⭐ New Features
- Move log statement in SessionRegistryImpl #6979
- Fix RoleHierarchy Javadoc #6973
- Disable bean proxying in configuration classes #6970
- Make Spring web configuration classes use proxyBeanMethods=false by default #6967
- Migrate JeeConfigurerTests groovy->java #6957
- Update to nohttp 0.0.2.RELEASE #6955
- RoleHierarchy Comments are misleading #6954
- Migrate RememberMeConfigurerTests groovy->java #6951
- Migrate CorsConfigurerTests groovy->java #6946
- Migrate ChannelSecurityConfigurerTests groovy->java #6944
- Add success handler modification of OAuth2LoginSpec #6938
- Migrate SessionManagementConfigurerTests groovy->java #6937
- JenkinsFile should always indicate the JDK in use #6928
- Add @transient to OAuth2IntrospectionAuthenticationToken #6918
- Added null checks and tests to constructors #6915
- Updates OAuth2ResourceServer configuration tests #6904
- Migrate LogoutConfigurerTests from groovy to java #6902
- Finer variables for OAuth2 redirectUriTemplate expansion #6900
- Add null checks to constructors #6892
- Fix JavaDoc for defaultSuccessUrl #6878
- Add constructor to JwtAuthenticationToken that takes a principal name #6865
- Add OAuth2LoginSpec.authenticationSuccessHandler #6863
- Add Multi-tenancy support for Reactive Resource Server #6861
- Git ignore .attach_pid* files #6860
- Translate messages.properties into Japanese #6855
- Replace bean method calls with injection #6853
- Make scheduler configurable on ReactiveAuthenticationManagerAdapter #6852
- Introduce Jwt.Builder #6851
- OpaqueToken DSL should accept an AuthenticationManager #6849
- Jwt DSL Configuration should accept an AuthenticationManager #6832
- OAuth2IntrospectionAuthenticationToken should be marked as @transient #6829
- Reactive JwkSource Builder Parameter Type Changed the parameter type from JWT to SignedJWT Fixes: gh-6771 #6827
- Fix javadoc typo #6825
- Support JwtValidationException on JwtReactiveAuthenticationManager #6823
- Switch to proxy-less configuration by leveraging @configuration(proxyBeanMethods = false) #6818
- Opaque Token Support for Custom Parameters #6798
- Fix no check if the parameter is null. #6775
- Expose bean setters in @configuration used by @EnableWebFluxSecurity #6761
- Multi-tenancy for Reactive Resource Server #6727
- Introduce ReactiveAuthenticationManagerResolver #6723
- Introduce JWT Flow API in Test Support #6634
- Opaque Token Intermediate Type #6632
- Make it possible to use Spring Security with functional bean registration #6624
- OAuth2ResourceServer configuration tests use deprecated extractAuthorities #6516
- X509 Reactive Support #6336
- Improve ClaimAccessor and externalize coercion #6245
- Add scheme/protocol variable for OAuth2 redirectUriTemplate #6239
- AccountStatusUserDetailsChecker implements MessageSourceAware #6151
- Support Path Variables in Message Expressions #6110
- WebSocket matchers ignore parameters #4469
🪲 Bug Fixes
- ID Token validation should use JwtTimestampValidator #6964
- Fix HttpSecurity Javadoc for jee() method #6959
- Fix HttpSecurity jee() Javadoc example for mappableRoles #6958
- DefaultServerOAuth2AuthorizationRequestResolver should use fromUri #6952
- WebClientReactiveClientCredentialsTokenResponseClient should not set Authorization header when ClientAuthenticationMethod.POST #6911
- Documentation fixes #6889
- java.lang.IllegalAccessError when resource server introspect token from oauth2 server #6843
- oauth2Login does not auto-redirect for XHR request #6812
🔨 Dependency Upgrades
- Update to Spring 5.2.0.M2 #6869
❤️ Contributors
We'd like to thank all the contributors who worked on this release!