Spring blog

All Posts
Engineering
Releases
News and Events

Spring Security 5.0.0 M2 Released

Releases | Rob Winch | June 16, 2017 | ...

On behalf of the community, I’m pleased to announce the release of Spring Security 5.0.0 M2. This release includes bug fixes, new features, and is based off of Spring Framework 5.0.0 RC2.

A complete example of using Spring Security to secure a Spring WebFlux application can be found in the Spring Security samples at hellowebflux and hellowebfluxfn.

The highlights of the release include:

Simplified Reactive Security Configuration

It is now very easy to setup a minimal Reactive Security Configuration. Add @EnableWebFluxSecurity and provide a UserDetailsRepository

@EnableWebFluxSecurity
public class SecurityConfig {
    @Bean
    public UserDetailsRepository userDetailsRepository() {
        return new MapUserDetailsRepository(User.withUsername("user")
            .password("password")
            .roles("USER")
            .build()
        );
    }
}

We have added UserDetailsManagerResourceFactoryBean which provides a simple way to create a UserDetailsRepository using a properties file. For example:

@Bean
public UserDetailsRepositoryResourceFactoryBean userDetailsService() {
    return UserDetailsRepositoryResourceFactoryBean
                  .fromResourceLocation("classpath:users.properties");
}

and users.properties

user=password,ROLE_USER
admin=password,ROLE_USER,ROLE_ADMIN

Note

For non reactive applications, there is a new UserDetailsManagerResourceFactoryBean to create an InMemoryUserDetailsManager from a properties file

WebTestClient Support

This release also adds support for WebTestClient. For example, you can run as a test user using the following:

ExchangeMutatorWebFilter exchangeMutator = new ExchangeMutatorWebFilter();
WebTestClient mockRest = WebTestClient.bindToApplicationContext(this.context)
    .webFilter(exchangeMutator) // add the exchangeMutator
    .build();

mockRest
        // run only this request with a mocked user
    .filter(exchangeMutator.perClient(withUser()))
    .get()
    .uri("/principal")
    .exchange()
    .expectStatus().isOk();

Project Site | Reference | Guides | Help

Get the Spring newsletter

Stay connected with the Spring newsletter

Subscribe

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all