3. What’s New in Spring Security 4.1

3. What’s New in Spring Security 4.1
Prev	Part I. Preface	Next

3. What’s New in Spring Security 4.1

There were 100+ RC1 issues and 60+ RC2 issues fixed in Spring Security 4.1.

Here is the list of improvements:

3.1 Java Configuration Improvements

Simplified UserDetailsService Java Configuration
Simplified AuthenticationProvider Java Configuration
Configurable Content Negotiating LogoutSuccessHandler(s) via LogoutConfigurer
Configurable InvalidSessionStrategy via SessionManagementConfigurer
Ability to add a Filter at a specific location in the chain using HttpSecurity.addFilterAt

3.2 Web Application Security Improvements

MvcRequestMatcher
Content Security Policy (CSP)
HTTP Public Key Pinning (HPKP)
CORS
CookieCsrfTokenRepository provides simple AngularJS & CSRF integration
Added ForwardAuthenticationFailureHandler & ForwardAuthenticationSuccessHandler
AuthenticationPrincipal supports expression attribute to support transforming the Authentication.getPrincipal() object (i.e. handling immutable custom User domain objects)

3.3 Authorization Improvements

3.4 Crypto Module Improvements

SCrypt support with SCryptPasswordEncoder
PBKDF2 support with Pbkdf2PasswordEncoder
New BytesEncryptor implementation for BouncyCastle using AES/CBC/PKCS5Padding and AES/GCM/NoPadding algorithms

3.5 Testing Improvements

@WithAnonymousUser
@WithUserDetails allows specifying the UserDetailsService bean name
Test Meta Annotations
Ability to mock a list of GrantedAuthority using SecurityMockMvcResultMatchers.withAuthorities

3.6 General Improvements

Re-organization of sample projects
Moved to GitHub issues

Prev	Up	Next
2. Introduction	Home	4. Samples and Guides (Start Here)