On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.0-RC1! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8903 - Allow for custom ClientRegistration.clientAuthenticationMethod

gh-6489 - Simplify retrieving Introspection-specific attributes

Web

gh-8804 - Remove need for WebSecurityConfigurerAdapter

gh-8599 - Reactive SwitchUserWebFilter for user impersonation

gh-8854 - Add AuthenticationConverterServerWebExchangeMatcher

Kotlin

gh-8783 - Support custom filter in Server Kotlin DSL

SAML 2.0

gh-8887 - Add RelyingPartyRegistrationResolver

gh-8484 - Add Metadata-based RelyingPartyRegistration construction

gh-8693 - Support SAML 2.0 SP Metadata Endpoints

gh-8141 - Add AuthnRequest Customization Support

gh-8769 - Add ConditionValidator Configuration Support

Deprecation Notice

Note that some APIs in OAuth 2.0 and SAML 2.0 were deprecated in this release:

gh-8908 - Deprecate CustomUserTypesOAuth2UserService

gh-8906 - Deprecate ClientRegistration.redirectUriTemplate

gh-8902 - Deprecate ImplicitGrantConfigurer

gh-8845 - Saml2AuthenticationToken should take a RelyingPartyRegistration

gh-8788 - RelyingPartyRegistration Credentials Should Be Split by Party

gh-8777 - RelyingPartyRegistration should use metadata spec language

Project Site | Reference | Help