Spring Security 5.4.0-RC1 Released

Releases | Eleftheria Stein-Kousathana | August 13, 2020 | ...

On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.0-RC1! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8903 - Allow for custom ClientRegistration.clientAuthenticationMethod
gh-6489 - Simplify retrieving Introspection-specific attributes


gh-8804 - Remove need for WebSecurityConfigurerAdapter
gh-8599 - Reactive SwitchUserWebFilter for user impersonation
gh-8854 - Add AuthenticationConverterServerWebExchangeMatcher


gh-8783 - Support custom filter in Server Kotlin DSL

SAML 2.0

gh-8887 - Add RelyingPartyRegistrationResolver
gh-8484 - Add Metadata-based RelyingPartyRegistration construction
gh-8693 - Support SAML 2.0 SP Metadata Endpoints
gh-8141 - Add AuthnRequest Customization Support
gh-8769 - Add ConditionValidator Configuration Support

Deprecation Notice

Note that some APIs in OAuth 2.0 and SAML 2.0 were deprecated in this release:

gh-8908 - Deprecate CustomUserTypesOAuth2UserService
gh-8906 - Deprecate ClientRegistration.redirectUriTemplate
gh-8902 - Deprecate ImplicitGrantConfigurer
gh-8845 - Saml2AuthenticationToken should take a RelyingPartyRegistration
gh-8788 - RelyingPartyRegistration Credentials Should Be Split by Party
gh-8777 - RelyingPartyRegistration should use metadata spec language

Project Site | Reference | Help

Get the Spring newsletter

Thank you!

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all