Home Verkennen Help
Registreren Inloggen
github
/
spring-security
spiegel van https://github.com/spring-projects/spring-security
2
0
Vork 0
Bestanden Issues 0 Wiki
Boom: a7f94b2188
Aftakkingen Labels
spring-security
/
docs
/
manual
/
src
/
docs
/
asciidoc
/
_includes
/
preface
/
whats-new.adoc

whats-new.adoc 2.8 KB
Geschiedenis Ruwe

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 
  1. [[new]]
    2. 

  2. == What's New in Spring Security 5.1
    3. 

  3. 

  4. Spring Security 5.1 provides a number of new features.
    5. 

  5. Below are the highlights of the release.
    6. 

  6. 

  7. === Servlet
    8. 

  8. 

  9. * https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2webclient[OAuth 2.0 Client]
    10. 

  10. ** Customizable Authorize and Token requests
    11. 

  11. ** `authorization_code` grant support
    12. 

  12. ** `client_credentials` grant support
    13. 

  13. * OAuth 2.0 Resource Server - support for https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2resourceserver[JWT-encoded bearer tokens]
    14. 

  14. * https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2webclient[OAuth 2.0 Web Client Extensions] - Supports `authorization_code`, `client_credentials`, and `refresh_token` grants
    15. 

  15. * <<core-services-password-encoding>> - New service to support password upgrades
    16. 

  16. * <<request-matching>> - Protection against HTTP Verb Tampering and Cross-site Tracing
    17. 

  17. * <<exception-translation-filter>> - Support for selecting an `AccessDeniedHandler` by `RequestMatcher`
    18. 

  18. * <<csrf>> - Support for disabling csrf by `RequestMatcher`
    19. 

  19. * <<headers>> - Support for `Feature-Policy`
    20. 

  20. * <<session-mgmt>> - Support for `@Transient` authentication tokens
    21. 

  21. * A modern look-and-feel for the default log in page
    22. 

  22. 

  23. === WebFlux
    24. 

  24. 

  25. * https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2webclient-webflux[OAuth 2.0 Client]
    26. 

  26. ** Customizable Authorize requests
    27. 

  27. ** `authorization_code` grant support
    28. 

  28. ** `client_credentials` grant support
    29. 

  29. * OAuth 2.0 Resource Server - support for https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2resourceserver-webflux[JWT-encoded bearer tokens]
    30. 

  30. * https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2webclient-webflux[OAuth 2.0 Web Client Extensions] - Supports `authorization_code`, `client_credentials`, and `refresh_token` grants
    31. 

  31. * <<test-method>> - `@WithUserDetails` now works with `ReactiveUserDetailsService`
    32. 

  32. * <<cors>> - Support for CORS was added
    33. 

  33. * <<headers>> - Support for `Content-Security-Policy`, `Feature-Policy`, and `Referrer-Policy`
    34. 

  34. * Support for redirecting to HTTPS
    35. 

  35. 

  36. === Integrations
    37. 

  37. 

  38. * <<jackson>> - Support for `BadCredentialsException`
    39. 

  39. * <<test-method>> - Support for customizing when the `SecurityContext` is setup in the test.
    40. 

  40. For example, `@WithMockUser(setupBefore = TestExecutionEvent.TEST_EXECUTION)` will setup a user after JUnit's `@Before` and before the test executes.
    41. 

  41. * <<ldap>> - Support for setting up an `LdapContext` from custom environment variables
    42. 

  42. * <<x509>> - Support for deriving the X.509 principal via a strategy
    43. 

  43. * <<mvc-authentication-principal>>
    44. 

  44. ** Support for resolving beans in WebFlux (support already exists for Spring MVC)
    45. 

  45. ** Support for resolving `errorOnInvalidType` in WebFlux (support already exists for Spring MVC)
    46. 

  46. 

  47.