Skip to content

@fhanik fhanik released this Oct 1, 2019 · 13 commits to master since this release

⭐️ New Features

  • Add Hello RSocket Sample #7504
  • Add RSocket Reference #7502
  • CookieServerCsrfRepositoryTests should not start domain with a dot #7500
  • Add OAuth2 Resource Server to Modules Section #7498
  • Initial saml2 login docs #7495
  • SAML 2 Assertion - Always require signature validation #7490
  • Add Reactive Messaging CurrentSecurityContextPrincipalArgumentResolver #7488
  • CurrentSecurityContextArgumentResolver polishes #7487
  • Add ClientRegistration.withClientRegistration(ClientRegistration) #7486
  • Add hasAuthority method to RSocketSecurity #7478
  • Align Servlet ExchangeFilterFunction CoreSubscriber #7476
  • WebFluxSecurityConfiguration does not configure oauth2Client #7470
  • Allow to customize OAuth2AuthorizationRequestRedirectWebFilter in OAuth2LoginSpec #7467
  • Add ability to customize OAuth2AuthorizationRequestRedirectWebFilter in OAuth2LoginSpec #7466
  • Document Clear-Site-Data Support #7463
  • Document RFC 8414 Support #7462
  • Document Bearer Token Propagation #7461
  • Document Reactive Mock Jwt Testing #7460
  • Fixed typo in comment #7458
  • Use Schedulers.boundedElastic() #7457
  • AbstractUserDetailsReactiveAuthenticationManager uses newParallel #7456
  • Add hasAnyAuthority method in AuthorizePayloadsSpec.Access #7455
  • Add denyAll method in AuthorizePayloadsSpec.Access #7451
  • AuthenticationFilter's methods should be private #7447
  • AuthenticationFilter should provide session fixation protection #7446
  • Use Jwt.Builder #7443
  • Add AuthorizePayloadsSpec.Access denyAll, hasAnyRole, hasAnyAuthority #7437
  • Add AuthorizePayloadsSpec.Access hasAuthority #7435
  • Document Resource Server User-Info Usage #7431
  • Document Reactive Opaque Token Usage #7430
  • Document NimbusReactiveJwtDecoder #7425
  • Document Mock Jwt Testing #7424
  • Servlet ExchangeFilterFunctions should align #7422
  • Document Opaque Token Usage #7420
  • ServletBearerExchangeFilterFunction should propagate Authentication #7418
  • Document NimbusJwtDecoder #7408
  • Document Jwt.Builder #7407
  • Document OAuth2AuthenticatedPrincipal #7406
  • DefaultReactiveOAuth2AuthorizedClientManager should default ServerWebExchange #7390
  • Make OAuth2User extends OAuth2AuthenticatedPrincipal #7383
  • OAuth2User should extend OAuth2AuthenticatedPrincipal #7378
  • SamlAuthenticationProvider should propagate actual validation errors #7375
  • Add Reactive Messaging AuthenticationPrincipalArgumentResolver #7363
  • Allow Custom PayloadInterceptor to be Added #7362
  • Default RSocketSecurity #7361
  • Add nonce to OIDC Authentication Request #7337
  • Introduce LogoutSuccessEvent #7306
  • Mock Jwt should ensure that CSRF is not required #7170
  • Document BearerTokenResolver in reference #6254
  • Consider adding nonce to OIDC Authentication Request #4442
  • SEC-2680: Fire an event when logout has finished #2900

🐞 Bug Fixes

  • Correctly populate the AuthNRequest attributes #7496
  • AuthNRequest#Destination contains the SP entity ID, not the IDP SSO URI #7494
  • AbstractUserDetailsReactiveAuthenticationManager default Scheduler should be disposed #7492
  • Always validate saml2 signatures #7491
  • CurrentSecurityContext Javadoc should be about SecurityContext #7489
  • Fix AuthorizationPayloadInterceptor order using PayloadInterceptorOrd… #7450
  • SAML Response Skew is using the wrong type #7448
  • Jwt.Builder should keep notBefore as an Instant #7442
  • AuthorizePayloadsSpec uses AUTHENTICATION for AuthorizationPayloadInterceptor #7434
  • RSocketMessageHandlerITests could hang #7415
  • RSocketSecurity anyRequest delegates to anyExchange #7414
  • OpenSamlAuthenticationProvider should not throw AuthenticationServiceException #7377
  • OpenSamlAuthenticationProvider should propagate validation errors #7376
  • OAuth2AuthorizationCodeGrantWebFilter should not restrict redirect-uri #7036

🔨 Dependency Upgrades

  • Update to Spring Data Moore-RELEASE #7506
  • Remaining dependency upgrades for 5.2.0 #7505
  • Upgrade JSON jackson library to 2.10.0 #7480
  • Release/dependencies for 5.2 ga #7471
  • Update the AspectJ Gradle Plugin to 4.0.2 #7427
  • Update to Gradle 5.6.2 #7412
  • Upgrade to OpenSaml 3.4.3 #7392
  • Upgrade embedded Apache Tomcat to 9.0.24 #7384

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

Assets 2
You can’t perform that action at this time.