micronaut-projects/micronaut-security v3.4.0

Micronaut Security 3.4.0

on GitHub

v3.4.0 (2022-03-03)

Full Changelog

• nimbus jose to 9.20 from 9.15.2

BREAKING: Sensitive endpoints will now respond with an error unless a replacement for the SensitiveEndpointRule is bound.

The following code snippet illustrates how to restore the previous functionality:

The previous functionality allows any authenticated user, no matter their role to view sensitive endpoints.

import io.micronaut.context.annotation.Replaces;
import io.micronaut.context.annotation.Requires;
import io.micronaut.core.annotation.NonNull;
import io.micronaut.http.HttpRequest;
import io.micronaut.inject.ExecutableMethod;
import io.micronaut.management.endpoint.EndpointSensitivityProcessor;
import io.micronaut.security.authentication.Authentication;
import io.micronaut.security.rules.SecurityRuleResult;
import io.micronaut.security.rules.SensitiveEndpointRule;
import jakarta.inject.Singleton;
import org.reactivestreams.Publisher;
import reactor.core.publisher.Mono;

@Singleton
@Replaces(SensitiveEndpointRule.class)
class SensitiveEndpointRuleReplacement extends SensitiveEndpointRule {
    SensitiveEndpointRuleReplacement(EndpointSensitivityProcessor endpointSensitivityProcessor) {
        super(endpointSensitivityProcessor);
    }

    @Override
    @NonNull
    protected Publisher<SecurityRuleResult> checkSensitiveAuthenticated(@NonNull HttpRequest<?> request,
                                                                        @NonNull Authentication authentication,
                                                                        @NonNull ExecutableMethod<?, ?> method) {
        return Mono.just(SecurityRuleResult.ALLOWED);
    }
}

Breaking changes:

• BREAKING: Force developers to implement SensitiveEndpointRule::checkSensitiveAuthenticated #939

Implemented enhancements:

• Create bom module #911

Closed issues:

• JWT Signature verification failed with JWK Set Keys (Key ID not found) #933
• test: Update the version of Keycloak under test #925
• Refactor LdapAuthenticationProvider to make ease to customize LDAP roles mapping #905

Merged pull requests:

• update test suite #942 (@sdelamo)
• Make sensitive endpoints error by default #941 (@timyates)
• ci: github action fetch-depth: 0 #940 (@micronaut-build)
• build: bump peter-evans/create-pull-request from 3.12.1 to 3.14.0 #938 (@dependabot[bot])
• doc: add SECURITY.md #937 (@micronaut-build)
• build: bump reactor-test from 3.4.14 to 3.4.15 #936 (@dependabot[bot])
• Pass GITHUB_TOKEN environment variable #935 (@alvarosanchez)
• Sonar integration #934 (@alvarosanchez)
• build: bump io.micronaut.build.shared.settings from 5.1.2 to 5.1.3 #932 (@dependabot[bot])
• doc: Javadoc in JwtCookieConfigurationProperties.java #929 (@robinmrtn)
• add link to the X.509 guide #928 (@burtbeckwith)
• build: bump mikepenz/action-junit-report from 2.9.0 to 2.9.1 #926 (@dependabot[bot])
• test: Keycloak to v16 and fix tests for M1 apple hardware #924 (@timyates)
• Update openid.adoc #923 (@jameskleeh)
• ci: update to junit-report-action 2.9.0 #922 (@timyates)
• build: bump peter-evans/create-pull-request from 3.12.0 to 3.12.1 #920 (@dependabot[bot])
• test: use ARM builds of selenium container on M1 macs #919 (@timyates)
• build: nimbus jose to 9.20 from 9.15.2 #917 (@micronaut-build)
• ci: GraalVM github action from 21.3.0 to 22.0.0.2 #916 (@micronaut-build)
• build: micronaut test to 3.0.5 #915 (@sdelamo)

* This Changelog was automatically generated by github_changelog_generator