3. What’s New in Spring Security 4.2
Among other things, Spring Security 4.2 brings early support for Spring Framework 5. You can find the change logs for 4.2.0.M1 , 4.2.0.RC1 , 4.2.0.RELEASE which closes over 80 issues. The overwhelming majority of these features were contributed by the community. Below you can find the highlights of this release.
- #3812 - Jackson Support
- #4116 - Referrer Policy
- #3938 - Add HTTP response splitting prevention
- #3949 - Add bean reference support to @AuthenticationPrincipal.
- #3978 - Support for Standford WebAuth and Shibboleth using the newly added RequestAttributeAuthenticationFilter .
- #4076 - Document Proxy Server Configuration
- #3795 -
ConcurrentSessionFilter
supportsInvalidSessionStrategy
- #3904 - Add
CompositeLogoutHandler
- #3956 - Central configuration of the default role prefix . See the issue for details.
- #4102 - Custom default configuration in
WebSecurityConfigurerAdapter
. See Section 5.10, “Custom DSLs” - #3899 - [email protected] supports unlimited sessions.
- #4097 - [email protected] adds more powerful request matching support to the XML namespace.
- #3990 - Support for constructing
RoleHierarchy
fromMap
(i.e.yml
) - #4062 - Custom cookiePath to
CookieCsrfTokenRepository
- #3794 - Allow configuration of
InvalidSessionStrategy
onSessionManagementConfigurer
- #4020 - Fix Exposing Beans for defaultMethodExpressionHandler can prevent Method Security