Skip to content

Commit fca30e3

Browse files
jzheauxjzheaux
committed
Update What's New in Spring Security 7
Closes gh-17582
1 parent 84d54b9 commit fca30e3

File tree

1 file changed

+48
-1
lines changed

1 file changed

+48
-1
lines changed

docs/modules/ROOT/pages/whats-new.adoc

Lines changed: 48 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,54 @@
44
Spring Security 7.0 provides a number of new features.
55
Below are the highlights of the release, or you can view https://github.com/spring-projects/spring-security/releases[the release notes] for a detailed listing of each feature and bug fix.
66

7+
== Removals
8+
9+
Being a major release, there are a number of deprecated APIs that are removed in Spring Security 7.
10+
Each section that follows will indicate the more notable removals as well as the new features in that module
11+
12+
== Core
13+
14+
* Removed `AuthorizationManager#check` in favor of `AuthorizationManager#authorize`
15+
16+
== Config
17+
18+
* Removed `and()` from the `HttpSecurity` DSL in favor of using the lambda methods
19+
* Removed `authorizeRequests` in favor of `authorizeHttpRequests`
20+
* Simplified expression migration for `authorizeRequests`
21+
* Added support for SPA-based CSRF configuration:
22+
23+
Java::
24+
+
25+
[source,java,role="primary"]
26+
----
27+
http.csrf((csrf) -> csrf.spa());
28+
----
29+
30+
== Data
31+
32+
* Added support to Authorized objects for Spring Data types
33+
34+
== LDAP
35+
36+
* Removed `ApacheDsContainer` and related Apache DS support in favor of UnboundID
37+
38+
== OAuth 2.0
39+
40+
* Removed support for password grant
41+
* Added OAuth2 Support for xref:features/integrations/rest/http-interface.adoc[HTTP Interface Integration]
42+
* Added support for custom `JwkSource` in `NimbusJwtDecoder`, allowing usage of Nimbus's `JwkSourceBuilder` API
43+
* Added builder for `NimbusJwtEncoder`, supports specifying an EC or RSA key pair or a secret key
44+
45+
== SAML 2.0
46+
47+
* Removed API methods based on `AssertingPartyDetails` class in favor of `AssertingPartyMetadata` interface
48+
* Removed GET request support from `Saml2AuthenticationTokenConverter`
49+
* Added JDBC-based `AssertingPartyMetadataRepository`
50+
* Made so that SLO still returns `<saml2:LogoutResponse>` even when validation fails
51+
752
== Web
853

54+
* Removed `MvcRequestMatcher` and `AntPathRequestMatcher` in favor of `PathPatternRequestMatcher`
955
* Added javadoc:org.springframework.security.web.authentication.preauth.x509.SubjectX500PrincipalExtractor[]
10-
* Added OAuth2 Support for xref:features/integrations/rest/http-interface.adoc[HTTP Interface Integration]
56+
* Added support for propagating exceptions in Authorized proxies through Spring MVC controllers
57+
* Added support to Authorized objects for Spring MVC types

0 commit comments

Comments
 (0)