Skip to content
Pre-release
Pre-release

@eleftherias eleftherias released this Jan 8, 2020 · 34 commits to master since this release

⭐️ New Features

  • Allow disabling dependency locking #7799
  • Build task "snapshots" should not use locked dependencies #7798
  • Add oauth2Login MockMvc Test Support #7789
  • Manage Versions using Version Locking #7788
  • Use Gradle Platform / Constraints #7787
  • Idiomatic Kotlin DSL for configuring HTTP security in servlet based applications #7785
  • Fix description of PasswordEncoder #7784
  • Fix unchecked assignment and possible NPE #7773
  • Resolve JavaType only once for whitelisted class #7755
  • Set secure when cancelling remember-me cookie #7726
  • Add JwtIssuerAuthenticationManagerResolver #7724
  • Add opaque token test support #7712
  • Remove redundant validation for redirect-uri #7706
  • Reactive Implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7702
  • Incomplete Documentation for Setting Up MockMvc and Spring Security #7688
  • Add Oidc Login Reactive Test Support #7680
  • Remove consecutive-word duplications in Javadocs #7673
  • Fix InitializeAuthenticationProviderBeanManagerConfigurer Javadoc #7666
  • Fix minor typo in HttpSecurity documentation #7663
  • Check BCrypt hashed value of a byte array #7661
  • Allow configuration of AuthenticationManager in saml2Login() #7654
  • Add oidcLogin MockMvc Test Support #7618
  • Add OidcUserInfo.Builder #7593
  • Add OidcIdToken.Builder #7592
  • Provide reactive implementation of AuthorizedClientServiceOAuth2AuthorizedClientManager #7569
  • Specify return type in InitializeUserDetailsBeanManagerConfigurer method Javadoc #7557
  • In Test @AuthenticationPrincipal is null because ServerWebExchange is not wrapped #6598
  • Make MethodSecurityEvaluationContext Delegates to MethodBasedEvaluationContext #6249
  • Override the key to avoid CookieTheftException #5509
  • Add resource server support for multiple trusted JWT access token issuers #5385
  • RememberMeConfigurer does not use the key from RememberMeServices #4140
  • Option in BasicAuthenticationFilter to log more exception info #3308

🐞 Bug Fixes

  • OidcLoginRequestPostProcessor should respect configuration order #7794
  • Fix var typo and code readability in resource server documentation #7772
  • Docs ServerRSocketFactoryCustomizer->ServerRSocketFactoryProcessor #7737
  • Use the custom ServerRequestCache for Oauth2LoginSpec #7734
  • CompositeServerHttpHeadersWriter Should Execute Sequentially #7731
  • DelegatingServerAuthenticationSuccessHandler Should Execute Sequentially #7728
  • DelegatingServerLogoutHandler Should Execute Sequentially #7723
  • RequestCacheSpec not used on RedirectServerAuthenticationEntryPoint for OAuth2LoginSpec.configure #7721
  • Disabling logout in WebFlux does nothing #7682
  • Saml2Authentication isn't serializable #7681
  • Correctly configure authorization requests repository for OAuth2 login #7675
  • Error in javadoc for oauth2ResourceServer #7670
  • DefaultReactiveOAuth2AuthorizedClientManager never calls UnAuthenticatedServerOAuth2AuthorizedClientRepository #7544
  • WebFlux oauth2Login returns 500 when bad client credentials #5562

🔨 Dependency Upgrades

  • Update to Spring Boot 2.2.2.RELEASE #7797
  • Upgrade com.nimbusds:nimbus-jose-jwt dependency #7720

Non-passive

  • UsernamePasswordAuthenticationTokenDeserializer doesn't deserialize details to correct type #7482

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

Assets 2
You can’t perform that action at this time.