Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreSpring Security 4.1.0.RC1 Released
On behalf of the community, I'm pleased to announce the release of Spring Security 4.1.0.RC1. This release resolved over 100 tickets. You can find some of the highlights below:
- Path Variables in Web Security Expressions
- Content Security Policy (CSP)
- HTTP Public Key Pinning (HPKP)
- Added
ForwardAuthenticationFailureHandler&ForwardAuthenticationSuccessHandler - SCrypt support with
SCryptPasswordEncoder - Simplified UserDetailsService Java Configuration
- Simplified AuthenticationProvider Java Configuration
- Moved to GitHub issues
- Test Meta Annotations
- Method Security Meta Annotations
Contributions
Without the community we couldn't be the successful project we are today. I'd like to thank everyone that created issues & provided feedback. A special thanks to the following people who provided pull requests for this release:
- #199 - Fix a broken link to a blog posting on the Spring website Thanks Yi EungJun
- #230 - Fix formatting error in documentation Thanks Martin Macko
- #248 - SEC-3175: Migrate to assertj Thanks Billy Korando
- #257 - Use XML Namespace for PreAuth Samples Thanks Michael Osipov
- #258 - SEC-2746: Fix keys in messages bundle Thanks Karol Lewandowski
- #259 - Rename HeaderWriter loop variable name Thanks bax1989
- #3699 - Fix ` in documentation Thanks drdamour
- #3700 - Allow override of SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR Thanks Andrei Ivanov
- #3707 - HTTP Public Key Pinning Thanks Tim Ysewyn
- #3717 - Add SCryptPasswordEncoder Thanks Shazin Sadakath
- #3724 - Fix Javadoc on ProviderManager.authenticate Thanks hmolsen
- #3729 - ForwardAuthenticationFailureHandler & ForwardAuthenticationSuccessHandler Thanks Shazin Sadakath
- #3731 - Sort ObjectPostProcessors prior to invoking them Thanks Wallace Wadge
- #3734 - Upgrade Apache Commons Collections to v3.2.2 Thanks Justine Tunney
- #3740 - Forward after authentication attempt configuration support (#3728) Thanks Shazin Sadakath
- #3749 - Add RememberMeConfigurer set domain Thanks Eddú Meléndez Gonzales
- #3750 - Upgrade to Sonarqube plugin Thanks Eddú Meléndez Gonzales
Feedback Please
If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues, or via the comments section. You can also ping me @rob_winch or Joe (our latest full time Spring Security team member) @joe_grandja on Twitter.
Of course the best feedback comes in the form of contributions.
Project Site | Reference | Guides | Help
Get support
Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all