Skip to content

OACC v2.0.0-rc.8

Pre-release
Pre-release

Choose a tag to compare

View all tags
@fspinnenhirn fspinnenhirn released this 08 Jun 05:29
· 11 commits to master since this release
v2.0.0-rc.8
0c7d01b

Release date: 2017-06-07

Summary of changes in this release:

  • adds support for pluggable password encryptors to the built-in SQLPasswordAuthenticationProvider, and prefixes the password hash with an identifier for the encryptor settings that created the hash
  • adds a Jasypt-based password encryptor implementation with configurable digest parameters
  • adds an OpenBSD-based bcrypt password encryptor implementation
  • adds a transitioning password encryptor that can check existing passwords hashed with an old encryptor, but creates hashes with a new encryptor
  • deprecates old factory methods for SQLAccessControlContext that did not specify a SQLPasswordAuthenticationProvider
  • adds a PasswordEncryptor parameter to SQLAccessControlContext factory methods that did not already take a SQLPasswordAuthenticationProvider
  • SQLAccessControlSystemInitializer now requires a new -pwdencryptor command line argument
  • deprecates LegacyJasyptPasswordEncryptor (formerly known as StrongCleanablePasswordEncryptor)
  • renames CleanablePasswordEncryptor interface to PasswordEncryptor
  • replaces Jasypt-based Unicode text normalization with up-to-date (and backwards compatible) ICU4J implementation, and applies it across all password encryptors
  • fixes #31 - SQLAccessControlSystemInitializer command line tool now correctly accepts not specifying dbSchema
  • makes several command line arguments of SQLAccessControlSystemInitializer optional for databases that do not require them, and improves usage info
  • changes Resource's toString() to output a more accurate and future-proof representation
  • modifies toString() on all permission implementations for simplicity and consistency
  • adds equals() and hashCode() methods to the PasswordCredentials implementation
  • fixes acciente/oacc-db#3 - changes case of table identifiers in SQL statements to match the database setup scripts
  • refactors internal SQLAccessControlSystemInitializer to delegate to AuthenticationProvider and to use Credentials
  • updates SQLPasswordAuthenticationProvider's serialVersionUID due to serialization-incompatible structural changes
  • removes unused SQLDialect parameter in the SQLPasswordAuthenticationProvider constructors
  • removes the JUnit test suite classes to simplify running all tests, and removes obsolete test classes
  • improves Javadoc comments and fixes typos
  • updates dependencies to latest versions in pom.xml, and adds the PostgreSQL JDBC driver (test scope)
  • removes obsolete configuration of surefire plugin in pom.xml and updates licensing-related information
  • updates copyright notices

Summary of API changes:

  • *New feature* Pluggable password encryptors
    • Prior to this release, OACC's built-in authentication provider used a Jasypt-based password hash. Now OACC supports configuring the password hashing scheme and provides two implementations of the PasswordEncryptor interface: Jasypt and BCrypt.
    • adds a Jasypt-based password encryptor implementation with configurable digest parameters
    • adds an OpenBSD-based bcrypt password encryptor implementation
    • adds a transitioning password encryptor that can check existing passwords hashed with an old encryptor, but creates hashes with a new encryptor
    • deprecates and moves StrongCleanablePasswordEncryptor to LegacyJasyptPasswordEncryptor
    • renames CleanablePasswordEncryptor interface to PasswordEncryptor
    • updates SQLPasswordAuthenticationProvider's serialVersionUID due to serialization-incompatible structural changes
    • adds new factory methods to SQLAccessControlContextFactory that take a PasswordEncryptor parameter
    • SQLAccessControlSystemInitializer now requires a new -pwdencryptor command line argument, but several command line arguments become optional for databases that do not require them
    • adds support to provide alternate resource identifier to createResource() with externalId String parameter
    • allows one-time setting of alternate resource identifier to an existing resource via the new setExternalId() method
    • adds externalId to Resource and modifies getId() to return Long instead of a primitive
  • changes Resource's toString() to output a more accurate and future-proof representation
  • modifies toString() on all permission implementations for simplicity and consistency
  • adds equals() and hashCode() methods to the PasswordCredentials implementation
  • *Deprecation* deprecates old factory methods for SQLAccessControlContext that did not specify a SQLPasswordAuthenticationProvider
  • *Deprecation* deprecates LegacyJasyptPasswordEncryptor (formerly known as StrongCleanablePasswordEncryptor)

Bug fixes:

  • fixes #31 - SQLAccessControlSystemInitializer command line tool now allows not specifying the optional dbschema
  • fixes acciente/oacc-db#3 - changes case of table identifiers in SQL statements to match the database setup scripts

Use the following dependency to include this release of OACC into your Maven project:

<dependency>
  <groupId>com.acciente.oacc</groupId>
  <artifactId>acciente-oacc</artifactId>
  <version>2.0.0-rc.8</version>
</dependency>

Corresponding oacc-db release:
The version of the oacc-db database configuration scripts to be used with this release can be found here.

Assets 2
Loading