OACC Framework v2.0.0 Release Notes
Release Date: 2018-10-12 // almost 5 years ago-
🚀 Release date: 2018-10-11
🚀 Summary of changes in this release:
- 🛠 fixes minor javadoc issue referencing a private field
- ⚡️ updates version of bouncycastle dependency to latest
- ⚡️ updates copyright notice to include 2018
- ✂ removes all deprecated methods
- 🛠 fixes #48: adds correct reference to outer table in correlated subqueries for permission lookups by name
- ➕ adds new
authenticate()
method that only takes credentials (it does not require an explicitResource
argument) to support authentication protocols with encrypted tokens that contain the necessary information to resolve the resource; Note that the built-in password-based authentication provider does not support token-based authentication, and that a custom provider must return the associated resource to the OACC context
Summary of API changes:
- *New feature* Support for token-based authentication
- Prior to this release, OACC has required a
Resource
parameter to identify who is authenticating. Now OACC supports a method that only requiresCredentials
, for the case when an encrypted auth-token contains the information to resolve the resource to be authenticated.
- Prior to this release, OACC has required a
- ✂ removes all previously deprecated methods from rc.5 - rc.8
🐛 Bug fixes:
- 🛠 fixes #48: adds correct reference to outer table in correlated subqueries for permission lookups by name
🚀 Use the following dependency to include this release of OACC into your Maven project:
<dependency> <groupId>com.acciente.oacc</groupId> <artifactId>acciente-oacc</artifactId> <version>2.0.0</version> </dependency>
🚀 Corresponding oacc-db release:
🚀 The version of the oacc-db database configuration scripts to be used with this release can be found here.
Previous changes from v2.0.0-rc.8
-
🚀 Release date: 2017-06-07
🚀 Summary of changes in this release:
- ➕ adds support for pluggable password encryptors to the built-in SQLPasswordAuthenticationProvider, and prefixes the password hash with an identifier for the encryptor settings that created the hash
- ➕ adds a Jasypt-based password encryptor implementation with configurable digest parameters
- ➕ adds an OpenBSD-based bcrypt password encryptor implementation
- ➕ adds a transitioning password encryptor that can check existing passwords hashed with an old encryptor, but creates hashes with a new encryptor
- 🗄 deprecates old factory methods for
SQLAccessControlContext
that did not specify aSQLPasswordAuthenticationProvider
- ➕ adds a
PasswordEncryptor
parameter toSQLAccessControlContext
factory methods that did not already take aSQLPasswordAuthenticationProvider
- 💻
SQLAccessControlSystemInitializer
now requires a new-pwdencryptor
command line argument - 🗄 deprecates
LegacyJasyptPasswordEncryptor
(formerly known asStrongCleanablePasswordEncryptor
) - 📇 renames
CleanablePasswordEncryptor
interface toPasswordEncryptor
- replaces Jasypt-based Unicode text normalization with up-to-date (and backwards compatible) ICU4J implementation, and applies it across all password encryptors
- 🛠 fixes #31 -
SQLAccessControlSystemInitializer
command line tool now correctly accepts not specifying dbSchema - 👉 makes several command line arguments of
SQLAccessControlSystemInitializer
optional for databases that do not require them, and improves usage info - 🔄 changes
Resource
'stoString()
to output a more accurate and future-proof representation - modifies
toString()
on all permission implementations for simplicity and consistency - ➕ adds
equals()
andhashCode()
methods to thePasswordCredentials
implementation - 🛠 fixes acciente/oacc-db#3 - changes case of table identifiers in SQL statements to match the database setup scripts
- 🔨 refactors internal
SQLAccessControlSystemInitializer
to delegate toAuthenticationProvider
and to useCredentials
- ⚡️ updates
SQLPasswordAuthenticationProvider
'sserialVersionUID
due to serialization-incompatible structural changes - ✂ removes unused
SQLDialect
parameter in theSQLPasswordAuthenticationProvider
constructors - ✂ removes the JUnit test suite classes to simplify running all tests, and removes obsolete test classes
- 👌 improves Javadoc comments and fixes typos
- ⚡️ updates dependencies to latest versions in
pom.xml
, and adds the PostgreSQL JDBC driver (test scope) - ✂ removes obsolete configuration of surefire plugin in
pom.xml
and updates licensing-related information - ⚡️ updates copyright notices
Summary of API changes:
- *New feature* Pluggable password encryptors
- Prior to this release, OACC's built-in authentication provider used a Jasypt-based password hash. Now OACC supports configuring the password hashing scheme and provides two implementations of the
PasswordEncryptor
interface: Jasypt and BCrypt. - adds a Jasypt-based password encryptor implementation with configurable digest parameters
- adds an OpenBSD-based bcrypt password encryptor implementation
- adds a transitioning password encryptor that can check existing passwords hashed with an old encryptor, but creates hashes with a new encryptor
- deprecates and moves
StrongCleanablePasswordEncryptor
toLegacyJasyptPasswordEncryptor
- renames
CleanablePasswordEncryptor
interface toPasswordEncryptor
- updates
SQLPasswordAuthenticationProvider
'sserialVersionUID
due to serialization-incompatible structural changes - adds new factory methods to
SQLAccessControlContextFactory
that take aPasswordEncryptor
parameter SQLAccessControlSystemInitializer
now requires a new-pwdencryptor
command line argument, but several command line arguments become optional for databases that do not require them- adds support to provide alternate resource identifier to
createResource()
withexternalId
String parameter - allows one-time setting of alternate resource identifier to an existing resource via the new
setExternalId()
method - adds
externalId
toResource
and modifiesgetId()
to returnLong
instead of a primitive
- Prior to this release, OACC's built-in authentication provider used a Jasypt-based password hash. Now OACC supports configuring the password hashing scheme and provides two implementations of the
- 🔄 changes
Resource
'stoString()
to output a more accurate and future-proof representation - modifies
toString()
on all permission implementations for simplicity and consistency - ➕ adds
equals()
andhashCode()
methods to thePasswordCredentials
implementation - *Deprecation* deprecates old factory methods for
SQLAccessControlContext
that did not specify aSQLPasswordAuthenticationProvider
- *Deprecation* deprecates
LegacyJasyptPasswordEncryptor
(formerly known asStrongCleanablePasswordEncryptor
)
🐛 Bug fixes:
- 🛠 fixes #31 - SQLAccessControlSystemInitializer command line tool now allows not specifying the optional dbschema
- 🛠 fixes acciente/oacc-db#3 - changes case of table identifiers in SQL statements to match the database setup scripts
🚀 Use the following dependency to include this release of OACC into your Maven project:
<dependency> <groupId>com.acciente.oacc</groupId> <artifactId>acciente-oacc</artifactId> <version>2.0.0-rc.8</version> </dependency>
🚀 Corresponding oacc-db release:
🚀 The version of the oacc-db database configuration scripts to be used with this release can be found here.