v3.4.0 (2022-03-03)
- nimbus jose to 9.20 from 9.15.2
BREAKING: Sensitive endpoints will now respond with an error unless a replacement for the SensitiveEndpointRule is bound.
The following code snippet illustrates how to restore the previous functionality:
The previous functionality allows any authenticated user, no matter their role to view sensitive endpoints.
import io.micronaut.context.annotation.Replaces;
import io.micronaut.context.annotation.Requires;
import io.micronaut.core.annotation.NonNull;
import io.micronaut.http.HttpRequest;
import io.micronaut.inject.ExecutableMethod;
import io.micronaut.management.endpoint.EndpointSensitivityProcessor;
import io.micronaut.security.authentication.Authentication;
import io.micronaut.security.rules.SecurityRuleResult;
import io.micronaut.security.rules.SensitiveEndpointRule;
import jakarta.inject.Singleton;
import org.reactivestreams.Publisher;
import reactor.core.publisher.Mono;
@Singleton
@Replaces(SensitiveEndpointRule.class)
class SensitiveEndpointRuleReplacement extends SensitiveEndpointRule {
SensitiveEndpointRuleReplacement(EndpointSensitivityProcessor endpointSensitivityProcessor) {
super(endpointSensitivityProcessor);
}
@Override
@NonNull
protected Publisher<SecurityRuleResult> checkSensitiveAuthenticated(@NonNull HttpRequest<?> request,
@NonNull Authentication authentication,
@NonNull ExecutableMethod<?, ?> method) {
return Mono.just(SecurityRuleResult.ALLOWED);
}
}
Breaking changes:
- BREAKING: Force developers to implement SensitiveEndpointRule::checkSensitiveAuthenticated #939
Implemented enhancements:
- Create bom module #911
Closed issues:
- JWT Signature verification failed with JWK Set Keys (Key ID not found) #933
- test: Update the version of Keycloak under test #925
- Refactor LdapAuthenticationProvider to make ease to customize LDAP roles mapping #905
Merged pull requests:
- update test suite #942 (@sdelamo)
- Make sensitive endpoints error by default #941 (@timyates)
- ci: github action fetch-depth: 0 #940 (@micronaut-build)
- build: bump peter-evans/create-pull-request from 3.12.1 to 3.14.0 #938 (@dependabot[bot])
- doc: add SECURITY.md #937 (@micronaut-build)
- build: bump reactor-test from 3.4.14 to 3.4.15 #936 (@dependabot[bot])
- Pass GITHUB_TOKEN environment variable #935 (@alvarosanchez)
- Sonar integration #934 (@alvarosanchez)
- build: bump io.micronaut.build.shared.settings from 5.1.2 to 5.1.3 #932 (@dependabot[bot])
- doc: Javadoc in JwtCookieConfigurationProperties.java #929 (@robinmrtn)
- add link to the X.509 guide #928 (@burtbeckwith)
- build: bump mikepenz/action-junit-report from 2.9.0 to 2.9.1 #926 (@dependabot[bot])
- test: Keycloak to v16 and fix tests for M1 apple hardware #924 (@timyates)
- Update openid.adoc #923 (@jameskleeh)
- ci: update to junit-report-action 2.9.0 #922 (@timyates)
- build: bump peter-evans/create-pull-request from 3.12.0 to 3.12.1 #920 (@dependabot[bot])
- test: use ARM builds of selenium container on M1 macs #919 (@timyates)
- build: nimbus jose to 9.20 from 9.15.2 #917 (@micronaut-build)
- ci: GraalVM github action from 21.3.0 to 22.0.0.2 #916 (@micronaut-build)
- build: micronaut test to 3.0.5 #915 (@sdelamo)
* This Changelog was automatically generated by github_changelog_generator