All notable changes to this project will be documented in this file.
1.0.5 - 04 sept 2020
- Fix java 11 build error due to incompatibility between lombok and javadoc (#146)
1.0.4 - 04 sept 2020
- Replace
@PostConstruct
to avoid mess with JDK8 / JDK11 (#145)
1.0.3 - 30 jul 2020
- Add new interface
ProxyCallbackUrlAwareTicketValidator
if you'd like to create your ownTicketValidator
but do not want to extendCas20ServiceTicketValidator
(or others) because they addedfinal
everywhere and so is impossible to extends...
1.0.2 - 12 mar 2020
- Update dependencies for security fixes
1.0.1 - 31 jan 2020
- Happy new year 🎉
- Move some method to become
public
in order to facilate customization (https://github.com/kakawait/cas-security-spring-boot-starter/pull/135/commits/02e1e805998f92216753cc87c6f3e99d6f6ff17e)
1.0.0 - 5 sept 2019
- First release that supporting Spring boot 2 (#32)
- Remove deprecated module
cas-security-dynamic-service-resolver
(#35) - Open some api to facilitate extensibility (#122, #109)
- Related to #35 Remove cas-security-dynamic-service-resolver module, you must use spring-security-cas-extension instead.
- Related to #33
Rename package com.kakawait.spring.boot.security.cas to com.kakawait.spring.boot.security.cas.autoconfigure, you must rewrite your
import
statements to append.autoconfigure.
. - Property
security.cas.authorize-mode
has been renamedsecurity.cas.authorization.mode
CasHttpSecurityConfigurer.cas().configure(http)
will no secure paths, only configure CAS authentication- Autoconfiguration java class package was moved from
com.kakawait.spring.boot.security.cas
tocom.kakawait.spring.boot.security.cas.autoconfigure
By supporting Spring Boot 2, you should understand that some security features has been removed on Spring Boot 2 regarding Spring Boot 1 (see official documentations Spring boot 2 migration guide - security and Spring boot 2 security migration).
Some behaviors will not be able on Spring Boot 2 for example excepting getting Basic Auth
support in addition to Cas Auth
if you put security.basic.enabled=true
(which is default). You must re-add Basic Auth
by yourself like on cas-security-spring-boot-sample
.
In addition, no more default role ROLE_USER
will be added to any authenticated user.
Thus default security.cas.authorization.mode
(formerly security.cas.authorization.mode
) value is now authenticated
instead of role
.
However if you want to re-add default ROLE_
on every authenticated user you could use:
security:
cas:
user:
default-roles: USER
Where security.cas.user.default-roles
accepts list of roles.
And if you comes back to ROLE
based authentication instead of just authenticated, you should:
security:
cas:
user:
default-roles: USER
authorization:
mode: role
roles: USER
Where security.cas.authorization.roles
(which only useful when using security.cas.authorization.mode=ROLE
) is list of roles that use must have to be accepted.