Spring Security v5.4.0-RC1 Release Notes
Release Date: 2020-08-05 // over 3 years ago-
๐ฑ โญ New Features
- ๐ Deprecate CustomUserTypesOAuth2UserService #8908
- ๐ Deprecate ClientRegistration.redirectUriTemplate #8906
- ๐ Allow for custom ClientRegistration.clientAuthenticationMethod #8903
- ๐ Deprecate ImplicitGrantConfigurer #8902
- โ Remove use of Mono.deferWithContext() #8901
- ๐ Consider adding RelyingPartyRegistrationResolver #8887
- โ Add HttpMessageConverter that constructs a RelyingPartyRegistration #8877
- ๐ RelyingPartyRegistration should default the ACS Location #8876
- โก๏ธ Update SimpleSaml2AuthenticatedPrincipal class name #8861
- ๐ Introduce AuthenticationConverterServerWebExchangeMatcher #8854
- ๐ Make class SimpleSaml2AuthenticatedPrincipal public #8852
- ๐ Support custom filter in Server Kotlin DSL #8850
- ๐ Saml2AuthenticationToken should take a RelyingPartyRegistration #8845
- ๐ Wording changes #8832
- ๐ -gh 8784 Document improvement for WebSecurityConfigure #8825
- ๐ Consider making BearerTokenServerWebExchangeMatcher public and more generic #8824
- โ Add custom HeaderWriter in Kotlin DSL #8823
- โ Add Static Factories to Saml2X509Credential #8822
- ๐ Allow disabling headers in Kotlin DSL #8816
- โ Remove need for WebSecurityConfigurerAdapter #8805
- ๐ Configure HTTP Security without extending WebSecurityConfigurerAdapter #8804
- ๐ Fix #8693 Support SAML 2.0 SP Metadata Endpoints #8795
- โ Add Static Factories to Saml2X509Credential #8789
- ๐ RelyingPartyRegistration Credentials Should Be Split by Party #8788
- ๐ Support custom filter in Server Kotlin DSL #8783
- ๐ mongolian translation for messages.properties #8780
- ๐ Mongolian translation required for messages.propeperties #8778
- ๐ RelyingPartyRegistration should use metadata spec language #8777
- ๐ ACS Binding should be in RelyingPartyRegistration #8776
- โ Remove OpenSamlImplementation #8775
- ๐ OpenSamlAuthenticationRequestFactory should use OpenSAML directly #8774
- ๐ OpenSamlAuthenticationProvider should use OpenSAML directly #8773
- ๐ OpenSAML should get initialized as part of container lifecycle #8772
- ๐ SAML Assertion validation fails when OneTimeUse condition is sent from the IdP #8769
- ๐ Improve error message when invalid content-type for UserInfo response #8764
- ๐ Simplify retrieving Introspection-specific attributes #8740
- ๐ Reactive SwitchUserWebFilter for user impersonation #8687
- ๐ Change getMethod() to return configured value in SimpleSavedRequest #8675
- ๐ gh-8589 Additional Jwt validation debug messages #8665
- โ Adds cookie based RequestCache #8653
- ๐ Missing Reactive SwitchUserWebFilter for user impersonation #8599
- ๐ Use String to specify custom HTTP method in mock request #8592
- โ Add logging #8589
- ๐ Support for dynamic configuration using IDP metadata URL for SAML SSO integration #8484
- ๐ SAML Authentication Provider assertions #8471
- ๐ Throw exception when specified ldif file does not exist #8434
- ๐ SAML: Add RequestedAuthnContext to AuthnRequest in OpenSamlAuthenticationRequestFactory #8141
- โ Add request cache that uses cookie #8034
- ๐ No log message or exception if expected ldif file does not exist #7791
๐ฑ ๐ Bug Fixes
- ๐ Move RSocket Integration Tests to integration tests #8944
- ๐ Fix snapshot build failure related to reactor-netty #8909
- ๐ Resolve Bearer token after subscribing to publisher #8894
- ๐ ServerBearerTokenAuthenticationConverter throws exceptions instead of signalling error #8865
- โก๏ธ Update README.adoc #8851
- ๐ Saml2Error should be in a core package #8835
- ๐ Fix #8797: Add OAuth2AuthenticationException to allowlist #8827
- ๐ CookieRequestCache "REDIRECT_URI" removed by any request #8820
- ๐ use CookieRequestCache something went wrong #8817
- ๐ LoginPageGeneratingWebFilter should honor context path #8807
- ๐ Fix ProviderManager Javadoc typo #8800
- ๐ OAuth2AuthenticationException should be in allowlist #8797
- ๐ tutorial uses hasRole but should use hasAuthority #8796
- ๐ Saml2WebSsoAuthenticationFilter does not follow standard patterns for request matching. #8768
- ๐ Bearer Token Padding #8511
- ๐ Resolved bearer token has no padding indicators #8502
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!