close

Eleftheria Stein-Kousathana

Eleftheria Stein-Kousathana

Spring Security committer

Berlin, Germany

Blog Posts by Eleftheria Stein-Kousathana

Spring Session 2021.0.5 and 2021.1.2 released

On behalf of the team, I’m pleased to announce the release of Spring Session 2021.0.5 and 2021.1.2. These releases deliver bug fixes and dependency upgrades.
For your convenience, Spring Boot will pick up these artifacts with its upcoming releases.

The following modules were updated as part of 2021.0.5:

The following modules were updated as part of 2021.1.2:

Read more...

Spring Security 5.7.0-M2 released

On behalf of the team and everyone who has contributed, I am pleased to announce the release of Spring Security 5.7.0-M2.

You can find the complete list of dependency updates, bug fixes and enhancements in the release notes.

Among the enhancements you will find we have deprecated the WebSecurityConfigurerAdapter. For additional details you can check out this blog post on the future of Spring Security without the WebSecurityConfigurerAdapter.

We look forward to hearing your feedback.

Read more...

Spring Security without the WebSecurityConfigurerAdapter

In Spring Security 5.7.0-M2 we deprecated the WebSecurityConfigurerAdapter, as we encourage users to move towards a component-based security configuration.

To assist with the transition to this new style of configuration, we have compiled a list of common use-cases and the suggested alternatives going forward.

In the examples below we follow best practice by using the Spring Security lambda DSL and the method HttpSecurity#authorizeHttpRequests to define our authorization rules. If you are new to the lambda DSL you can read about it in this blog post. If you would like to learn more about why we choose to use HttpSecurity#authorizeHttpRequests you can check out the reference documentation.

Read more...

Spring Security 5.6.0-M1 released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.6.0-M1!

In addition to dependency upgrades, bug fixes, and minor enhancements, the milestone contains a few noteworthy changes:

  • An AuthorizationManager for method security

  • Support for any data type in Access Token Response

  • A separate repository for Spring Security samples

You can find the complete details in the release notes.

Read more...

Spring Security 5.5 goes GA

On behalf of the community, it is my pleasure to announce the general availability of Spring Security 5.5. This release is the result of the work that went into 5.5.0-M1, 5.5.0-M2, 5.5.0-M3, 5.5.0-RC1, 5.5.0-RC2 and 5.5.0. In combination, they close 250+ tickets.

You can find the highlights of 5.5 in the What’s new section of the Spring Security reference.

As always, we look forward to hearing your feedback!

Read more...

Spring Security 5.5.0-M3 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.5.0-M3! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8975 - Add BearerTokenAuthenticationConverter

SAML

gh-9317 - Add setMetadataFilename method to Saml2MetadataFilter
gh-9310 - Throw Saml2AuthenticationException in Saml2AuthenticationTokenConverter on deflation or decoding error

ACL

gh-9425 - Allow ACL to be owned by GrantedAuthoritySid

Kotlin

gh-9319 - Kotlin DSL extension for rememberMe
Read more...

Spring Security 5.4.0-RC1 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.0-RC1! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8903 - Allow for custom ClientRegistration.clientAuthenticationMethod
gh-6489 - Simplify retrieving Introspection-specific attributes

Web

gh-8804 - Remove need for WebSecurityConfigurerAdapter
gh-8599 - Reactive SwitchUserWebFilter for user impersonation
gh-8854 - Add AuthenticationConverterServerWebExchangeMatcher
Read more...