OACC Framework v2.0.0 Release Notes

Release Date: 2018-10-12 // over 1 year ago
  • 🚀 Release date: 2018-10-11

    🚀 Summary of changes in this release:

    • 🛠 fixes minor javadoc issue referencing a private field
    • ⚡️ updates version of bouncycastle dependency to latest
    • ⚡️ updates copyright notice to include 2018
    • ✂ removes all deprecated methods
    • 🛠 fixes #48: adds correct reference to outer table in correlated subqueries for permission lookups by name
    • ➕ adds new authenticate() method that only takes credentials (it does not require an explicit Resource argument) to support authentication protocols with encrypted tokens that contain the necessary information to resolve the resource; Note that the built-in password-based authentication provider does not support token-based authentication, and that a custom provider must return the associated resource to the OACC context

    Summary of API changes:

    • *New feature* Support for token-based authentication
      • Prior to this release, OACC has required a Resource parameter to identify who is authenticating. Now OACC supports a method that only requires Credentials, for the case when an encrypted auth-token contains the information to resolve the resource to be authenticated.
    • ✂ removes all previously deprecated methods from rc.5 - rc.8

    🐛 Bug fixes:

    • 🛠 fixes #48: adds correct reference to outer table in correlated subqueries for permission lookups by name

    🚀 Use the following dependency to include this release of OACC into your Maven project:

    <dependency>
      <groupId>com.acciente.oacc</groupId>
      <artifactId>acciente-oacc</artifactId>
      <version>2.0.0</version>
    </dependency>
    

    🚀 Corresponding oacc-db release:
    🚀 The version of the oacc-db database configuration scripts to be used with this release can be found here.


Previous changes from v2.0.0-rc.8

  • 🚀 Release date: 2017-06-07

    🚀 Summary of changes in this release:

    • ➕ adds support for pluggable password encryptors to the built-in SQLPasswordAuthenticationProvider, and prefixes the password hash with an identifier for the encryptor settings that created the hash
    • ➕ adds a Jasypt-based password encryptor implementation with configurable digest parameters
    • ➕ adds an OpenBSD-based bcrypt password encryptor implementation
    • ➕ adds a transitioning password encryptor that can check existing passwords hashed with an old encryptor, but creates hashes with a new encryptor
    • 🗄 deprecates old factory methods for SQLAccessControlContext that did not specify a SQLPasswordAuthenticationProvider
    • ➕ adds a PasswordEncryptor parameter to SQLAccessControlContext factory methods that did not already take a SQLPasswordAuthenticationProvider
    • 💻 SQLAccessControlSystemInitializer now requires a new -pwdencryptor command line argument
    • 🗄 deprecates LegacyJasyptPasswordEncryptor (formerly known as StrongCleanablePasswordEncryptor)
    • 📇 renames CleanablePasswordEncryptor interface to PasswordEncryptor
    • replaces Jasypt-based Unicode text normalization with up-to-date (and backwards compatible) ICU4J implementation, and applies it across all password encryptors
    • 🛠 fixes #31 - SQLAccessControlSystemInitializer command line tool now correctly accepts not specifying dbSchema
    • 👉 makes several command line arguments of SQLAccessControlSystemInitializer optional for databases that do not require them, and improves usage info
    • 🔄 changes Resource's toString() to output a more accurate and future-proof representation
    • modifies toString() on all permission implementations for simplicity and consistency
    • ➕ adds equals() and hashCode() methods to the PasswordCredentials implementation
    • 🛠 fixes acciente/oacc-db#3 - changes case of table identifiers in SQL statements to match the database setup scripts
    • ♻️ refactors internal SQLAccessControlSystemInitializer to delegate to AuthenticationProvider and to use Credentials
    • ⚡️ updates SQLPasswordAuthenticationProvider's serialVersionUID due to serialization-incompatible structural changes
    • ✂ removes unused SQLDialect parameter in the SQLPasswordAuthenticationProvider constructors
    • ✂ removes the JUnit test suite classes to simplify running all tests, and removes obsolete test classes
    • 👌 improves Javadoc comments and fixes typos
    • ⚡️ updates dependencies to latest versions in pom.xml, and adds the PostgreSQL JDBC driver (test scope)
    • ✂ removes obsolete configuration of surefire plugin in pom.xml and updates licensing-related information
    • ⚡️ updates copyright notices

    Summary of API changes:

    • *New feature* Pluggable password encryptors
      • Prior to this release, OACC's built-in authentication provider used a Jasypt-based password hash. Now OACC supports configuring the password hashing scheme and provides two implementations of the PasswordEncryptor interface: Jasypt and BCrypt.
      • adds a Jasypt-based password encryptor implementation with configurable digest parameters
      • adds an OpenBSD-based bcrypt password encryptor implementation
      • adds a transitioning password encryptor that can check existing passwords hashed with an old encryptor, but creates hashes with a new encryptor
      • deprecates and moves StrongCleanablePasswordEncryptor to LegacyJasyptPasswordEncryptor
      • renames CleanablePasswordEncryptor interface to PasswordEncryptor
      • updates SQLPasswordAuthenticationProvider's serialVersionUID due to serialization-incompatible structural changes
      • adds new factory methods to SQLAccessControlContextFactory that take a PasswordEncryptor parameter
      • SQLAccessControlSystemInitializer now requires a new -pwdencryptor command line argument, but several command line arguments become optional for databases that do not require them
      • adds support to provide alternate resource identifier to createResource() with externalId String parameter
      • allows one-time setting of alternate resource identifier to an existing resource via the new setExternalId() method
      • adds externalId to Resource and modifies getId() to return Long instead of a primitive
    • 🔄 changes Resource's toString() to output a more accurate and future-proof representation
    • modifies toString() on all permission implementations for simplicity and consistency
    • ➕ adds equals() and hashCode() methods to the PasswordCredentials implementation
    • *Deprecation* deprecates old factory methods for SQLAccessControlContext that did not specify a SQLPasswordAuthenticationProvider
    • *Deprecation* deprecates LegacyJasyptPasswordEncryptor (formerly known as StrongCleanablePasswordEncryptor)

    🐛 Bug fixes:

    • 🛠 fixes #31 - SQLAccessControlSystemInitializer command line tool now allows not specifying the optional dbschema
    • 🛠 fixes acciente/oacc-db#3 - changes case of table identifiers in SQL statements to match the database setup scripts

    🚀 Use the following dependency to include this release of OACC into your Maven project:

    <dependency>
      <groupId>com.acciente.oacc</groupId>
      <artifactId>acciente-oacc</artifactId>
      <version>2.0.0-rc.8</version>
    </dependency>
    

    🚀 Corresponding oacc-db release:
    🚀 The version of the oacc-db database configuration scripts to be used with this release can be found here.