Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump version to 2.17.2 #1377

Closed
wants to merge 22 commits into from
Closed

Bump version to 2.17.2 #1377

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
7b66f65
Fix ApplicationServerOptions for IAS
finkmanAtSap Dec 1, 2023
a4803eb
Implement XsuaaJkuFactory to fix breaking change in java-security-tes…
finkmanAtSap Dec 1, 2023
e65b8b5
remove XsuaaTest extension for fixed port
liga-oz Dec 4, 2023
61a7fc5
Move XsuaaJkuFactory into 'validation' subpackage
finkmanAtSap Dec 4, 2023
1fcd72c
formatting
liga-oz Dec 4, 2023
27a6b4f
For IAS issuer validation, add backward-compatibility with java-secur…
finkmanAtSap Dec 4, 2023
3d5f930
Fix spring-security-hybrid-usage unit test
finkmanAtSap Dec 4, 2023
77e7d8e
add unit test to spring-security-hybrid-usage sample to test that onl…
finkmanAtSap Dec 4, 2023
399eec1
fix for logback CVE
liga-oz Dec 4, 2023
8863708
Change catch clause in JwtIssuerValidator from Error to Exception | S…
finkmanAtSap Dec 4, 2023
59a6a1d
refactor XsuaaJkuFactory signature to have a String argument
liga-oz Dec 4, 2023
70cef8a
Merge remote-tracking branch 'origin/2.x/fix_java_security_test_compa…
liga-oz Dec 4, 2023
f3beb08
refactor XsuaaJkuFactory signature to have a String argument
liga-oz Dec 4, 2023
340bf25
fix XsuaaJwtDecoderTest
liga-oz Dec 4, 2023
b4c4c31
Revert java-security-it to use DEFAULT_DOMAIN/DEFAULT_UAA_DOMAIN inst…
finkmanAtSap Dec 4, 2023
686569f
fix XsuaaJwtDecoder
liga-oz Dec 4, 2023
faad834
revert spring-xsuaa-mock and spring-xsuaa-it changes
liga-oz Dec 4, 2023
637d9ac
Merge remote-tracking branch 'origin/2.x/fix_java_security_test_compa…
liga-oz Dec 4, 2023
7f056e0
add spring-xsuaa-mock to have XsuaaLocalhostJkuFactory for the tests
liga-oz Dec 4, 2023
0e2dfa1
Bump version to 2.17.2
finkmanAtSap Dec 5, 2023
a4da890
Update CHANGELOG.md
liga-oz Dec 5, 2023
36f2bed
Merge branch 'main-2.x' into bump_version_to_2.17.2
finkmanAtSap Dec 5, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,14 @@
# Change Log
All notable changes to this project will be documented in this file.

## 2.17.2
✅ Resolves a Breaking Change introduced in version 2.17.0. Consumers should be able to update to 2.17.2 from a version <= 2.16.0 without having to adjust test credentials used in their unit tests when using `java-security-test` or `spring-xsuaa-mock`.

In version 2.17.2, when `java-security-test` or `spring-xsuaa-mock` are loaded (which should only occur during testing), credentials with `localhost` as the `uaadomain` (XSUAA) or trusted `domains` (IAS) can be used to validate tokens that include a port for `localhost` in their `jku` (XSUAA) or `issuer` (IAS). It's important to note that token validation is less strict in this case and may accept certain edge cases of malicious tokens that would not be accepted in a production environment.

#### Dependency upgrades
- Bump logback-core, logback-classic from 1.2.12 to 1.2.13

## 2.17.1
#### Dependency upgrades
- Bump spring.boot.version from 2.7.17 to 2.7.18
Expand Down
2 changes: 1 addition & 1 deletion api/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,6 @@
<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>api</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</dependency>
```
2 changes: 1 addition & 1 deletion api/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
<parent>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>parent</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</parent>

<packaging>jar</packaging>
Expand Down
2 changes: 1 addition & 1 deletion bom/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@

<groupId>com.sap.cloud.security</groupId>
<artifactId>java-bom</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
<packaging>pom</packaging>
<name>java-bom</name>

Expand Down
2 changes: 1 addition & 1 deletion env/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<parent>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>parent</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</parent>

<groupId>com.sap.cloud.security</groupId>
Expand Down
2 changes: 1 addition & 1 deletion java-api/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,6 @@
<dependency>
<groupId>com.sap.cloud.security</groupId>
<artifactId>java-api</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</dependency>
```
2 changes: 1 addition & 1 deletion java-api/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<parent>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>parent</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</parent>

<groupId>com.sap.cloud.security</groupId>
Expand Down
5 changes: 5 additions & 0 deletions java-api/src/main/java/com/sap/cloud/security/token/XsuaaJkuFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
package com.sap.cloud.security.token;

public interface XsuaaJkuFactory {
String create(String token);
}
2 changes: 1 addition & 1 deletion java-security-it/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<parent>
<artifactId>parent</artifactId>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<version>2.17.1</version>
<version>2.17.2</version>
</parent>

<artifactId>java-security-it</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion java-security-test/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ It includes for example a `JwtGenerator` that generates JSON Web Tokens (JWT) th
<dependency>
<groupId>com.sap.cloud.security</groupId>
<artifactId>java-security-test</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
<scope>test</scope>
</dependency>
```
Expand Down
2 changes: 1 addition & 1 deletion java-security-test/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<parent>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>parent</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</parent>

<groupId>com.sap.cloud.security</groupId>
Expand Down
4 changes: 2 additions & 2 deletions java-security-test/src/main/java/com/sap/cloud/security/test/ApplicationServerOptions.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,8 @@ public static ApplicationServerOptions forService(Service service, int jwksPort)
instance = new ApplicationServerOptions(new IasTokenAuthenticator()
.withServiceConfiguration(OAuth2ServiceConfigurationBuilder.forService(Service.IAS)
.withClientId(SecurityTestRule.DEFAULT_CLIENT_ID)
.withUrl("http://localhost")
.withDomains("localhost")
.withUrl(String.format("http://localhost:%d", jwksPort))
.withDomains(String.format("localhost:%d", jwksPort))
.build()));
break;
default:
Expand Down
6 changes: 3 additions & 3 deletions java-security/Migration_SpringSecurityProjects.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,19 +37,19 @@ First make sure you have the following dependencies defined in your pom.xml:
<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>api</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</dependency>
<dependency>
<groupId>com.sap.cloud.security</groupId>
<artifactId>java-security</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</dependency>

<!-- new java-security dependencies for unit tests -->
<dependency>
<groupId>com.sap.cloud.security</groupId>
<artifactId>java-security-test</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
<scope>test</scope>
</dependency>
```
Expand Down
2 changes: 1 addition & 1 deletion java-security/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ In case of XSUAA does the JWT provide a valid `jku` token header parameter that
<dependency>
<groupId>com.sap.cloud.security</groupId>
<artifactId>java-security</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
Expand Down
2 changes: 1 addition & 1 deletion java-security/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<parent>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>parent</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</parent>

<groupId>com.sap.cloud.security</groupId>
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>parent</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
<packaging>pom</packaging>

<name>parent</name>
Expand Down
4 changes: 2 additions & 2 deletions samples/java-security-usage-ias/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.sap.cloud.security.xssec.samples</groupId>
<artifactId>java-security-usage-ias</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
<packaging>war</packaging>

<!--profiles>
Expand All @@ -27,7 +27,7 @@
<properties>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<sap.cloud.security.version>2.17.1</sap.cloud.security.version>
<sap.cloud.security.version>2.17.2</sap.cloud.security.version>
<slf4j.api.version>2.0.5</slf4j.api.version>
<apache.httpclient.version>4.5.14</apache.httpclient.version>
<javax.servlet.api.version>4.0.1</javax.servlet.api.version>
Expand Down
4 changes: 2 additions & 2 deletions samples/java-security-usage/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.sap.cloud.security.xssec.samples</groupId>
<artifactId>java-security-usage</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
<packaging>war</packaging>

<!--profiles>
Expand All @@ -27,7 +27,7 @@
<properties>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<sap.cloud.security.version>2.17.1</sap.cloud.security.version>
<sap.cloud.security.version>2.17.2</sap.cloud.security.version>
<slf4j.api.version>2.0.5</slf4j.api.version>
<apache.httpclient.version>4.5.14</apache.httpclient.version>
<javax.servlet.api.version>4.0.1</javax.servlet.api.version>
Expand Down
4 changes: 2 additions & 2 deletions samples/java-tokenclient-usage/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.sap.cloud.security.xssec.samples</groupId>
<artifactId>java-tokenclient-usage</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
<packaging>war</packaging>

<properties>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<sap.cloud.security.version>2.17.1</sap.cloud.security.version>
<sap.cloud.security.version>2.17.2</sap.cloud.security.version>
<apache.httpclient.version>4.5.14</apache.httpclient.version>
<javax.servlet.api.version>4.0.1</javax.servlet.api.version>
<slf4j.api.version>2.0.5</slf4j.api.version>
Expand Down
2 changes: 1 addition & 1 deletion samples/sap-java-buildpack-api-usage/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.sap.cloud.security.xssec.samples</groupId>
<artifactId>sap-java-buildpack-api-usage</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
<packaging>war</packaging>

<properties>
Expand Down
4 changes: 2 additions & 2 deletions samples/spring-security-basic-auth/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,14 +13,14 @@
</parent>

<artifactId>spring-security-basic-auth</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
<name>spring-security-basic-auth</name>

<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<sap.cloud.security.version>2.17.1</sap.cloud.security.version>
<sap.cloud.security.version>2.17.2</sap.cloud.security.version>
<apache.httpclient.version>4.5.14</apache.httpclient.version>
</properties>

Expand Down
6 changes: 3 additions & 3 deletions samples/spring-security-hybrid-usage/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@

<groupId>com.sap.cloud.security.samples</groupId>
<artifactId>spring-security-hybrid-usage</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>

<properties>
<!--
Expand All @@ -28,7 +28,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<sap.cloud.security.version>2.17.1</sap.cloud.security.version>
<sap.cloud.security.version>2.17.2</sap.cloud.security.version>
<apache.httpclient.version>4.5.14</apache.httpclient.version>
</properties>

Expand All @@ -50,7 +50,7 @@
<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>spring-security-compatibility</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
Expand Down
10 changes: 8 additions & 2 deletions samples/spring-security-xsuaa-usage/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@

<groupId>com.sap.cloud.security.samples</groupId>
<artifactId>spring-security-xsuaa-usage</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
<name>spring-security-xsuaa-usage</name>

<properties>
Expand All @@ -29,7 +29,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<sap.cloud.security.version>2.17.1</sap.cloud.security.version>
<sap.cloud.security.version>2.17.2</sap.cloud.security.version>
<apache.httpclient.version>4.5.14</apache.httpclient.version>
</properties>

Expand Down Expand Up @@ -61,6 +61,12 @@
<version>${sap.cloud.security.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>spring-xsuaa-mock</artifactId>
<version>${sap.cloud.security.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
Expand Down
4 changes: 2 additions & 2 deletions samples/spring-webflux-security-xsuaa-usage/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,12 @@

<groupId>com.sap.cloud.security.samples</groupId>
<artifactId>spring-webflux-security-xsuaa-usage</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
<name>spring-webflux-security-xsuaa-usage</name>

<properties>
<java.version>1.8</java.version>
<sap.cloud.security.version>2.17.1</sap.cloud.security.version>
<sap.cloud.security.version>2.17.2</sap.cloud.security.version>
</properties>

<dependencies>
Expand Down
2 changes: 1 addition & 1 deletion spring-security-compatibility/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<parent>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>parent</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</parent>

<groupId>com.sap.cloud.security.xsuaa</groupId>
Expand Down
2 changes: 1 addition & 1 deletion spring-security-starter/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
<parent>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>parent</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</parent>

<groupId>com.sap.cloud.security</groupId>
Expand Down
2 changes: 1 addition & 1 deletion spring-security/Migration_SpringXsuaaProjects.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ It is provided in an extra module. This maven dependency needs to be provided ad
<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>spring-security-compatibility</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</dependency>
```

Expand Down
2 changes: 1 addition & 1 deletion spring-security/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ These (spring) dependencies needs to be provided:
<dependency>
<groupId>com.sap.cloud.security</groupId>
<artifactId>resourceserver-security-spring-boot-starter</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
Expand Down
4 changes: 2 additions & 2 deletions spring-security/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@
<parent>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>parent</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</parent>

<groupId>com.sap.cloud.security</groupId>
<artifactId>spring-security</artifactId>
<packaging>jar</packaging>
<version>2.17.1</version>
<version>2.17.2</version>

<dependencies>
<dependency>
Expand Down
2 changes: 1 addition & 1 deletion spring-xsuaa-it/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
<parent>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>parent</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</parent>

<artifactId>spring-xsuaa-it</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion spring-xsuaa-mock/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ The default implementation offers already valid *token_keys* for JWT tokens, tha
<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>spring-xsuaa-mock</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</dependency>
<dependency> <!-- new with version 1.5.0 - provided with org.springframework.boot:spring-boot-starter:jar -->
<groupId>org.springframework.boot</groupId>
Expand Down
2 changes: 1 addition & 1 deletion spring-xsuaa-mock/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<parent>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>parent</artifactId>
<version>2.17.1</version>
<version>2.17.2</version>
</parent>

<artifactId>spring-xsuaa-mock</artifactId>
Expand Down
1 change: 1 addition & 0 deletions ...aa-mock/src/main/resources/META-INF/services/com.sap.cloud.security.token.XsuaaJkuFactory
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
com.sap.cloud.security.xsuaa.XsuaaLocalhostJkuFactory
Loading
Loading