Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

What's New in Spring Security 5.1 

An initial skeleton pointing to the various sections of Spring
Security that received an update in Spring Security 5.1

Issue: gh-5857
This commit is contained in:
Josh Cummings 2018-09-17 16:37:47 -06:00
parent b3d33708d1
commit 26afc18b66
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
docs/manual/src/docs/asciidoc/_includes/preface/whats-new.adoc
View File

@ -14,3 +14,32 @@ For example, `@WithMockUser(setupBefore = TestExecutionEvent.TEST_EXECUTION)` wi
* <<mvc-authentication-principal>>
** Supports resolving beans in WebFlux (was already supported in Spring MVC)
** Supports resolving `errorOnInvalidType` in WebFlux (was already supported in Spring MVC)
* OAuth 2.0 Client
* OAuth 2.0 Resource Server
** Supports https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2resourceserver[JWT-encoded bearer tokens]
** Supports configuration using an OIDC Provider Configuration endpoint
** Supports custom JWT decoding
** Supports custom authority mapping
** Supports custom JWT validation
** Supports custom error handling
* OAuth 2.0 Resource Server WebFlux
** Supports JWT-encoded bearer tokens
** Supports configuration using an OIDC Provider Configuration endpoint
** Supports custom JWT decoding
** Supports custom authority mapping
** Supports custom JWT validation
** Supports static key configuration
* <<spring-security-core>> - Support was added for `@Transient` authentication tokens
* <<csrf>> - Support was added for disabling csrf by `RequestMatcher`
* <<access-denied-handler>> - Support was added for selecting an `AccessDeniedHandler` by `RequestMatcher`
* <<headers>>
** Support for `Content-Security-Policy` and `Referrer-Policy` were added for WebFlux (already supported in Servlets)
** Support for `Feature-Policy` were added
* <<cors>>
** Support for CORS was added for WebFlux (already supported in Servlets)
* Redirecting to HTTPS
** Support for HTTPS redirect was added
* Web Client
* <<ldap>> - added support for setting up an `LdapContext` from custom environment variables
* <<x509>> - added support for deriving the X.509 principal via a strategy
* The Look and Feel for the default login and logout pages was modernized