CHANGELOG.md

20.4.2 (2024-09-12)

Bug Fixes

• HttpProxy: use override instead of bean creation for HttpSecurity (62cd974)

20.4.1 (2024-08-20)

Bug Fixes

• downgrade openapi (again) (33648c2)

20.4.0 (2024-08-20)

Bug Fixes

• deps: downgrade springdoc (65e20ed)

Features

• show public applications when signed out (d1ee3ef)

20.3.1 (2024-07-03)

Bug Fixes

• use correct mail dependencies (2b452e3)

20.3.0 (2024-06-24)

Bug Fixes

• remove read only transaction (7f90d6a)

Features

• add methods to util (5c1e94e)
• create user on registration (7aa0dd6)

20.2.1 (2024-06-17)

Bug Fixes

• check against the client role instead of the realm role (a1aa970)
• remove role permissions before removing the role (9716cec)

20.2.0 (2024-06-13)

Bug Fixes

• add missing Query annotation (dfc296c)
• remove role permissions before removing the role (3b596b4)
• set schema (30be7e6)

Features

• init Role, RoleInstancePermission and RoleClassPermission (48042db)

20.1.0 (2024-05-21)

Bug Fixes

• prevent exception when keycloak group does not exist (9fb7732)

Features

• add printApp to DefaultApplicationClientConfig (#862) (83f8ecb)

20.0.0 (2024-05-14)

Features

• anonymous access to graphql interface (58d1c68)

BREAKING CHANGES

• anonymous access to graphql interface

19.1.0 (2024-05-08)

Features

• allow configuration of role extraction from jwt (23247c7)

19.0.0 (2024-05-02)

Bug Fixes

• add audit annoations to PublicInstancePermission (94cffac)
• add info for graphql version (46dd0a5)
• add logging for unknown exception (a38e1ab)
• add missing columns for revision table (ebbfaf9)
• clarify jts version comment (bd9d412)
• clean up dependencies (cdf7fd1)
• code smells (c819531)
• consistent transactional annotations (32619fa)
• fix licenserc pattern location (3f20985)
• fixes admin-btn from opening multiple links when clicked (778e9f6)
• jaxb-api version identifier (64ec323)
• remove duplicated badges (143eddb)
• remove duplicated fields (89fe47d)
• rename PublicEntity to PublicInstancePermission (4a8aca1)
• show applications despite empty configuration or description (47512f7)
• specify spdx id (6f7799d)
• use instanceof checks instead of class comparison (3f473cf)

chore

• update to java 21 (084491d)

Features

• add migration for publicentities (9a1d35e)
• configurable favicon (bf6a1b9)
• introduce PublicEntity (53d1941)
• permitAll for entity endpoints (90474d0)
• prevent public permission for User and Group (732ecf2)
• update permission handling for PublicEntity (f40b9f7)

BREAKING CHANGES

• This changes a crucial security setting an might need adjustments in projects.
• requires java 21

18.0.0 (2023-09-18)

Bug Fixes

• adds missing git-commit-id-maven-plugin in gs-interceptor (a6b390a)
• allow extending WebSecurityConfig (10cb4e4)
• circular dependency problems (53aa861)
• cleanup (2db9a60)
• extract xmlbind version to property (e37392f)
• fix http proxy tests (b9e8be4)
• fix hypersistence-utils version (7958976)
• fix queryHints import (7df2511)
• optimize imports (d0e84f5)
• reenable csrfTokenRequestHandler (b32f02c)
• remove commented code (c3d5f7a)
• remove newline (53673e0)
• remove not needed hibernate version (7b0abc4)
• remove unneeded parameter (4565f49)
• reorganize imports (6fc6f8c)
• set correct creation time for docker images (8be68e5)
• temporarily allow circular references (4aefc55)
• temproarily allow circular references (98f731d)
• update dependency versions (e468350)
• update git-commit-id plugin (104b0b3)
• update java base image (caba9ce)
• update to apache httpUtil5 (8661561)
• web security setup (b4979bc)

Features

• allow to only override security filterchain (4b37639)
• improve content type detection (4b754e3)
• include REFERENCE_TABLE and make PropertyFormItemEditConfig abstract (e4bbaf5)
• update for hibernate 6.1 and hibernate-types (b105159)
• update keycloak to 21.0.1 (f90de77)
• update spring-boot to 3.0.x (f95fcaf)

BREAKING CHANGES

• requires migration for spring / spring-security 6 and hibernate 6 updates

Migration guide:

• update java EE 8 dependencies to jakarta EE 9 (see https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0-Migration-Guide#jakarta-ee)
• update repositories
  • update @QueryHints annotations
  • e.g. org.hibernate.annotations.QueryHints.CACHEABLE -> AvailableHints.HINT_CACHEABLE
  • if you use custom data fetching methods, migration steps for hibernate 6 / 6.1 / 6.2 might be necessary
    • especially consider https://github.com/hibernate/hibernate-orm/blob/6.0/migration-guide.adoc#removals
    • for more information see the hibernate migration guides listed below
• update your SecurityConfigs which extend KeycloakWebSecurityConfig or SimpleWebSecurityConfig
  • update your filter chain according to the the spring security migration guides below
  • replace antMatchers with requestMatchers, ignoringAntMatchers with ignoringRequestMatchers
  • update your rules for swagger (/v3/api-docs) if they're not already updated
• update your git-commit-id-plugin configuration and check if the version set in shogun is overridden (for more information see #730)

17.2.0 (2023-07-18)

Bug Fixes

• delete all user/group permissions before deleting the user/group itself (365f31d)
• generate all args and required args constructor, remove annotations that were dealed by @Data (554caf0)

Features

• add WMSTIME layer type (8d32f1b)
• adds all args constructor and constructor for required parameters of JSONB models (70d7192)

17.1.1 (2023-06-21)

Bug Fixes

• append the transient provider details for users and groups (72cb1e6)
• get the actual target entity class and set a common default permission evaluator (978426f)

17.1.0 (2023-06-02)

Bug Fixes

• fix return value of application findAll() endpoint (776f813)
• remove unneeded visible field (75d3ae9)
• replace deprecated usages (f9b64e1)
• set correct example value (3807a28)
• update types (804ecc7)

Features

• add models for search configuration (d76c8db)
• add models for specifying form configurations(still without i18n support) (1ad6bba)
• adds layer editable flag (88dd6df)

17.0.0 (2023-05-17)

Bug Fixes

• convert permission query to non native query (3a151d4)
• determine read permission id from DB (ec5ba01)
• fix api docs for pageable parameter (11a3a6d)
• get base entity class dynamically (a3c6a35)
• improvements from code review (4416356)
• move securityExtension to ApplicationConfig (112dd89)
• remove SecurityContextEvaluationExtension (ce86a05)
• remove unneeded imports (7abf3ed)
• security evaluation extension (d3437e1)
• update tests for new findAll response (919c0e4)

Features

• add paging and simplify permission check (c378348)
• also check group permissions (f887da9)

BREAKING CHANGES

• changes BaseController::findAll signature. Now returns paged entities.

Migration instructions

1. BaseController::findAll() - method signature has changed

• the method now returns Page<BaseEntity> instead of List<BaseEntity>
• this means the results are now wrapped into a paging object, e.g.:

  {
   "content": [
     {
       "id": 475870,
       "created": "2022-10-07T14:01:43.11027Z"
       [...]
     }
   ],
   "pageable": {
     "sort": {
       "empty": true,
       "sorted": false,
       "unsorted": true
     },
     "offset": 0,
     "pageNumber": 0,
     "pageSize": 1,
     "paged": true,
     "unpaged": false
   },
   "last": false,
   "totalElements": 2,
   "totalPages": 2,
   "size": 1,
   "number": 0,
   "sort": {
     [...]
   },
   "first": true,
   "numberOfElements": 1,
   "empty": false
  }

  • content contains the list of entities
  • the object also contains metadata, for more information see https://docs.spring.io/spring-data/commons/docs/current/api/org/springframework/data/domain/Page.html
• the method has a new optional parameter Pageable pageable which can be used to specify which page and size is returned e.g.:

  {
   "page": 0,
   "size": 10
  }

• if no pagination configuration is provided, one page with all entities is returned. But it is recommended to use pagination for performance reasons

2. Custom permission evaluators have to implement a findAll method

• if you project uses custom permission evaluators, you have to implement this method to provide a way to check permissions for requests with pagination
• BaseEntityPermissionEvaluator contains a default implemenation which performs the new improved permisison check described above
  • the default only works for the "shogun way" (permission managment through UserInstance-, UserClass- GroupInstance- and GroupClassPermissions

16.4.0 (2023-04-28)

Bug Fixes

• add JsonInclude.Include.NON_NULL annotations to all jsonb models (38e4811)
• enable arbitrary objects in open api specification (563a2ba)
• readd terms of service url (bb09a79)
• replace deprecated mockito-inline by mockito-core (16fcbf0)

Features

• add defaultLanguage param to clientConfig (#685) (c85dc96)

16.3.0 (2023-04-18)

Features

• introduce crsDefinitions field on mapView config (7457fb7)

16.2.0 (2023-04-18)

Features

• extend application client config model for legal information link config (21d4874)
• introduce crsDefinitions field on mapView config (7457fb7)

16.2.0 (2023-01-20)

Features

• extend application client config model for legal information link config (21d4874)

16.1.1 (2023-01-18)

Bug Fixes

• introduce custom date-time scalar for Instant serialization (1050d96)
• link to original source (85cf9b2)
• path to ignore DateTimeScalar from licence check (504a3c4)