⭐ New Features
- Add attributes Consumer to OAuth2AuthorizationContext #7385
- Improve DefaultReactiveOAuth2UserService handling IOException #7370
- Add RSocket Support #7360
- Polish Server|ServletBearerExchangeFilterFunction #7355
- Refactor Servlet/Server BearerExchangeFilterFunction #7353
- OAuth2AuthorizeRequest supports attributes #7352
- Grant Individual Authorities From Claims #7351
- DefaultOAuth2AuthorizedClientManager and DefaultServerOAuth2AuthorizedClientManager Alignment #7350
- Align Servlet ClearSiteData expression of directives #7347
- Add Adapter to Translate Jwt to BearerTokenAuthentication #7346
- Opaque Token Introspector should return an Authenticated Principal #7345
- Opaque Token Introspection Strategy Flexibility #7344
- Add BearerTokenAuthentication #7343
- Add OAuth2AuthenticatedPrincipal #7342
- OAuth2AuthorizeRequest supports attributes #7341
- DefaultOAuth2UserService should extract authorities #7339
- InMemoryReactiveClientRegistrationRepository should check for duplicates #7338
- Add Servlet and ServerBearerExchangeFilterFunction #7330
- Update to Gradle 5.6.1 #7323
- Simplify and improve the buildSrc gradle plugin #7302
- Update to Gradle 5.6 #7300
- Add Catalan localization messages #7288
- Add Catalan localization messages #7287
- Resource Server should support WebClient Bearer Token propagation #7284
- Sample should use UserDetailsService bean instead of configureGlobal method #7283
- Mock Jwt Test Samples #7278
- Allow to set default securityContextRepository for each authenticatio… #7275
- Resource Server Multi-tenancy Sample Should Manage Its Own Jwt Decoder #7272
- Add setter for authorities claim name in JwtGrantedAuthoritiesConverter #7271
- Jwk Set Uri Nimbus Jwt Decoder builders should take SignatureAlgorithm #7270
- Add setContentLengthLong detection to OnCommittedResponseWrapper. #7264
- Consolidate shared code between JwtDecoders and ReactiveJwtDecoders #7263
- Remove MultiTenantAuthenticationManagerResolver #7259
- Add setter for authority prefix in JwtGrantedAuthoritiesConverter #7256
- Prevent IntelliJ IDEA from generating spaces for indentation #7253
- TokenBasedRememberMeServices.processAutoLoginCookie (TokenBasedRememberMeServices.java:134) java.lang.NullPointerException #7251
- Authentication Mechanisms Should Default their ServerSecurityContextRepository #7249
- Rename OAuth2TokenIntrospectionClient #7246
- Consider renaming OAuth2TokenIntrospectionClient #7245
- Add OAuth2LoginSpec#securityContextRepository #7244
- Cleanup Code Style Issues #7238
- Add Checkstyle configuration for IntelliJ IDEA #7237
- Expose getPort in ApacheDsContainer #7236
- OAuth2LoginConfigurer should discover OAuth2UserService beans #7232
- Make ldap integration tests independent #7231
- Remove unused imports #7229
- ServerHttpSecurity: oauth2Login() ignores securityContextRepository() #7222
- Use the 'io.freefair.aspectj' gradle plugin #7183
- Add RequestMatcher.matcher(HttpServletRequest) #7172
- ignore Multipart requests in HttpSessionRequestCache.requestMatcher #7167
- Add test examples for Oauth2 Resource Server sample #7159
- Add unbounid support in xml #7149
- OAuth2AuthorizedClientManager implementation works outside of request #7122
- Improve OAuth2 Resource Server tests #7118
- Introduce Reactive OAuth2AuthorizedClient Manager/Provider #7116
- Allow configurable Clock in OAuth2AuthorizedClientProvider impls #7114
- JwtGrantedAuthoritiesConverter should allow configuring the authority prefix #7101
- JwtGrantedAuthoritiesConverter should allow configuring the authorities claim name #7100
- Add authenticationFailureHandler method in OAuth2LoginSpec #7071
- v5.2.0.M3 docs contain Deprecated example code #7062
- Multipartfile request with no authentication is still consumed even after an AccessDeniedException is thrown #7060
- Add OAuth2LoginSpec.authenticationFailureHandler #7051
- Add Argon2PasswordEncoder #7045
- Fix docs typo WebSecurityConfigurationAdapter->WebSecurityConfigurerAdapter #7026
- Add support for Resource Owner Password Credentials grant #7013
- Jwt decoding should support multiple algorithms #6883
- Polish Resource Server DSL Error Messaging #6876
- Remove Invalid WebMvcConfigurer from Sample Documentation #6822
- Align code in oauth2-client extensions for WebClient #6811
- OAuth2 Client Credentials Flow: Getting access tokens in the service/data tier #6780
- Provide Servlet equivalent of UnAuthenticatedServerOAuth2AuthorizedClientRepository #6683
- Spring Boot + spring-security-oauth2-resource-server should not throw a ClassNotFoundException once it supports more than one token format #6209
- Support Resource Owner Password Credentials grant #6003
- Add Argon2PasswordEncoder #5354
- Add BearerExchangeFilterFunction #5334
🪲 Bug Fixes
- Remove package tangle in headers #7380
- Remove OAuth2AuthorizationRequest when a distributed session is used #7334
- OAuth2AuthorizationRequest not removed from session #7327
- Use ConcurrentHashMap in InMemoryReactiveClientRegistrationRepository #7308
- fix footnotes markup #7305
- add media type jwk-set+json to accept header #7304
- InMemoryReactiveClientRegistrationRepository should not use ConcurrentReferenceHashMap #7299
- Fix WebClient Memory Leaks #7293
- NimbusJwtDecoderJwkSupport only sets 'application/json' Accept header #7290
- Fix typo in docs #7277
- Fix UserDetailsPasswordService JavaDoc #7266
- Ensure filter order is maintained when using springSecurity() along with other filters #7265
- OnCommittedResponseWrapper fails on static resources served by Tomcat 8.5 #7261
- Expire as many sessions as exceed maximum allowed #7258
- Use UTF-8 for compilation #7254
- Fix NPE in RequestContextSubscriber #7235
- RequestContextSubscriber could put null value in Reactor Context #7228
- Fix docs typo WebSecurityConfigurationAdapter->WebSecurityConfigurerAdapter #7181
- SessionRegistryImpl uses Map.compute #7178
- SessionAuthenticationStrategy make HttpSecurity.sessionManagement().maximumSessions(1) unavailability #7166
- Misleading documentation for websocket security #4845
- SEC-2980: Possible race condition in SessionRegistryImpl #3189
- SEC-2971: Footnotes are messed up in online docs #3180
🔨 Dependency Upgrades
- Update to Gretty 2.3.1 #7389
- Update to OpenSaml 3.3.1 #7388
- Update to cglib 3.3.0 #7387
- Update to Spring Data Moore RC3 #7386
- Update to Spring Framework 5.2.0.RC2 #7371
- Update to Spring Boot 2.2.0.M5 #7320
- Update to org.seleniumhq.selenium:htmlunit-driver 2.36.0 #7319
- Update to hibernate-entitymanager 5.4.4.Final #7318
- Update to net.sourceforge.htmlunit:htmlunit 2.36.0 #7317
- Update to commons-codec 1.13 #7316
- Update to nimbus-jose-jwt 7.8 #7315
- Update to GAE 1.9.76 #7314
❤️ Contributors
We'd like to thank all the contributors who worked on this release!