Hear from the Spring team this January at SpringOne. >

Spring Security 5.4.0-RC1 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.0-RC1! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8903 - Allow for custom ClientRegistration.clientAuthenticationMethod
gh-6489 - Simplify retrieving Introspection-specific attributes


gh-8804 - Remove need for WebSecurityConfigurerAdapter
gh-8599 - Reactive SwitchUserWebFilter for user impersonation
gh-8854 - Add AuthenticationConverterServerWebExchangeMatcher


gh-8783 - Support custom filter in Server Kotlin DSL

SAML 2.0

gh-8887 - Add RelyingPartyRegistrationResolver
gh-8484 - Add Metadata-based RelyingPartyRegistration construction
gh-8693 - Support SAML 2.0 SP Metadata Endpoints
gh-8141 - Add AuthnRequest Customization Support
gh-8769 - Add ConditionValidator Configuration Support

Deprecation Notice

Note that some APIs in OAuth 2.0 and SAML 2.0 were deprecated in this release:

gh-8908 - Deprecate CustomUserTypesOAuth2UserService
gh-8906 - Deprecate ClientRegistration.redirectUriTemplate
gh-8902 - Deprecate ImplicitGrantConfigurer
gh-8845 - Saml2AuthenticationToken should take a RelyingPartyRegistration
gh-8788 - RelyingPartyRegistration Credentials Should Be Split by Party
gh-8777 - RelyingPartyRegistration should use metadata spec language
comments powered by Disqus