Prepare for Spring Security 6.1
This commit is contained in:
Marcus Da Coregio
parent
c2c0b0b710
commit
e6173f9e5b
|
|
@ -95,7 +95,7 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
|
|||
if (!namespaceMatchesVersion(element)) {
|
||||
pc.getReaderContext().fatal("You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd or "
|
||||
+ "spring-security-3.1.xsd schema or spring-security-3.2.xsd schema or spring-security-4.0.xsd schema "
|
||||
+ "with Spring Security 6.0. Please update your schema declarations to the 6.0 schema.", element);
|
||||
+ "with Spring Security 6.1. Please update your schema declarations to the 6.1 schema.", element);
|
||||
}
|
||||
String name = pc.getDelegate().getLocalName(element);
|
||||
BeanDefinitionParser parser = this.parsers.get(name);
|
||||
|
|
@ -218,7 +218,7 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
|
|||
|
||||
private boolean matchesVersionInternal(Element element) {
|
||||
String schemaLocation = element.getAttributeNS("http://www.w3.org/2001/XMLSchema-instance", "schemaLocation");
|
||||
return schemaLocation.matches("(?m).*spring-security-6\\.0.*.xsd.*")
|
||||
return schemaLocation.matches("(?m).*spring-security-6\\.1.*.xsd.*")
|
||||
|| schemaLocation.matches("(?m).*spring-security.xsd.*")
|
||||
|| !schemaLocation.matches("(?m).*spring-security.*");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
http\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-6.0.xsd
|
||||
http\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-6.1.xsd
|
||||
http\://www.springframework.org/schema/security/spring-security-6.1.xsd=org/springframework/security/config/spring-security-6.1.xsd
|
||||
http\://www.springframework.org/schema/security/spring-security-6.0.xsd=org/springframework/security/config/spring-security-6.0.xsd
|
||||
http\://www.springframework.org/schema/security/spring-security-5.8.xsd=org/springframework/security/config/spring-security-5.8.xsd
|
||||
http\://www.springframework.org/schema/security/spring-security-5.7.xsd=org/springframework/security/config/spring-security-5.7.xsd
|
||||
|
|
@ -20,7 +21,8 @@ http\://www.springframework.org/schema/security/spring-security-2.0.xsd=org/spri
|
|||
http\://www.springframework.org/schema/security/spring-security-2.0.1.xsd=org/springframework/security/config/spring-security-2.0.1.xsd
|
||||
http\://www.springframework.org/schema/security/spring-security-2.0.2.xsd=org/springframework/security/config/spring-security-2.0.2.xsd
|
||||
http\://www.springframework.org/schema/security/spring-security-2.0.4.xsd=org/springframework/security/config/spring-security-2.0.4.xsd
|
||||
https\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-6.0.xsd
|
||||
https\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-6.1.xsd
|
||||
https\://www.springframework.org/schema/security/spring-security-6.1.xsd=org/springframework/security/config/spring-security-6.1.xsd
|
||||
https\://www.springframework.org/schema/security/spring-security-6.0.xsd=org/springframework/security/config/spring-security-6.0.xsd
|
||||
https\://www.springframework.org/schema/security/spring-security-5.8.xsd=org/springframework/security/config/spring-security-5.8.xsd
|
||||
https\://www.springframework.org/schema/security/spring-security-5.7.xsd=org/springframework/security/config/spring-security-5.7.xsd
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2021 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -65,7 +65,7 @@ public class XsdDocumentedTests {
|
|||
|
||||
String schema31xDocumentLocation = "org/springframework/security/config/spring-security-3.1.xsd";
|
||||
|
||||
String schemaDocumentLocation = "org/springframework/security/config/spring-security-6.0.xsd";
|
||||
String schemaDocumentLocation = "org/springframework/security/config/spring-security-6.1.xsd";
|
||||
|
||||
XmlSupport xml = new XmlSupport();
|
||||
|
||||
|
|
@ -150,8 +150,8 @@ public class XsdDocumentedTests {
|
|||
.getParentFile()
|
||||
.list((dir, name) -> name.endsWith(".xsd"));
|
||||
// @formatter:on
|
||||
assertThat(schemas.length).isEqualTo(21)
|
||||
.withFailMessage("the count is equal to 21, if not then schemaDocument needs updating");
|
||||
assertThat(schemas.length)
|
||||
.withFailMessage("the count is equal to 22, if not then schemaDocument needs updating").isEqualTo(22);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
xmlns:tx="http://www.springframework.org/schema/tx"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans-3.0.xsd
|
||||
http://www.springframework.org/schema/tx https://www.springframework.org/schema/tx/spring-tx.xsd
|
||||
http://www.springframework.org/schema/security org/springframework/security/config/spring-security-6.0.xsd">
|
||||
http://www.springframework.org/schema/security org/springframework/security/config/spring-security-6.1.xsd">
|
||||
|
||||
<tx:annotation-driven />
|
||||
|
||||
|
|
|
|||
|
|
@ -6,4 +6,4 @@ This appendix provides a reference to the elements available in the security nam
|
|||
If you haven't used the namespace before, please read the xref:servlet/configuration/xml-namespace.adoc#ns-config[introductory chapter] on namespace configuration, as this is intended as a supplement to the information there.
|
||||
Using a good quality XML editor while editing a configuration based on the schema is recommended as this will provide contextual information on which elements and attributes are available as well as comments explaining their purpose.
|
||||
The namespace is written in https://relaxng.org/[RELAX NG] Compact format and later converted into an XSD schema.
|
||||
If you are familiar with this format, you may wish to examine the https://raw.githubusercontent.com/spring-projects/spring-security/main/config/src/main/resources/org/springframework/security/config/spring-security-5.6.rnc[schema file] directly.
|
||||
If you are familiar with this format, you may wish to examine the https://raw.githubusercontent.com/spring-projects/spring-security/main/config/src/main/resources/org/springframework/security/config/spring-security-6.1.rnc[schema file] directly.
|
||||
|
|
|
|||
|
|
@ -1,65 +1,5 @@
|
|||
[[new]]
|
||||
= What's New in Spring Security 6.0
|
||||
= What's New in Spring Security 6.1
|
||||
|
||||
Spring Security 6.0 provides a number of new features.
|
||||
Spring Security 6.1 provides a number of new features.
|
||||
Below are the highlights of the release.
|
||||
|
||||
== Baseline Changes
|
||||
|
||||
* Spring Security 6 requires JDK 17
|
||||
|
||||
== Breaking Changes
|
||||
|
||||
* https://github.com/spring-projects/spring-security/issues/8980[gh-8980] - Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)`.
|
||||
Instead use data storage to encrypt values.
|
||||
* https://github.com/spring-projects/spring-security/issues/11520[gh-11520] - Remember Me uses SHA256 by default
|
||||
* https://github.com/spring-projects/spring-security/issues/8819[gh-8819] - Move filters to web package
|
||||
Reorganize imports
|
||||
* https://github.com/spring-projects/spring-security/issues/7349[gh-7349] - Move filter and token to appropriate packages
|
||||
Reorganize imports
|
||||
* https://github.com/spring-projects/spring-security/issues/11026[gh-11026] - Use `RequestAttributeSecurityContextRepository` instead of `NullSecurityContextRepository`
|
||||
* https://github.com/spring-projects/spring-security/pull/11887[gh-11827] - Change default authority for `oauth2Login()`
|
||||
* https://github.com/spring-projects/spring-security/issues/10347[gh-10347] - Remove `UsernamePasswordAuthenticationToken` check in `BasicAuthenticationFilter`
|
||||
* https://github.com/spring-projects/spring-security/pull/11923[gh-11923] - Remove `WebSecurityConfigurerAdapter`.
|
||||
Instead, create a https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter[SecurityFilterChain bean].
|
||||
* https://github.com/spring-projects/spring-security/issues/11899[gh-11899] - Use `MvcRequestMatcher` by default if Spring MVC is present.
|
||||
You can configure a different `RequestMatcher` by using the https://docs.spring.io/spring-security/reference/servlet/appendix/namespace/http.html#nsa-http-attributes[request-matcher attribute from <http>].
|
||||
* Change use-authorization-manager="true" to default
|
||||
If the application uses `use-expressions="true"` or `access-decision-manager-ref` switch to `use-expressions="false"` or `authorization-manager-ref`, respectively.
|
||||
If application relies on the implicit `<intercept-url pattern="/**" access="permitAll"/>`, this is no longer implicit and needs to be specified.
|
||||
Or use `use-authorization-manager="false"`
|
||||
* https://github.com/spring-projects/spring-security/issues/11939[gh-11939] - Remove deprecated `antMatchers`, `mvcMatchers`, `regexMatchers` helper methods from Java Configuration.
|
||||
Instead, use `requestMatchers` or `HttpSecurity#securityMatchers`.
|
||||
* https://github.com/spring-projects/spring-security/issues/11985[gh-11985] - Remove deprecated constructors in `Argon2PasswordEncoder`, `SCryptPasswordEncoder` and `Pbkdf2PasswordEncoder`.
|
||||
* https://github.com/spring-projects/spring-security/issues/11960[gh-11960] - Default to Xor CSRF protection for xref:servlet/exploits/csrf.adoc#servlet-csrf-configure-request-handler[servlet] and xref:reactive/exploits/csrf.adoc#webflux-csrf-configure-request-handler[reactive]
|
||||
* https://github.com/spring-projects/spring-security/issues/12019[gh-12019] - Remove deprecated method `setTokenFromMultipartDataEnabled` from `CsrfWebFilter`
|
||||
* https://github.com/spring-projects/spring-security/issues/12020[gh-12020] - Remove deprecated method `tokenFromMultipartDataEnabled` from Java Configuration
|
||||
* https://github.com/spring-projects/spring-security/issues/9429[gh-9429] - `Authentication(Web)Filter` rethrows `AuthenticationServiceException`s
|
||||
* https://github.com/spring-projects/spring-security/issues/11027[gh-11027], https://github.com/spring-projects/spring-security/issues/11466[gh-11466] - Authorization on every dispatcher type
|
||||
* https://github.com/spring-projects/spring-security/issues/11110[gh-11110] - Require explicit session saves by default
|
||||
* https://github.com/spring-projects/spring-security/issues/11057[gh-11057] - Remove `MessageSourceAware` from `ExceptionTranslationWebFilter`
|
||||
* https://github.com/spring-projects/spring-security/issues/12022[gh-12202] - Remove OAuth deprecations
|
||||
* https://github.com/spring-projects/spring-security/issues/10556[gh-10556] - Remove EOL OpenSaml 3 Support.
|
||||
Use the OpenSaml 4 Support instead.
|
||||
* https://github.com/spring-projects/spring-security/issues/11077[gh-11077] - Remove SAML deprecations
|
||||
** Remove `Converter` constructors from `Saml2MetadataFilter` and `Saml2AuthenticationTokenConverter`
|
||||
** Remove `Saml2AuthenticationRequestContextResolver` and `Saml2AuthenticationRequestFactory` and implementations
|
||||
** Remove `Saml2AuthenticationToken(String, String, String, String, List)`
|
||||
** Remove `RelyingPartyRegistration.ProviderDetails` and related methods
|
||||
** Remove `OpenSamlAuthenticationProvider`
|
||||
* https://github.com/spring-projects/spring-security/issues/12180[gh-12180] - Register `FilterChainProxy` for all dispatcher types
|
||||
|
||||
== Core
|
||||
|
||||
* https://github.com/spring-projects/spring-security/issues/11446[gh-11446] - Add native image support for `@PreAuthorize`
|
||||
* https://github.com/spring-projects/spring-security/issues/11737[gh-11737] - Add native image support for `@PostAuthorize`
|
||||
* xref:servlet/integrations/observability.adoc[Instrumentation] of `AuthenticationManager`, `AuthorizationManager`, and `FilterChainProxy`
|
||||
* xref:reactive/integrations/observability.adoc[Instrumentation] of `ReactiveAuthenticationManager`, `ReactiveAuthorizationManager`, and `WebFilterChainProxy`
|
||||
|
||||
== LDAP
|
||||
|
||||
* https://github.com/spring-projects/spring-security/pull/9276[gh-9276] - LdapAuthoritiesPopulator is post-processed
|
||||
|
||||
== Web
|
||||
|
||||
* https://github.com/spring-projects/spring-security/issues/11432[gh-11432] - `CookieServerCsrfTokenRepository` supports maxage
|
||||
|
|
|
|||
Loading…
Reference in New Issue