| 12345678910111213141516171819202122232425262728293031 |
- [[new]]
- = What's New in Spring Security 5.7
- Spring Security 5.7 provides a number of new features.
- Below are the highlights of the release.
- [[whats-new-servlet]]
- == Servlet
- * Web
- ** Introduced xref:servlet/authentication/persistence.adoc#requestattributesecuritycontextrepository[`RequestAttributeSecurityContextRepository`]
- ** Introduced xref:servlet/authentication/persistence.adoc#securitycontextholderfilter[`SecurityContextHolderFilter`] - Ability to require explicit saving of the `SecurityContext`
- * OAuth 2.0 Client
- ** Allow configuring https://github.com/spring-projects/spring-security/issues/6548[PKCE for confidential clients]
- ** Allow configuring a https://github.com/spring-projects/spring-security/issues/9812[JWT assertion resolver] in `JwtBearerOAuth2AuthorizedClientProvider`
- ** Allow customizing claims on https://github.com/spring-projects/spring-security/issues/9855[JWT client assertions]
- [[whats-new-webflux]]
- == WebFlux
- * Web
- ** Allow customizing https://github.com/spring-projects/spring-security/issues/10903[charset] in `ServerHttpBasicAuthenticationConverter`
- * OAuth 2.0 Client
- ** Allow configuring https://github.com/spring-projects/spring-security/issues/6548[PKCE for confidential clients]
- ** Allow configuring a https://github.com/spring-projects/spring-security/issues/9812[JWT assertion resolver] in `JwtBearerReactiveOAuth2AuthorizedClientProvider`
|
