What's new in Spring Security 3.1

This section contains summary of the updates found in Spring Security 3.1. A detailed list of changes can be found in the project's JIRA

2.1 High level updates found Spring Security 3.1

Below you can find a high level summary of updates to Spring Security 3.1.

  • Support for multiple http elements
  • Support for stateless authentication
  • DebugFilter provides additional debugging information
  • Improved Active Directory LDAP support (i.e. ActiveDirectoryLdapAuthenticationProvider)
  • Added Basic Crypto Module.
  • The namespace is fully documented in the reference appendix.
  • Added dependencies section to the reference appendix
  • Support HttpOnly Flag for Cookies in Servlet 3.0 environments
  • InMemoryUserDetailsManager provides in memory implementation of UserDetailsManager
  • Support for hasPermission expression on the authorize JSP tag
  • Support for disabling UI security (for testing purposes)
  • Support erasing credentials after successful authentication
  • Support clearing cookies on logout
  • Spring Security Google App Engine example application
  • Support for CAS proxy tickets
  • Support for arbitrary implementations of JAAS Configuration
  • Support nested switching of users for SwitchUserFilter

2.2 Spring Security 3.1 namespace updates

Below you can find a summary of updates to the Spring Security 3.1 namespace.