Extracted mappings still contain regex matching expressions #1413
Comments
odrotbohm
added a commit
that referenced
this issue
Dec 12, 2020
We now remove potentially used regular expression matchers from template variables to avoid the to show up in links generated for the templates. Backport of #1412.
odrotbohm
added a commit
to quarano/quarano-application
that referenced
this issue
Dec 14, 2020
We now require authentication to the role of THIRD_PARTY for all requests to URIs starting with /ext. This currently contains the API to submit visitor groups for occasions. To test this, the repository now contains a sample client and server key, key store and trust store infrastructure. The key- and trust stores are also bundled with the artifact if the localDev Maven profile is activated during the build. This allows the certificate authentication to also be used during local executions. The API root resource now exposes some links that are dependent on the current user's role: * login, reset-password - if the resource is accessed without authentication at all or any role that's assignable to humans. * submit-visitors - if the resource is accessed by third-party software Temporarily introduced a patched copy of Spring HATEOAS' AnnotationMappingDiscoverer to benefit from the fix for [0] until we can upgrade to a released version of it. Additional security reference documentation for developers, deployments and third-party integrators. [0] spring-projects/spring-hateoas#1413
elseppo
pushed a commit
to quarano/quarano-application
that referenced
this issue
Dec 27, 2020
We now require authentication to the role of THIRD_PARTY for all requests to URIs starting with /ext. This currently contains the API to submit visitor groups for occasions. To test this, the repository now contains a sample client and server key, key store and trust store infrastructure. The key- and trust stores are also bundled with the artifact if the localDev Maven profile is activated during the build. This allows the certificate authentication to also be used during local executions. The API root resource now exposes some links that are dependent on the current user's role: * login, reset-password - if the resource is accessed without authentication at all or any role that's assignable to humans. * submit-visitors - if the resource is accessed by third-party software Temporarily introduced a patched copy of Spring HATEOAS' AnnotationMappingDiscoverer to benefit from the fix for [0] until we can upgrade to a released version of it. Additional security reference documentation for developers, deployments and third-party integrators. [0] spring-projects/spring-hateoas#1413
odrotbohm
added a commit
that referenced
this issue
Feb 10, 2021
…ressions.
Switched to manual parsing of template variables as regular expressions can contain { and } characters which makes matching variables using these as delimiters impossible.
Related ticket: #1413.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Baclport of ##1412.
The text was updated successfully, but these errors were encountered: