Spring Security

Spring Security was formerly known as the Acegi Security System for Spring.

The newer versions of this framework provide a huge array of authentication and access-control features for Spring-developed applications and is a de-facto standard when it comes to application security.

Lots of features and toolkits are supported via Spring Security, from various authentication methods to basic encoding functions, up to LDAP and OpenID support.

What is new in this release:

• WebSocket Support
• Spring Data Integration
• More Secure by Default

What is new in version 4.0.3:

• WebSocket Support
• Spring Data Integration
• More Secure by Default

What is new in version 4.0.2:

• WebSocket Support
• Spring Data Integration
• More Secure by Default

What is new in version 4.0.1:

• WebSocket Support
• Spring Data Integration
• More Secure by Default

What is new in version 4.0.0:

• WebSocket Support
• Spring Data Integration
• More Secure by Default

What is new in version 3.2.3:

• A fix to Java Configuration to work with Spring Boot.
• A fix to Java Configuration that when CSRF protection is disabled allows remembering the last page prior to authenticating when it is a POST to work with JSF.

What is new in version 3.2.0.M1:

• Servlet 3, Async Support
• Spring MVC Async Integration
• Servlet 3 API Integration
• New Servlet API Sample Application

What is new in version 3.1.0:

• Support for multiple HTTP elements
• Support for stateless authentication
• DebugFilter provides additional debugging information
• Improved Active Directory LDAP support (i.e. ActiveDirectoryLdapAuthenticationProvider)
• Added Basic Crypto Module.
• The namespace is fully documented in the reference appendix.
• Added dependencies section to the reference appendix
• Support HttpOnly Flag for Cookies in Servlet 3.0 environments
• InMemoryUserDetailsManager provides in memory implementation of UserDetailsManager
• Support for hasPermission expression on the authorize JSP tag
• Support for disabling UI security (for testing purposes)
• Support erasing credentials after successful authentication
• Support clearing cookies on logout
• Spring Security Google App Engine example application
• Support for CAS proxy tickets
• Support for arbitrary implementations of JAAS Configuration
• Support nested switching of users for SwitchUserFilter

What is new in version 3.1.0.RC2 / 3.0.5 / 2.0.6:

• Active Directory LDAP Authentication Provider.
• Add support for Enum in Secured Annotation.
• Package Crypto classes with core.
• Provide EHCache 2.0.0+ support, including OSGi headers.
• Allow use of external SecurityMetadataSource in global-method-security.
• Provide support to easily invoke MultiThreadedHttpConnectionManager.shutdownAll().
• Provide openid support to require attribute exchange parameters are signed.

What is new in version 3.1.0.RC1:

• Support disabling of UI security
• Add authentication-success-handler to <remember-me> tag
• Add support for CommonsHttp HttpRequestInvoker
• Allow pluggable Base64 encoders in the MessageDigestPasswordEncoder
• Support naming of filter chains in the namespace to allow for easier integration with external services like OAuth
• Add Crypto module