Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-04-24 08:04:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Separate Servlet and WebFlux Feature Lists

Browse Source 
Issue: gh-5857
This commit is contained in:
Josh Cummings 2018-09-18 10:14:40 -06:00
parent 2a83e34db5
commit a7f94b2188
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
1 changed files with 38 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
docs/manual/src/docs/asciidoc/_includes/preface/whats-new.adoc
View File

@ -4,42 +4,44 @@
Spring Security 5.1 provides a number of new features. Spring Security 5.1 provides a number of new features.
Below are the highlights of the release. Below are the highlights of the release.
=== New Features === Servlet
* <<test-method>> * https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2webclient[OAuth 2.0 Client]
** Support for customizing when the `SecurityContext` is setup in the test ** Customizable Authorize and Token requests
** `authorization_code` grant support
** `client_credentials` grant support
* OAuth 2.0 Resource Server - support for https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2resourceserver[JWT-encoded bearer tokens]
* https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2webclient[OAuth 2.0 Web Client Extensions] - Supports `authorization_code`, `client_credentials`, and `refresh_token` grants
* <<core-services-password-encoding>> - New service to support password upgrades
* <<request-matching>> - Protection against HTTP Verb Tampering and Cross-site Tracing
* <<exception-translation-filter>> - Support for selecting an `AccessDeniedHandler` by `RequestMatcher`
* <<csrf>> - Support for disabling csrf by `RequestMatcher`
* <<headers>> - Support for `Feature-Policy`
* <<session-mgmt>> - Support for `@Transient` authentication tokens
* A modern look-and-feel for the default log in page
=== WebFlux
* https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2webclient-webflux[OAuth 2.0 Client]
** Customizable Authorize requests
** `authorization_code` grant support
** `client_credentials` grant support
* OAuth 2.0 Resource Server - support for https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2resourceserver-webflux[JWT-encoded bearer tokens]
* https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2webclient-webflux[OAuth 2.0 Web Client Extensions] - Supports `authorization_code`, `client_credentials`, and `refresh_token` grants
* <<test-method>> - `@WithUserDetails` now works with `ReactiveUserDetailsService`
* <<cors>> - Support for CORS was added
* <<headers>> - Support for `Content-Security-Policy`, `Feature-Policy`, and `Referrer-Policy`
* Support for redirecting to HTTPS
=== Integrations
* <<jackson>> - Support for `BadCredentialsException`
* <<test-method>> - Support for customizing when the `SecurityContext` is setup in the test.
For example, `@WithMockUser(setupBefore = TestExecutionEvent.TEST_EXECUTION)` will setup a user after JUnit's `@Before` and before the test executes. For example, `@WithMockUser(setupBefore = TestExecutionEvent.TEST_EXECUTION)` will setup a user after JUnit's `@Before` and before the test executes.
** `@WithUserDetails` now works with `ReactiveUserDetailsService` * <<ldap>> - Support for setting up an `LdapContext` from custom environment variables
* <<jackson>> - added support for `BadCredentialsException` * <<x509>> - Support for deriving the X.509 principal via a strategy
* <<mvc-authentication-principal>> * <<mvc-authentication-principal>>
** Supports resolving beans in WebFlux (was already supported in Spring MVC) ** Support for resolving beans in WebFlux (support already exists for Spring MVC)
** Supports resolving `errorOnInvalidType` in WebFlux (was already supported in Spring MVC) ** Support for resolving `errorOnInvalidType` in WebFlux (support already exists for Spring MVC)
* OAuth 2.0 Client
* OAuth 2.0 Resource Server
** Supports https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2resourceserver[JWT-encoded bearer tokens]
** Supports configuration using an OIDC Provider Configuration endpoint
** Supports custom JWT decoding
** Supports custom authority mapping
** Supports custom JWT validation
** Supports custom error handling
* OAuth 2.0 Resource Server WebFlux
** Supports JWT-encoded bearer tokens
** Supports configuration using an OIDC Provider Configuration endpoint
** Supports custom JWT decoding
** Supports custom authority mapping
** Supports custom JWT validation
** Supports static key configuration
* <<spring-security-core>> - Support was added for `@Transient` authentication tokens
* <<csrf>> - Support was added for disabling csrf by `RequestMatcher`
* <<access-denied-handler>> - Support was added for selecting an `AccessDeniedHandler` by `RequestMatcher`
* <<headers>>
** Support for `Content-Security-Policy` and `Referrer-Policy` were added for WebFlux (already supported in Servlets)
** Support for `Feature-Policy` were added
* <<cors>>
** Support for CORS was added for WebFlux (already supported in Servlets)
* Redirecting to HTTPS
** Support for HTTPS redirect was added
* WebClient + OAuth2 Support for <<servlet-webclient,Servlet>> and <<webclient,Reactive>> environments
* <<ldap>> - added support for setting up an `LdapContext` from custom environment variables
* <<x509>> - added support for deriving the X.509 principal via a strategy
* The Look and Feel for the default login and logout pages was modernized