spring-projects/spring-security 5.6.0-RC1

on GitHub

⏪ Breaking Changes

• Conditionally resolve bearer token from request parameters #10340
• DefaultBearerTokenResolver triggers processing of multipart content #10326
• getClaimAsBoolean should not be falsy #10148
• getClaimAsBoolean() should not be falsy #10356

⭐ New Features

• Add saml2.ValidIssuers parameter into SAML 2.0 Assertion Validators #10335
• Add parameters converter support to AbstractWebClientReactiveOAuth2AccessTokenResponseClient #10336
• Add postProcess support to Saml2LogoutConfigurer, closes gh-10311 #10339
• Add saml2.ValidIssuers parameter into SAML 2.0 Assertion Validators #10341
• Add standard OAuth 2.0 error code invalid_redirect_uri #10370
• Add Supplier JwtDecoders #10310
• Allow Defining Custom SAML 2.0 Assertion Signature Validator #10264
• Allow setting custom BodyExtractor to the AbstractWebClientReactiveOAuth2AccessTokenResponseClient #10269
• AuthenticationPrincipal argument type cannot be primitive #10172
• Check for multiple access tokens per rfc 6750 #10302
• Deprecate Kotlin methods that have equivalents using reified types #10365
• Fix Antora cross-references that lead to other pages. #10345
• Fix typo in digest.adoc #10304
• Implement reactive support for JWT as an Authorization Grant #10327
• Implement reactive support for JWT as an Authorization Grant #10147
• Implement reactive support for JWT Client Authentication #10146
• Improve Method Security logging #10279
• Introduce JwtEncoder #9208
• JwtDecoders and NimbusJwtDecoder should use the same JWKSource #10312
• OAuth2LoginAuthenticationProvider information loss at exception handling #10228
• please support lazily doing issuer checks (and all other checks) on startup for oauth resource servers #9991
• Revamp OAuth 2.0 Client reactive documentation #10373
• Saml2WebSsoAuthenticationFilter adds authentication details #10306
• Saml2WebSsoAuthenticationFilter ignores the authentication details #7722
• Structure101 Build Plugin #9768
• Use Antora #5835

🔨 Dependency Upgrades

• Update Gradle to 7.0 #9615
• Update Gradle to 7.2 #10338

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @heowc
• @sjohnr
• @DarrenForsythe
• @jzheaux
• @jgrandja
• @ahus1
• @pneuschwander
• @1993heqiang
• @qavid
• @eleftherias
• @Emkas
• @bishoybasily
• @jvmlet
• @erised
• @marcusdacoregio
• @Kehrlann