Skip to content

Latest commit

 

History

History
80 lines (52 loc) · 4.72 KB

CHANGELOG.md

File metadata and controls

80 lines (52 loc) · 4.72 KB

Change Log

All notable changes to this project will be documented in this file.

1.0.5 - 04 sept 2020

  • Fix java 11 build error due to incompatibility between lombok and javadoc (#146)

1.0.4 - 04 sept 2020

  • Replace @PostConstruct to avoid mess with JDK8 / JDK11 (#145)

1.0.3 - 30 jul 2020

  • Add new interface ProxyCallbackUrlAwareTicketValidator if you'd like to create your own TicketValidator but do not want to extend Cas20ServiceTicketValidator (or others) because they added final everywhere and so is impossible to extends...

1.0.2 - 12 mar 2020

  • Update dependencies for security fixes

1.0.1 - 31 jan 2020

1.0.0 - 5 sept 2019

  • First release that supporting Spring boot 2 (#32)
  • Remove deprecated module cas-security-dynamic-service-resolver (#35)
  • Open some api to facilitate extensibility (#122, #109)

Breaking changes

Spring boot 2 support breaking changes

By supporting Spring Boot 2, you should understand that some security features has been removed on Spring Boot 2 regarding Spring Boot 1 (see official documentations Spring boot 2 migration guide - security and Spring boot 2 security migration).

No more basic auth by default on Spring boot 2

Some behaviors will not be able on Spring Boot 2 for example excepting getting Basic Auth support in addition to Cas Auth if you put security.basic.enabled=true (which is default). You must re-add Basic Auth by yourself like on cas-security-spring-boot-sample.

No more default ROLE_USER and ROLE based authentication by default

In addition, no more default role ROLE_USER will be added to any authenticated user.

Thus default security.cas.authorization.mode (formerly security.cas.authorization.mode) value is now authenticated instead of role.

However if you want to re-add default ROLE_ on every authenticated user you could use:

security:
  cas:
    user:
      default-roles: USER

Where security.cas.user.default-roles accepts list of roles.

And if you comes back to ROLE based authentication instead of just authenticated, you should:

security:
  cas:
    user:
      default-roles: USER
    authorization:
      mode: role
      roles: USER

Where security.cas.authorization.roles (which only useful when using security.cas.authorization.mode=ROLE) is list of roles that use must have to be accepted.