⭐ New Features
- Add Hello RSocket Sample #7504
- Add RSocket Reference #7502
- CookieServerCsrfRepositoryTests should not start domain with a dot #7500
- Add OAuth2 Resource Server to Modules Section #7498
- Initial saml2 login docs #7495
- SAML 2 Assertion - Always require signature validation #7490
- Add Reactive Messaging CurrentSecurityContextPrincipalArgumentResolver #7488
- CurrentSecurityContextArgumentResolver polishes #7487
- Add ClientRegistration.withClientRegistration(ClientRegistration) #7486
- Add hasAuthority method to RSocketSecurity #7478
- Align Servlet ExchangeFilterFunction CoreSubscriber #7476
- WebFluxSecurityConfiguration does not configure oauth2Client #7470
- Allow to customize OAuth2AuthorizationRequestRedirectWebFilter in OAuth2LoginSpec #7467
- Add ability to customize OAuth2AuthorizationRequestRedirectWebFilter in OAuth2LoginSpec #7466
- Document Clear-Site-Data Support #7463
- Document RFC 8414 Support #7462
- Document Bearer Token Propagation #7461
- Document Reactive Mock Jwt Testing #7460
- Fixed typo in comment #7458
- Use Schedulers.boundedElastic() #7457
- AbstractUserDetailsReactiveAuthenticationManager uses newParallel #7456
- Add hasAnyAuthority method in AuthorizePayloadsSpec.Access #7455
- Add denyAll method in AuthorizePayloadsSpec.Access #7451
- AuthenticationFilter's methods should be private #7447
- AuthenticationFilter should provide session fixation protection #7446
- Use Jwt.Builder #7443
- Add AuthorizePayloadsSpec.Access denyAll, hasAnyRole, hasAnyAuthority #7437
- Add AuthorizePayloadsSpec.Access hasAuthority #7435
- Document Resource Server User-Info Usage #7431
- Document Reactive Opaque Token Usage #7430
- Document NimbusReactiveJwtDecoder #7425
- Document Mock Jwt Testing #7424
- Servlet ExchangeFilterFunctions should align #7422
- Document Opaque Token Usage #7420
- ServletBearerExchangeFilterFunction should propagate Authentication #7418
- Document NimbusJwtDecoder #7408
- Document Jwt.Builder #7407
- Document OAuth2AuthenticatedPrincipal #7406
- DefaultReactiveOAuth2AuthorizedClientManager should default ServerWebExchange #7390
- Make OAuth2User extends OAuth2AuthenticatedPrincipal #7383
- OAuth2User should extend OAuth2AuthenticatedPrincipal #7378
- SamlAuthenticationProvider should propagate actual validation errors #7375
- Add Reactive Messaging AuthenticationPrincipalArgumentResolver #7363
- Allow Custom PayloadInterceptor to be Added #7362
- Default RSocketSecurity #7361
- Add nonce to OIDC Authentication Request #7337
- Introduce LogoutSuccessEvent #7306
- Mock Jwt should ensure that CSRF is not required #7170
- Document BearerTokenResolver in reference #6254
- Consider adding nonce to OIDC Authentication Request #4442
- SEC-2680: Fire an event when logout has finished #2900
🪲 Bug Fixes
- Correctly populate the AuthNRequest attributes #7496
- AuthNRequest#Destination contains the SP entity ID, not the IDP SSO URI #7494
- AbstractUserDetailsReactiveAuthenticationManager default Scheduler should be disposed #7492
- Always validate saml2 signatures #7491
- CurrentSecurityContext Javadoc should be about SecurityContext #7489
- Fix AuthorizationPayloadInterceptor order using PayloadInterceptorOrd… #7450
- SAML Response Skew is using the wrong type #7448
- Jwt.Builder should keep notBefore as an Instant #7442
- AuthorizePayloadsSpec uses AUTHENTICATION for AuthorizationPayloadInterceptor #7434
- RSocketMessageHandlerITests could hang #7415
- RSocketSecurity anyRequest delegates to anyExchange #7414
- OpenSamlAuthenticationProvider should not throw AuthenticationServiceException #7377
- OpenSamlAuthenticationProvider should propagate validation errors #7376
- OAuth2AuthorizationCodeGrantWebFilter should not restrict redirect-uri #7036
🔨 Dependency Upgrades
- Update to Spring Data Moore-RELEASE #7506
- Remaining dependency upgrades for 5.2.0 #7505
- Upgrade JSON jackson library to 2.10.0 #7480
- Release/dependencies for 5.2 ga #7471
- Update the AspectJ Gradle Plugin to 4.0.2 #7427
- Update to Gradle 5.6.2 #7412
- Upgrade to OpenSaml 3.4.3 #7392
- Upgrade embedded Apache Tomcat to 9.0.24 #7384
❤️ Contributors
We'd like to thank all the contributors who worked on this release!