parent
8b0a3a760c
commit
ece5de3f99
|
@ -6,24 +6,26 @@ Below are the highlights of the release.
|
||||||
|
|
||||||
=== Servlet
|
=== Servlet
|
||||||
|
|
||||||
|
* Automatic password storage upgrades through {security-api-url}org/springframework/security/core/userdetails/UserDetailsPasswordService.html[UserDetailsPasswordService]
|
||||||
* {gh-samples-url}/boot/oauth2webclient[OAuth 2.0 Client]
|
* {gh-samples-url}/boot/oauth2webclient[OAuth 2.0 Client]
|
||||||
** Customizable Authorize and Token requests
|
** Customizable Authorize and Token requests
|
||||||
** `authorization_code` grant support
|
** `authorization_code` grant support
|
||||||
** `client_credentials` grant support
|
** `client_credentials` grant support
|
||||||
* OAuth 2.0 Resource Server - support for {gh-samples-url}/boot/oauth2resourceserver[JWT-encoded bearer tokens]
|
* OAuth 2.0 Resource Server - support for {gh-samples-url}/boot/oauth2resourceserver[JWT-encoded bearer tokens]
|
||||||
* {gh-samples-url}/boot/oauth2webclient[OAuth 2.0 Web Client Extensions] - Supports `authorization_code`, `client_credentials`, and `refresh_token` grants
|
* Added OAuth2 <<servlet-webclient,WebClient>> integration
|
||||||
* <<request-matching>> - Protection against HTTP Verb Tampering and Cross-site Tracing
|
* <<request-matching,HTTP Firewall>> protects against HTTP Verb Tampering and Cross-site Tracing
|
||||||
* <<exception-translation-filter>> - Support for selecting an `AccessDeniedHandler` by `RequestMatcher`
|
* <<exception-translation-filter,ExceptionTranslationFilter>> support for selecting an `AccessDeniedHandler` by `RequestMatcher`
|
||||||
* <<csrf>> - Support for disabling csrf by `RequestMatcher`
|
* <<csrf,CSRF>> support for excluding certain requests
|
||||||
* <<headers-feature>>
|
* Added Support for <<headers-feature,Feature Policy>>
|
||||||
* <<session-mgmt>> - Support for `@Transient` authentication tokens
|
* Added {security-api-url}core/src/main/java/org/springframework/security/core/Transient.java[@Transient] authentication tokens
|
||||||
* A modern look-and-feel for the default log in page
|
* A modern look-and-feel for the default log in page
|
||||||
|
|
||||||
=== WebFlux
|
=== WebFlux
|
||||||
|
|
||||||
|
* Automatic password storage upgrades through {security-api-url}org/springframework/security/core/userdetails/ReactiveUserDetailsPasswordService.html[ReactiveUserDetailsPasswordService]
|
||||||
* Added <<webflux-oauth2,OAuth2>> support
|
* Added <<webflux-oauth2,OAuth2>> support
|
||||||
** Added <<webflux-oauth2-client,OAuth2 Client>> support
|
** Added <<webflux-oauth2-client,OAuth2 Client>> support
|
||||||
** Added<<webflux-oauth2-resource-server,OAuth2 Resource Server>> support
|
** Added <<webflux-oauth2-resource-server,OAuth2 Resource Server>> support
|
||||||
** Added OAuth2 <<webclient,WebClient>> integration
|
** Added OAuth2 <<webclient,WebClient>> integration
|
||||||
* <<test-method>> - `@WithUserDetails` now works with `ReactiveUserDetailsService`
|
* <<test-method>> - `@WithUserDetails` now works with `ReactiveUserDetailsService`
|
||||||
* Added <<webflux-cors,CORS>> support
|
* Added <<webflux-cors,CORS>> support
|
||||||
|
@ -32,17 +34,17 @@ Below are the highlights of the release.
|
||||||
** <<webflux-headers-feature,Feature Policy>>
|
** <<webflux-headers-feature,Feature Policy>>
|
||||||
** <<webflux-headers-referrer,Referrer Policy>>
|
** <<webflux-headers-referrer,Referrer Policy>>
|
||||||
* <<webflux-redirect-https,Redirect to HTTPS>>
|
* <<webflux-redirect-https,Redirect to HTTPS>>
|
||||||
|
* Improvements for {security-api-url}org/springframework/security/core/annotation/AuthenticationPrincipal.html[@AuthenticationPrincipal]
|
||||||
|
** Support for resolving beans
|
||||||
|
** Support for resolving `errorOnInvalidType`
|
||||||
|
|
||||||
=== Integrations
|
=== Integrations
|
||||||
|
|
||||||
* <<core-services-password-encoding>> - New service to support password upgrades
|
* <<jackson,Jackson Support>> works with `BadCredentialsException`
|
||||||
* <<jackson>> - Support for `BadCredentialsException`
|
|
||||||
* <<test-method>> - Support for customizing when the `SecurityContext` is setup in the test.
|
* <<test-method>> - Support for customizing when the `SecurityContext` is setup in the test.
|
||||||
For example, `@WithMockUser(setupBefore = TestExecutionEvent.TEST_EXECUTION)` will setup a user after JUnit's `@Before` and before the test executes.
|
For example, `@WithMockUser(setupBefore = TestExecutionEvent.TEST_EXECUTION)` will setup a user after JUnit's `@Before` and before the test executes.
|
||||||
* <<ldap>> - Support for setting up an `LdapContext` from custom environment variables
|
* <<ldap>> - Support for setting up an `LdapContext` from custom environment variables
|
||||||
* <<x509>> - Support for deriving the X.509 principal via a strategy
|
* <<x509>> - Support for deriving the X.509 principal via a strategy
|
||||||
* <<mvc-authentication-principal>>
|
|
||||||
** Support for resolving beans in WebFlux (support already exists for Spring MVC)
|
|
||||||
** Support for resolving `errorOnInvalidType` in WebFlux (support already exists for Spring MVC)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
= Spring Security Reference
|
= Spring Security Reference
|
||||||
Ben Alex; Luke Taylor; Rob Winch; Gunnar Hillert; Joe Grandja; Jay Bryant
|
Ben Alex; Luke Taylor; Rob Winch; Gunnar Hillert; Joe Grandja; Jay Bryant
|
||||||
:include-dir: _includes
|
:include-dir: _includes
|
||||||
:security-api-url: http://docs.spring.io/spring-security/site/docs/current/apidocs/
|
:security-api-url: http://docs.spring.io/spring-security/site/docs/current/api/
|
||||||
:source-indent: 0
|
:source-indent: 0
|
||||||
:tabsize: 4
|
:tabsize: 4
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue