3. What’s New in Spring Security 4.2

Among other things, Spring Security 4.2 brings early support for Spring Framework 5. You can find the change logs for 4.2.0.M1, 4.2.0.RC1, 4.2.0.RELEASE which closes over 80 issues. The overwhelming majority of these features were contributed by the community. Below you can find the highlights of this release.

3.1 Web Improvements

3.2 Configuration Improvements

  • #3956 - Central configuration of the default role prefix. See the issue for details.
  • #4102 - Custom default configuration in WebSecurityConfigurerAdapter. See Section 5.10, “Custom DSLs”
  • #3899 - [email protected] supports unlimited sessions.
  • #4097 - [email protected] adds more powerful request matching support to the XML namespace.
  • #3990 - Support for constructing RoleHierarchy from Map (i.e. yml)
  • #4062 - Custom cookiePath to CookieCsrfTokenRepository
  • #3794 - Allow configuration of InvalidSessionStrategy on SessionManagementConfigurer
  • #4020 - Fix Exposing Beans for defaultMethodExpressionHandler can prevent Method Security

3.3 Miscellaneous

  • #4080 - Spring 5 support
  • #4095 - Add UserBuilder
  • #4018 - Fix after csrf() is invoked, future MockMvc invocations use original CsrfTokenRepository
  • Version Updates