Spring Security 5.2.0.RC1 Released

Releases | Eleftheria Stein-Kousathana | September 06, 2019 | ...

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.RC1! You can find the complete details in the release notes and the highlights below:

RSocket

gh-7360 - Add RSocket Support

SAML

gh-6019 - Add SAML Service Provider Support

OAuth 2.0

Resource server

gh-7101 - JwtGrantedAuthoritiesConverter allows configuring the authority prefix

gh-7100 - JwtGrantedAuthoritiesConverter allows configuring the authorities claim name

gh-7345 - Opaque Token Introspector returns an Authenticated Principal

gh-7346 - Add Adapter to Translate Jwt to BearerTokenAuthentication

gh-5334 and gh-7284 - Resource Server supports WebClient Bearer Token propagation

Client

gh-7114 - Allow configurable Clock in OAuth2AuthorizedClientProvider implementations

gh-7293 - Fix WebClient Memory Leaks

gh-7232 - OAuth2LoginConfigurer discovers OAuth2UserService beans

gh-7339 - DefaultOAuth2UserService and OidcUserService extract authorities from scopes

gh-7122 - OAuth2AuthorizedClientManager works outside of a request

gh-6003 - Support Resource Owner Password Credentials grant

JOSE

gh-6883 - JWT decoding supports multiple algorithms

gh-7290 - NimbusJwtDecoderJwkSupport supports "application/jwk-set+json" Accept header

Core

gh-7154 - Performance enhancement: Replace internal Stream usage with for loops

gh-7155 - Performance enhancement: Remove internal Optional usage in favor of null checks

gh-5354 - Add Argon2PasswordEncoder

gh-7287 - Add Catalan localization messages

Web

gh-7249 - Authentication mechanisms default their ServerSecurityContextRepository

Spring blog

Spring Security 5.2.0.RC1 Released

RSocket

gh-7360 - Add RSocket Support

SAML

gh-6019 - Add SAML Service Provider Support

OAuth 2.0

Resource server

gh-7101 - JwtGrantedAuthoritiesConverter allows configuring the authority prefix

gh-7100 - JwtGrantedAuthoritiesConverter allows configuring the authorities claim name

gh-7345 - Opaque Token Introspector returns an Authenticated Principal

gh-7346 - Add Adapter to Translate Jwt to BearerTokenAuthentication

gh-5334 and gh-7284 - Resource Server supports WebClient Bearer Token propagation

Client

gh-7114 - Allow configurable Clock in OAuth2AuthorizedClientProvider implementations

gh-7293 - Fix WebClient Memory Leaks

gh-7232 - OAuth2LoginConfigurer discovers OAuth2UserService beans

gh-7339 - DefaultOAuth2UserService and OidcUserService extract authorities from scopes

gh-7122 - OAuth2AuthorizedClientManager works outside of a request

gh-6003 - Support Resource Owner Password Credentials grant

JOSE

gh-6883 - JWT decoding supports multiple algorithms

gh-7290 - NimbusJwtDecoderJwkSupport supports "application/jwk-set+json" Accept header

Core

gh-7154 - Performance enhancement: Replace internal Stream usage with for loops

gh-7155 - Performance enhancement: Remove internal Optional usage in favor of null checks

gh-5354 - Add Argon2PasswordEncoder

gh-7287 - Add Catalan localization messages

Web

gh-7249 - Authentication mechanisms default their ServerSecurityContextRepository

gh-7166 - Expire multiple sessions if they exceed maximum number allowed

gh-7060 - Ignore multipart requests in session request cache matcher

LDAP

gh-7236 - Expose getPort in ApacheDsContainer

Get the Spring newsletter

Get ahead

Get support

Upcoming events

Spring blog

Spring Security 5.2.0.RC1 Released

RSocket

gh-7360 - Add RSocket Support

SAML

gh-6019 - Add SAML Service Provider Support

OAuth 2.0

Resource server

gh-7101 - JwtGrantedAuthoritiesConverter allows configuring the authority prefix

gh-7100 - JwtGrantedAuthoritiesConverter allows configuring the authorities claim name

gh-7345 - Opaque Token Introspector returns an Authenticated Principal

gh-7346 - Add Adapter to Translate Jwt to BearerTokenAuthentication

gh-5334 and gh-7284 - Resource Server supports WebClient Bearer Token propagation

Client

gh-7228 - Prevent null value in Context if subscribe was invoked outside of Web Context

gh-7114 - Allow configurable Clock in OAuth2AuthorizedClientProvider implementations

gh-7293 - Fix WebClient Memory Leaks

gh-7222 - Allow setting securityContextRepository for reactive OAuth2 login

gh-7051 - Allow setting authenticationFailureHandler for reactive OAuth2 login

gh-7232 - OAuth2LoginConfigurer discovers OAuth2UserService beans

gh-7339 - DefaultOAuth2UserService and OidcUserService extract authorities from scopes

gh-7122 - OAuth2AuthorizedClientManager works outside of a request

gh-6003 - Support Resource Owner Password Credentials grant

JOSE

gh-6883 - JWT decoding supports multiple algorithms

gh-7290 - NimbusJwtDecoderJwkSupport supports "application/jwk-set+json" Accept header

Core

gh-7154 - Performance enhancement: Replace internal Stream usage with for loops

gh-7155 - Performance enhancement: Remove internal Optional usage in favor of null checks

gh-5354 - Add Argon2PasswordEncoder

gh-7287 - Add Catalan localization messages

Web

gh-7249 - Authentication mechanisms default their ServerSecurityContextRepository

gh-7166 - Expire multiple sessions if they exceed maximum number allowed

gh-7060 - Ignore multipart requests in session request cache matcher

LDAP

gh-7236 - Expose getPort in ApacheDsContainer

Get the Spring newsletter

Get ahead

Get support

Upcoming events