This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Security 6.3.4!

What’s New in Spring Security 5.6

Spring Security 5.6 provides a number of new features. Below are the highlights of the release.

All new Antora based documentation.

Servlet

Core
- Introduced SecurityContextChangedListener
- Improved Method Security Logging
Configuration
- Introduced AuthorizationManager for method security
SAML 2.0 Service Provider
- Added SAML 2.0 Single Logout Support
- Added Saml2AuthenticationRequestRepository
- Added RelyingPartyRegistrationResolver
- Improved Saml2LoginConfigurer's handling of Saml2AuthenticationTokenConverter
OAuth 2.0 Login
- Added Converter for Authentication result
OAuth 2.0 Client
- Improved Client Credentials encoding
- Improved Access Token Response parsing
- Added custom grant types support for Authorization Requests
- Introduced JwtEncoder
Testing
- Added support to propagate the TestSecurityContextHolder to SecurityContextHolder

WebFlux

OAuth 2.0 Login
- Improved Reactive OAuth 2.0 Login Documentation
OAuth 2.0 Client
- Improved Client Credentials encoding
- Added custom headers support for Access Token Requests
- Added custom response parsing for Access Token Requests
- Added jwt-bearer Grant Type support for Access Token Requests
- Added JWT Client Authentication support for Access Token Requests
- Improved Reactive OAuth 2.0 Client Documentation