37 lines
1.7 KiB
Markdown
37 lines
1.7 KiB
Markdown
|
# Spring Security 新功能
|
||
|
|
|
||
|
|
Spring Security 5.7 提供了一系列行的特性。
|
||
|
|
|
||
|
|
下面为特别值得指出的一些新特性。
|
||
|
|
|
||
|
|
|
||
|
|
## Servlet
|
||
|
|
|
||
|
|
* Web
|
||
|
|
|
||
|
|
** 新增 xref:servlet/authentication/persistence.adoc#requestattributesecuritycontextrepository[`RequestAttributeSecurityContextRepository`]
|
||
|
|
** 新增 xref:servlet/authentication/persistence.adoc#securitycontextholderfilter[`SecurityContextHolderFilter`] - Ability to require explicit saving of the `SecurityContext`
|
||
|
|
** 针对 xref:servlet/exploits/headers.adoc#servlet-headers-cross-origin-policies[Cross Origin Policies headers] 新增 DSL 支持
|
||
|
|
|
||
|
|
* OAuth 2.0 客户端
|
||
|
|
|
||
|
|
** 允许对 https://github.com/spring-projects/spring-security/issues/6548[PKCE for confidential clients] 进行配置
|
||
|
|
** Allow 在 `JwtBearerOAuth2AuthorizedClientProvider` 中配置一个 https://github.com/spring-projects/spring-security/issues/9812[JWT assertion resolver]
|
||
|
|
** 允许在 https://github.com/spring-projects/spring-security/issues/9855[JWT client assertions] 自定义 claims
|
||
|
|
|
||
|
|
* SAML 2.0
|
||
|
|
|
||
|
|
** 新增 xref:servlet/appendix/namespace/http.adoc#nsa-saml2-login[SAML 2.0 Login & Single Logout XML support]
|
||
|
|
|
||
|
|
|
||
|
|
## WebFlux
|
||
|
|
|
||
|
|
* Web
|
||
|
|
|
||
|
|
** 允许在 `ServerHttpBasicAuthenticationConverter` 中自定义 customizing https://github.com/spring-projects/spring-security/issues/10903[charset]
|
||
|
|
** 针对 xref:reactive/exploits/headers.adoc#webflux-headers-cross-origin-policies[Cross Origin Policies headers] 新增 DSL 支持
|
||
|
|
|
||
|
|
* OAuth 2.0 客户端
|
||
|
|
|
||
|
|
** 允许配置 https://github.com/spring-projects/spring-security/issues/6548[PKCE for confidential clients]
|
||
|
|
** 允许在 `JwtBearerReactiveOAuth2AuthorizedClientProvider` 中配置一个 https://github.com/spring-projects/spring-security/issues/9812[JWT assertion resolver]
|