@@ -14,3 +14,32 @@ For example, `@WithMockUser(setupBefore = TestExecutionEvent.TEST_EXECUTION)` wi
1414* <<mvc-authentication-principal>>
1515** Supports resolving beans in WebFlux (was already supported in Spring MVC)
1616** Supports resolving `errorOnInvalidType` in WebFlux (was already supported in Spring MVC)
17+ * OAuth 2.0 Client
18+ * OAuth 2.0 Resource Server
19+ ** Supports https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2resourceserver[JWT-encoded bearer tokens]
20+ ** Supports configuration using an OIDC Provider Configuration endpoint
21+ ** Supports custom JWT decoding
22+ ** Supports custom authority mapping
23+ ** Supports custom JWT validation
24+ ** Supports custom error handling
25+ * OAuth 2.0 Resource Server WebFlux
26+ ** Supports JWT-encoded bearer tokens
27+ ** Supports configuration using an OIDC Provider Configuration endpoint
28+ ** Supports custom JWT decoding
29+ ** Supports custom authority mapping
30+ ** Supports custom JWT validation
31+ ** Supports static key configuration
32+ * <<spring-security-core>> - Support was added for `@Transient` authentication tokens
33+ * <<csrf>> - Support was added for disabling csrf by `RequestMatcher`
34+ * <<access-denied-handler>> - Support was added for selecting an `AccessDeniedHandler` by `RequestMatcher`
35+ * <<headers>>
36+ ** Support for `Content-Security-Policy` and `Referrer-Policy` were added for WebFlux (already supported in Servlets)
37+ ** Support for `Feature-Policy` were added
38+ * <<cors>>
39+ ** Support for CORS was added for WebFlux (already supported in Servlets)
40+ * Redirecting to HTTPS
41+ ** Support for HTTPS redirect was added
42+ * Web Client
43+ * <<ldap>> - added support for setting up an `LdapContext` from custom environment variables
44+ * <<x509>> - added support for deriving the X.509 principal via a strategy
45+ * The Look and Feel for the default login and logout pages was modernized
0 commit comments