OACC Framework v2.0.0-rc.8 Release Notes
Release Date: 2017-06-08 // over 6 years ago-
๐ Release date: 2017-06-07
๐ Summary of changes in this release:
- โ adds support for pluggable password encryptors to the built-in SQLPasswordAuthenticationProvider, and prefixes the password hash with an identifier for the encryptor settings that created the hash
- โ adds a Jasypt-based password encryptor implementation with configurable digest parameters
- โ adds an OpenBSD-based bcrypt password encryptor implementation
- โ adds a transitioning password encryptor that can check existing passwords hashed with an old encryptor, but creates hashes with a new encryptor
- ๐ deprecates old factory methods for
SQLAccessControlContext
that did not specify aSQLPasswordAuthenticationProvider
- โ adds a
PasswordEncryptor
parameter toSQLAccessControlContext
factory methods that did not already take aSQLPasswordAuthenticationProvider
- ๐ป
SQLAccessControlSystemInitializer
now requires a new-pwdencryptor
command line argument - ๐ deprecates
LegacyJasyptPasswordEncryptor
(formerly known asStrongCleanablePasswordEncryptor
) - ๐ renames
CleanablePasswordEncryptor
interface toPasswordEncryptor
- replaces Jasypt-based Unicode text normalization with up-to-date (and backwards compatible) ICU4J implementation, and applies it across all password encryptors
- ๐ fixes #31 -
SQLAccessControlSystemInitializer
command line tool now correctly accepts not specifying dbSchema - ๐ makes several command line arguments of
SQLAccessControlSystemInitializer
optional for databases that do not require them, and improves usage info - ๐ changes
Resource
'stoString()
to output a more accurate and future-proof representation - modifies
toString()
on all permission implementations for simplicity and consistency - โ adds
equals()
andhashCode()
methods to thePasswordCredentials
implementation - ๐ fixes acciente/oacc-db#3 - changes case of table identifiers in SQL statements to match the database setup scripts
- ๐จ refactors internal
SQLAccessControlSystemInitializer
to delegate toAuthenticationProvider
and to useCredentials
- โก๏ธ updates
SQLPasswordAuthenticationProvider
'sserialVersionUID
due to serialization-incompatible structural changes - โ removes unused
SQLDialect
parameter in theSQLPasswordAuthenticationProvider
constructors - โ removes the JUnit test suite classes to simplify running all tests, and removes obsolete test classes
- ๐ improves Javadoc comments and fixes typos
- โก๏ธ updates dependencies to latest versions in
pom.xml
, and adds the PostgreSQL JDBC driver (test scope) - โ removes obsolete configuration of surefire plugin in
pom.xml
and updates licensing-related information - โก๏ธ updates copyright notices
Summary of API changes:
- *New feature* Pluggable password encryptors
- Prior to this release, OACC's built-in authentication provider used a Jasypt-based password hash. Now OACC supports configuring the password hashing scheme and provides two implementations of the
PasswordEncryptor
interface: Jasypt and BCrypt. - adds a Jasypt-based password encryptor implementation with configurable digest parameters
- adds an OpenBSD-based bcrypt password encryptor implementation
- adds a transitioning password encryptor that can check existing passwords hashed with an old encryptor, but creates hashes with a new encryptor
- deprecates and moves
StrongCleanablePasswordEncryptor
toLegacyJasyptPasswordEncryptor
- renames
CleanablePasswordEncryptor
interface toPasswordEncryptor
- updates
SQLPasswordAuthenticationProvider
'sserialVersionUID
due to serialization-incompatible structural changes - adds new factory methods to
SQLAccessControlContextFactory
that take aPasswordEncryptor
parameter SQLAccessControlSystemInitializer
now requires a new-pwdencryptor
command line argument, but several command line arguments become optional for databases that do not require them- adds support to provide alternate resource identifier to
createResource()
withexternalId
String parameter - allows one-time setting of alternate resource identifier to an existing resource via the new
setExternalId()
method - adds
externalId
toResource
and modifiesgetId()
to returnLong
instead of a primitive
- Prior to this release, OACC's built-in authentication provider used a Jasypt-based password hash. Now OACC supports configuring the password hashing scheme and provides two implementations of the
- ๐ changes
Resource
'stoString()
to output a more accurate and future-proof representation - modifies
toString()
on all permission implementations for simplicity and consistency - โ adds
equals()
andhashCode()
methods to thePasswordCredentials
implementation - *Deprecation* deprecates old factory methods for
SQLAccessControlContext
that did not specify aSQLPasswordAuthenticationProvider
- *Deprecation* deprecates
LegacyJasyptPasswordEncryptor
(formerly known asStrongCleanablePasswordEncryptor
)
๐ Bug fixes:
- ๐ fixes #31 - SQLAccessControlSystemInitializer command line tool now allows not specifying the optional dbschema
- ๐ fixes acciente/oacc-db#3 - changes case of table identifiers in SQL statements to match the database setup scripts
๐ Use the following dependency to include this release of OACC into your Maven project:
<dependency> <groupId>com.acciente.oacc</groupId> <artifactId>acciente-oacc</artifactId> <version>2.0.0-rc.8</version> </dependency>
๐ Corresponding oacc-db release:
๐ The version of the oacc-db database configuration scripts to be used with this release can be found here.