

  18. * Removed `and()` from the `HttpSecurity` DSL in favor of using the lambda methods
    19. 

  19. * Removed `authorizeRequests` in favor of `authorizeHttpRequests`
    20. 

  20. * Simplified expression migration for `authorizeRequests`
    21. 

  21. * Added support for SPA-based CSRF configuration:
    22. 

  22. 

  23. Java::
    24. 

  24. +
    25. 

  25. [source,java,role="primary"]
    26. 

  26. ----
    27. 

  27. http.csrf((csrf) -> csrf.spa());
    28. 

  28. ----
    29. 

  29. 

  30. == Data
    31. 

  31. 

  32. * Added support to Authorized objects for Spring Data types
    33. 

  33. 

  34. == LDAP
    35. 

  35. 

  36. * Removed `ApacheDsContainer` and related Apache DS support in favor of UnboundID
    37. 

  37. 

  38. == OAuth 2.0
    39. 

  39. 

  40. * Removed support for password grant
    41. 

  41. * Added OAuth2 Support for xref:features/integrations/rest/http-interface.adoc[HTTP Interface Integration]
    42. 

  42. * Added support for custom `JwkSource` in `NimbusJwtDecoder`, allowing usage of Nimbus's `JwkSourceBuilder` API
    43. 

  43. * Added builder for `NimbusJwtEncoder`, supports specifying an EC or RSA key pair or a secret key
    44. 

  44. 

  45. == SAML 2.0
    46. 

  46. 

  47. * Removed API methods based on `AssertingPartyDetails` class in favor of `AssertingPartyMetadata` interface
    48. 

  48. * Removed GET request support from `Saml2AuthenticationTokenConverter`
    49. 

  49. * Added JDBC-based `AssertingPartyMetadataRepository`
    50. 

  50. * Made so that SLO still returns `<saml2:LogoutResponse>` even when validation fails
    51. 

  51. 

  52. == Web
    53. 

  53. 

  54. * Removed `MvcRequestMatcher` and `AntPathRequestMatcher` in favor of `PathPatternRequestMatcher`
    55. 

  55. * Added javadoc:org.springframework.security.web.authentication.preauth.x509.SubjectX500PrincipalExtractor[]
    56. 

  56. * Added support for propagating exceptions in Authorized proxies through Spring MVC controllers
    57. 

  57. * Added support to Authorized objects for Spring MVC types
    58.