Engineering
Releases
News and Events

Spring Security 4.0.2 Released

I’m pleased to announce the release of Spring Security 4.0.2.RELEASE. This release is the second maintenance release of the 4.0 line and focusses on fixing any major issues that were found in the new release. For complete details on the release, refer to the Change Log.

Along with lots of bug fixes, the highlights of this release include:

Support for Spring Framework 4.2

Spring Framework 4.2 GA is just around the corner. Spring Security 4.0.2 fixes some issues when running with Spring Framework 4.2. We are also rerunning our entire test suite using Spring Framework 4.2.

Minor Improvements to Spring Security Test

Previously, Spring Security’s test support would fail if there was no ApplicationContext. This was inconvenient if you were just wanting to run tests as a specific user. What’s more it was inconvenient to disable other features (i.e. loading an ApplicationContext) of Spring Test. The updates in Spring Security 4.0.2 allow running tests as a specific user with:

@SecurityTestExecutionListeners
@RunWith(SpringJUnit4ClassRunner.class)
public class MyTests {

    @WithMockUser
    @Test
    public void runsAsUserWithNoApplicationContext() {

    }
}

The SecurityTestExecutionListeners is a meta annotation that signals to Spring’s Test Framework to only use Spring Security related TestExecutionListeners and not to try loading the ApplicationContext.

HttpStatusReturningLogoutSuccessHandler

Spring Security 4.0.2 includes a HttpStatusReturningLogoutSuccessHandler which allows returning an HTTP status code when the user has successfully logged out making it easy to signal to a REST client authentication was successful.

You an use it with the following Java Based Configuration:


http .logout() .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())

If you are using XML Namespace configuration, you can use the logout@success-handler-ref :

<b:bean id="successHandler"
    class="org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler"/>
<http ...>
    <logout success-handler-ref="successHandler"/>
</http>

Changes for Spring Cloud Security

The release includes changes for Spring Cloud Security (i.e. AES/GCM support).

Project Site | Reference | Guides

comments powered by Disqus