On behalf of the community, I’m pleased to announce the release of Spring Security 4.1.0.RC1. This release resolved over 100 tickets. You can find some of the highlights below:

• Path Variables in Web Security Expressions
• Content Security Policy (CSP)
• HTTP Public Key Pinning (HPKP)
• Added ForwardAuthenticationFailureHandler & ForwardAuthenticationSuccessHandler
• SCrypt support with SCryptPasswordEncoder
• Simplified UserDetailsService Java Configuration
• Simplified AuthenticationProvider Java Configuration
• Moved to GitHub issues
• Test Meta Annotations
• Method Security Meta Annotations

Contributions

Without the community we couldn’t be the successful project we are today. I’d like to thank everyone that created issues & provided feedback. A special thanks to the following people who provided pull requests for this release:

• #199 - Fix a broken link to a blog posting on the Spring website Thanks Yi EungJun
• #230 - Fix formatting error in documentation Thanks Martin Macko
• #248 - SEC-3175: Migrate to assertj Thanks Billy Korando
• #257 - Use XML Namespace for PreAuth Samples Thanks Michael Osipov
• #258 - SEC-2746: Fix keys in messages bundle Thanks Karol Lewandowski
• #259 - Rename HeaderWriter loop variable name Thanks bax1989
• #3699 - Fix ` in documentation Thanks drdamour
• #3700 - Allow override of SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR Thanks Andrei Ivanov
• #3707 - HTTP Public Key Pinning Thanks Tim Ysewyn
• #3717 - Add SCryptPasswordEncoder Thanks Shazin Sadakath
• #3724 - Fix Javadoc on ProviderManager.authenticate Thanks hmolsen
• #3729 - ForwardAuthenticationFailureHandler & ForwardAuthenticationSuccessHandler Thanks Shazin Sadakath
• #3731 - Sort ObjectPostProcessors prior to invoking them Thanks Wallace Wadge
• #3734 - Upgrade Apache Commons Collections to v3.2.2 Thanks Justine Tunney
• #3740 - Forward after authentication attempt configuration support (#3728) Thanks Shazin Sadakath
• #3749 - Add RememberMeConfigurer set domain Thanks Eddú Meléndez Gonzales
• #3750 - Upgrade to Sonarqube plugin Thanks Eddú Meléndez Gonzales

Feedback Please

If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues, or via the comments section. You can also ping me @rob_winch or Joe (our latest full time Spring Security team member) @joe_grandja on Twitter.

Of course the best feedback comes in the form of contributions.

Project Site | Reference | Guides | Help