GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Spring Security
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19035 Commits
54 Branches
369 Tags
121 MiB
 
 
 
 
Tree: 34742c9743
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '34742c9743'
${ noResults }
spring-security/docs/modules/ROOT/pages/whats-new.adoc

57 lines
2.1 KiB
Raw Blame History

[[new]]
= What's New in Spring Security 7.0
Spring Security 7.0 provides a number of new features.
Below are the highlights of the release, or you can view https://github.com/spring-projects/spring-security/releases[the release notes] for a detailed listing of each feature and bug fix.
== Removals
Being a major release, there are a number of deprecated APIs that are removed in Spring Security 7.
Each section that follows will indicate the more notable removals as well as the new features in that module
== Core
* Removed `AuthorizationManager#check` in favor of `AuthorizationManager#authorize`
== Config
* Removed `and()` from the `HttpSecurity` DSL in favor of using the lambda methods
* Removed `authorizeRequests` in favor of `authorizeHttpRequests`
* Simplified expression migration for `authorizeRequests`
* Added support for SPA-based CSRF configuration:
Java::
+
[source,java,role="primary"]
----
http.csrf((csrf) -> csrf.spa());
----
== Data
* Added support to Authorized objects for Spring Data types
== LDAP
* Removed `ApacheDsContainer` and related Apache DS support in favor of UnboundID
== OAuth 2.0
* Removed support for password grant
* Added OAuth2 Support for xref:features/integrations/rest/http-interface.adoc[HTTP Interface Integration]
* Added support for custom `JwkSource` in `NimbusJwtDecoder`, allowing usage of Nimbus's `JwkSourceBuilder` API
* Added builder for `NimbusJwtEncoder`, supports specifying an EC or RSA key pair or a secret key
== SAML 2.0
* Removed API methods based on `AssertingPartyDetails` class in favor of `AssertingPartyMetadata` interface
* Removed GET request support from `Saml2AuthenticationTokenConverter`
* Added JDBC-based `AssertingPartyMetadataRepository`
* Made so that SLO still returns `<saml2:LogoutResponse>` even when validation fails
== Web
* Removed `MvcRequestMatcher` and `AntPathRequestMatcher` in favor of `PathPatternRequestMatcher`
* Added javadoc:org.springframework.security.web.authentication.preauth.x509.SubjectX500PrincipalExtractor[]
* Added support for propagating exceptions in Authorized proxies through Spring MVC controllers
* Added support to Authorized objects for Spring MVC types