2. What’s New in Spring Security 4.1

2. What’s New in Spring Security 4.1
Prev	Part II. Getting Started	Next

2. What’s New in Spring Security 4.1

There were 100+ RC1 issues and 60+ RC2 issues fixed in Spring Security 4.1.

Here is the list of improvements:

2.1 Java Configuration Improvements

Simplified UserDetailsService Java Configuration
Simplified AuthenticationProvider Java Configuration
Configurable Content Negotiating LogoutSuccessHandler(s) via LogoutConfigurer
Configurable InvalidSessionStrategy via SessionManagementConfigurer
Ability to add a Filter at a specific location in the chain using HttpSecurity.addFilterAt

2.2 Web Application Security Improvements

Content Security Policy (CSP)
HTTP Public Key Pinning (HPKP)
CookieCsrfTokenRepository provides simple AngularJS & CSRF integration
Added ForwardAuthenticationFailureHandler & ForwardAuthenticationSuccessHandler

2.3 Authorization Improvements

2.4 Crypto Module Improvements

SCrypt support with SCryptPasswordEncoder
PBKDF2 support with Pbkdf2PasswordEncoder
New BytesEncryptor implementation for BouncyCastle using AES/CBC/PKCS5Padding and AES/GCM/NoPadding algorithms

2.5 Testing Improvements

@WithAnonymousUser
@WithUserDetails allows specifying the UserDetailsService bean name
Test Meta Annotations
Ability to mock a list of GrantedAuthority using SecurityMockMvcResultMatchers.withAuthorities

2.6 General Improvements

Re-organization of sample projects
Moved to GitHub issues

Prev	Up	Next
1. Introduction	Home	3. Java Configuration