Release Notes - Spring Security - Version 3.2.0 - HTML format

Sub-task

  • [SEC-2384] - Update doc to use newer terminology of Java EE instead of J2EE
  • [SEC-2395] - Remove static from sample MultiHttpSecurityConfig
  • [SEC-2396] - Invalid characters in cujoJS section of reference
  • [SEC-2397] - Link not rendered in CSRF reference

Bug

  • [SEC-2133] - intercept-url@requires-channel ChannelAuthenticationFilter
  • [SEC-2165] - Can not parameterize remember me "token-validity-seconds"
  • [SEC-2327] - Document SecurityExpressionRoot
  • [SEC-2350] - Warning when using 3.2.0.RC2 with Spring Framework 4.0
  • [SEC-2355] - intercept-url does not support method=PATCH
  • [SEC-2367] - ProviderManager doesn't report InternalAuthenticationServiceExceptions
  • [SEC-2377] - Handle EnableWebSecurity in parent and child context
  • [SEC-2386] - DEBUG statement with Failed to perform build and stacktrace should be stated as OK
  • [SEC-2388] - Import Samples with Maven produces missing spring-security-samples-messages-jc:jar:3.2.0.RC2
  • [SEC-2405] - BadLdapGrammarException with search result from referral
  • [SEC-2410] - AclFormattingUtils.printBinary does not handle negative
  • [SEC-2416] - Hello Spring MVC Security Java Config documentation is incorrect
  • [SEC-2418] - [patch] toString method in LdapUserDetailsImpl never prints "Not granted any authorities"
  • [SEC-2422] - Session timeout not detected when enable CSRF protection
  • [SEC-2433] - UrlAuthorizationConfigurer missing <HttpSecurity> in doc
  • [SEC-2439] - HttpSessionCsrfTokenRepository setHeaderName uses parameterName
  • [SEC-2447] - JdbcMutableAclServiceTests should invoke aclCache.clearCache() after tests

Defect

  • [SEC-2087] - GlobalMethodSecurityBeanDefinitionParser.AuthenticationManagerDelegator attempts to get a bean using the concrete implementation
  • [SEC-2373] - Wrong docs in xsd files.

Improvement

  • [SEC-2326] - CsrfRequestDataValueProcessor should directly implement RequestDataValueProcessor
  • [SEC-2385] - Document how to use Spring 4
  • [SEC-2404] - CsrfAuthenticationStrategy to add valid token to HTTP request after clearing the one in HTTP session
  • [SEC-2407] - Better error message for missing securityFilterChainBuilders
  • [SEC-2423] - Document differences between XML and JavaConfig
  • [SEC-2424] - Document ObjectPostProcessor
  • [SEC-2430] - Add Maven Bom
  • [SEC-2436] - Create EnableWebMvcSecurity
  • [SEC-2444] - Convert Java Config samples to thymeleaf and tiles
  • [SEC-2449] - <ldap-server> default port should fallback to dynamic value
  • [SEC-2450] - WebSecurityConfigurerAdapter have default Order of 100
  • [SEC-2453] - Create CSRF 403 Forbidden FAQ entry

Task

  • [SEC-2402] - Reference Cleanup
  • [SEC-2411] - Update to Gradle 1.9
  • [SEC-2412] - Update to propdeps-plugin:0.0.5
  • [SEC-2421] - UsernamePasswordAuthenticationFilter uses deprecated filterProcessUrl
  • [SEC-2434] - Update to Spring 3.2.6 and Spring 4.0 GA
  • [SEC-2435] - Update to Gradle 1.10-rc-2
  • [SEC-2448] - Update to HSQL 2.3.1

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.