Polish What's New

Issue: gh-5857
This commit is contained in:
Rob Winch 2018-09-19 09:44:50 -05:00
parent 8b0a3a760c
commit ece5de3f99
2 changed files with 15 additions and 13 deletions

View File

@ -6,24 +6,26 @@ Below are the highlights of the release.
=== Servlet === Servlet
* Automatic password storage upgrades through {security-api-url}org/springframework/security/core/userdetails/UserDetailsPasswordService.html[UserDetailsPasswordService]
* {gh-samples-url}/boot/oauth2webclient[OAuth 2.0 Client] * {gh-samples-url}/boot/oauth2webclient[OAuth 2.0 Client]
** Customizable Authorize and Token requests ** Customizable Authorize and Token requests
** `authorization_code` grant support ** `authorization_code` grant support
** `client_credentials` grant support ** `client_credentials` grant support
* OAuth 2.0 Resource Server - support for {gh-samples-url}/boot/oauth2resourceserver[JWT-encoded bearer tokens] * OAuth 2.0 Resource Server - support for {gh-samples-url}/boot/oauth2resourceserver[JWT-encoded bearer tokens]
* {gh-samples-url}/boot/oauth2webclient[OAuth 2.0 Web Client Extensions] - Supports `authorization_code`, `client_credentials`, and `refresh_token` grants * Added OAuth2 <<servlet-webclient,WebClient>> integration
* <<request-matching>> - Protection against HTTP Verb Tampering and Cross-site Tracing * <<request-matching,HTTP Firewall>> protects against HTTP Verb Tampering and Cross-site Tracing
* <<exception-translation-filter>> - Support for selecting an `AccessDeniedHandler` by `RequestMatcher` * <<exception-translation-filter,ExceptionTranslationFilter>> support for selecting an `AccessDeniedHandler` by `RequestMatcher`
* <<csrf>> - Support for disabling csrf by `RequestMatcher` * <<csrf,CSRF>> support for excluding certain requests
* <<headers-feature>> * Added Support for <<headers-feature,Feature Policy>>
* <<session-mgmt>> - Support for `@Transient` authentication tokens * Added {security-api-url}core/src/main/java/org/springframework/security/core/Transient.java[@Transient] authentication tokens
* A modern look-and-feel for the default log in page * A modern look-and-feel for the default log in page
=== WebFlux === WebFlux
* Automatic password storage upgrades through {security-api-url}org/springframework/security/core/userdetails/ReactiveUserDetailsPasswordService.html[ReactiveUserDetailsPasswordService]
* Added <<webflux-oauth2,OAuth2>> support * Added <<webflux-oauth2,OAuth2>> support
** Added <<webflux-oauth2-client,OAuth2 Client>> support ** Added <<webflux-oauth2-client,OAuth2 Client>> support
** Added<<webflux-oauth2-resource-server,OAuth2 Resource Server>> support ** Added <<webflux-oauth2-resource-server,OAuth2 Resource Server>> support
** Added OAuth2 <<webclient,WebClient>> integration ** Added OAuth2 <<webclient,WebClient>> integration
* <<test-method>> - `@WithUserDetails` now works with `ReactiveUserDetailsService` * <<test-method>> - `@WithUserDetails` now works with `ReactiveUserDetailsService`
* Added <<webflux-cors,CORS>> support * Added <<webflux-cors,CORS>> support
@ -32,17 +34,17 @@ Below are the highlights of the release.
** <<webflux-headers-feature,Feature Policy>> ** <<webflux-headers-feature,Feature Policy>>
** <<webflux-headers-referrer,Referrer Policy>> ** <<webflux-headers-referrer,Referrer Policy>>
* <<webflux-redirect-https,Redirect to HTTPS>> * <<webflux-redirect-https,Redirect to HTTPS>>
* Improvements for {security-api-url}org/springframework/security/core/annotation/AuthenticationPrincipal.html[@AuthenticationPrincipal]
** Support for resolving beans
** Support for resolving `errorOnInvalidType`
=== Integrations === Integrations
* <<core-services-password-encoding>> - New service to support password upgrades * <<jackson,Jackson Support>> works with `BadCredentialsException`
* <<jackson>> - Support for `BadCredentialsException`
* <<test-method>> - Support for customizing when the `SecurityContext` is setup in the test. * <<test-method>> - Support for customizing when the `SecurityContext` is setup in the test.
For example, `@WithMockUser(setupBefore = TestExecutionEvent.TEST_EXECUTION)` will setup a user after JUnit's `@Before` and before the test executes. For example, `@WithMockUser(setupBefore = TestExecutionEvent.TEST_EXECUTION)` will setup a user after JUnit's `@Before` and before the test executes.
* <<ldap>> - Support for setting up an `LdapContext` from custom environment variables * <<ldap>> - Support for setting up an `LdapContext` from custom environment variables
* <<x509>> - Support for deriving the X.509 principal via a strategy * <<x509>> - Support for deriving the X.509 principal via a strategy
* <<mvc-authentication-principal>>
** Support for resolving beans in WebFlux (support already exists for Spring MVC)
** Support for resolving `errorOnInvalidType` in WebFlux (support already exists for Spring MVC)

View File

@ -1,7 +1,7 @@
= Spring Security Reference = Spring Security Reference
Ben Alex; Luke Taylor; Rob Winch; Gunnar Hillert; Joe Grandja; Jay Bryant Ben Alex; Luke Taylor; Rob Winch; Gunnar Hillert; Joe Grandja; Jay Bryant
:include-dir: _includes :include-dir: _includes
:security-api-url: http://docs.spring.io/spring-security/site/docs/current/apidocs/ :security-api-url: http://docs.spring.io/spring-security/site/docs/current/api/
:source-indent: 0 :source-indent: 0
:tabsize: 4 :tabsize: 4