OACC Framework v2.0.0-rc.8 Release Notes

Release Date: 2017-06-08 // over 4 years ago
  • ๐Ÿš€ Release date: 2017-06-07

    ๐Ÿš€ Summary of changes in this release:

    • โž• adds support for pluggable password encryptors to the built-in SQLPasswordAuthenticationProvider, and prefixes the password hash with an identifier for the encryptor settings that created the hash
    • โž• adds a Jasypt-based password encryptor implementation with configurable digest parameters
    • โž• adds an OpenBSD-based bcrypt password encryptor implementation
    • โž• adds a transitioning password encryptor that can check existing passwords hashed with an old encryptor, but creates hashes with a new encryptor
    • ๐Ÿ—„ deprecates old factory methods for SQLAccessControlContext that did not specify a SQLPasswordAuthenticationProvider
    • โž• adds a PasswordEncryptor parameter to SQLAccessControlContext factory methods that did not already take a SQLPasswordAuthenticationProvider
    • ๐Ÿ’ป SQLAccessControlSystemInitializer now requires a new -pwdencryptor command line argument
    • ๐Ÿ—„ deprecates LegacyJasyptPasswordEncryptor (formerly known as StrongCleanablePasswordEncryptor)
    • ๐Ÿ“‡ renames CleanablePasswordEncryptor interface to PasswordEncryptor
    • replaces Jasypt-based Unicode text normalization with up-to-date (and backwards compatible) ICU4J implementation, and applies it across all password encryptors
    • ๐Ÿ›  fixes #31 - SQLAccessControlSystemInitializer command line tool now correctly accepts not specifying dbSchema
    • ๐Ÿ‘‰ makes several command line arguments of SQLAccessControlSystemInitializer optional for databases that do not require them, and improves usage info
    • ๐Ÿ”„ changes Resource's toString() to output a more accurate and future-proof representation
    • modifies toString() on all permission implementations for simplicity and consistency
    • โž• adds equals() and hashCode() methods to the PasswordCredentials implementation
    • ๐Ÿ›  fixes acciente/oacc-db#3 - changes case of table identifiers in SQL statements to match the database setup scripts
    • โ™ป๏ธ refactors internal SQLAccessControlSystemInitializer to delegate to AuthenticationProvider and to use Credentials
    • โšก๏ธ updates SQLPasswordAuthenticationProvider's serialVersionUID due to serialization-incompatible structural changes
    • โœ‚ removes unused SQLDialect parameter in the SQLPasswordAuthenticationProvider constructors
    • โœ‚ removes the JUnit test suite classes to simplify running all tests, and removes obsolete test classes
    • ๐Ÿ‘Œ improves Javadoc comments and fixes typos
    • โšก๏ธ updates dependencies to latest versions in pom.xml, and adds the PostgreSQL JDBC driver (test scope)
    • โœ‚ removes obsolete configuration of surefire plugin in pom.xml and updates licensing-related information
    • โšก๏ธ updates copyright notices

    Summary of API changes:

    • *New feature* Pluggable password encryptors
      • Prior to this release, OACC's built-in authentication provider used a Jasypt-based password hash. Now OACC supports configuring the password hashing scheme and provides two implementations of the PasswordEncryptor interface: Jasypt and BCrypt.
      • adds a Jasypt-based password encryptor implementation with configurable digest parameters
      • adds an OpenBSD-based bcrypt password encryptor implementation
      • adds a transitioning password encryptor that can check existing passwords hashed with an old encryptor, but creates hashes with a new encryptor
      • deprecates and moves StrongCleanablePasswordEncryptor to LegacyJasyptPasswordEncryptor
      • renames CleanablePasswordEncryptor interface to PasswordEncryptor
      • updates SQLPasswordAuthenticationProvider's serialVersionUID due to serialization-incompatible structural changes
      • adds new factory methods to SQLAccessControlContextFactory that take a PasswordEncryptor parameter
      • SQLAccessControlSystemInitializer now requires a new -pwdencryptor command line argument, but several command line arguments become optional for databases that do not require them
      • adds support to provide alternate resource identifier to createResource() with externalId String parameter
      • allows one-time setting of alternate resource identifier to an existing resource via the new setExternalId() method
      • adds externalId to Resource and modifies getId() to return Long instead of a primitive
    • ๐Ÿ”„ changes Resource's toString() to output a more accurate and future-proof representation
    • modifies toString() on all permission implementations for simplicity and consistency
    • โž• adds equals() and hashCode() methods to the PasswordCredentials implementation
    • *Deprecation* deprecates old factory methods for SQLAccessControlContext that did not specify a SQLPasswordAuthenticationProvider
    • *Deprecation* deprecates LegacyJasyptPasswordEncryptor (formerly known as StrongCleanablePasswordEncryptor)

    ๐Ÿ› Bug fixes:

    • ๐Ÿ›  fixes #31 - SQLAccessControlSystemInitializer command line tool now allows not specifying the optional dbschema
    • ๐Ÿ›  fixes acciente/oacc-db#3 - changes case of table identifiers in SQL statements to match the database setup scripts

    ๐Ÿš€ Use the following dependency to include this release of OACC into your Maven project:

    <dependency>
      <groupId>com.acciente.oacc</groupId>
      <artifactId>acciente-oacc</artifactId>
      <version>2.0.0-rc.8</version>
    </dependency>
    

    ๐Ÿš€ Corresponding oacc-db release:
    ๐Ÿš€ The version of the oacc-db database configuration scripts to be used with this release can be found here.