/
Changes
881 lines (787 loc) · 32.5 KB
/
Changes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
# version 0.73.2-SNAPSHOT
- Added tests for the DNB scenario with custom max match
and context size. (#745)
# version 0.73.1
- Fixed jakarta validation error.
- Added openapi doc (#744)
- Moved service.properties to src/main/resources/properties
- Moved free-resources.json to src/main/resources/json
- Enables inputting free-resources.json from data folder
- Changed loading external kustvakt.conf and jdbc.properties
to use /data folder (#598)
- Added KoralQuery check when updating VC (solved #676)
- Setup vc-cache in the data folder (#598)
- Changed generating adminToken in the data folder (#598).
- Moved disk store path cache_store into the data folder (#598)
- Fixed invalid signature of the uber jar.
- Updated configurations of the lite version to use the
data folder (#598)
- Setup logs files to be generated inside the data folder (#598)
# version 0.73
- Moved the content of the full folder to the root folder
- Removed Piwik
- Removed unused libraries
- Cleaned up spring configs
- Updated Krill and Koral with new groupIds
- Updated Github workflow
- Updated search Krill and removed Lucene
- Updated readme
# version 0.72
- Replaced javax.ws to jakarta.ws namespace (#648)
- Upgrading Jersey 2.40 to 3.x (#646)
- Updated Spring 5.x to 6.x and jetty 9.x to 11.x (#645)
- Replaced javax.persistence with jakarta.persistence (#648)
- Migrate Hibernate 5 to 6 (#649)
- Fix missing placeholders
- Fixed conflicting jackson-jarxrs
- Fixed conflicting commons-logging and spring jcl
- Replaced javax.servlet with jakarta.servlet (#648)
- Updated authorization services using Nimbus (#650)
- Fixed BlockingFilter by replacing javax.annotation.Priority
with jakarta.annotation.Priority (#659, #648)
- Replaced javax.annotation with jakarta.annotation
- Enabled legacy support for authorization POST request
- Changed OAuth2 token request using Nimbus (#650)
- Removed Apache Oltu API from token requests (#650)
- Removed OpenID
- Fixed clearing cache
- Fix JettyServerTest, init package, and some java docs.
- Make scope extraction more flexible.
- Updated token response using Nimbus (#650)
- Remove Oltu request and validator implementations (#650)
- Updated OAuth2 response handler (#650)
- Fixed ShutdownHandler (fixed #708)
- Fixed issues with multi-release jar (#706, #708)
# version 0.71.1
- Removed auditing (#611)
- Removed old database configurations (#612)
- Removed old tests
- Removed unnecessary caches and methods in the authentication interface
- Added total result cache (#599)
- Fixed missing project.version in info web-service
- Make sure totalResults and other numeric results are numbers (Kupietz)
- Introduce CQP query language in Koral 0.41
- Changed DB connection (fixed #670)
- Resolved duplicate libraries
- Fixed testing expiry access token
- Fix lombok compile warning
- Ensure the order of clean token tests.
# version 0.71
- Renamed entity and service packages in core
- Renamed web.controller package in core
- Moved SearchNetworkEndpoint to core.service package
- Merged lite into full
- Merged core into full
# version 0.70.1
- Added data folder containing super_client_info and database
for mounting into docker
- Added an error for missing redirect uri in a token request
when it has been included in the authorization request.
- Added tests for VC sharing and for OAuth2 client using VC services
- Added and updated VC controller tests
- Moved hibernate.properties
- Added maximum number of user persistent virtual corpora and queries
# version 0.70
- Support token array in matchinfo (fixes #570; diewald)
- Updated VC list API and deprecated owner VC list (addressed #580)
- Added user info web-service (solved #566)
- Implemented configurable resource filters for search and match
info APIs (#539)
- Added getting username from LDAP (#568)
- Disabled LDAP auth provider and token API in the auth filter (#587)
- Added LDAP log for users without idsC2Profile
- Fixed log4j2 properties.
# version 0.69.3
- Moved the service path of VC admin services to admin/vc (closed #543)
- Added an admin service to load and cache system vc (solved #268)
- Move oauth2 admin service path (closed #544)
- Excluded admin service to load-cache VC from the test suite
- Fixed refresh token expiry test
- Fixed scope check in OAuth2 token request with refresh token
# version 0.69.2
2022-12-05
- Upgrade version for E2E-simplified Docker images (diewald)
2023-01-27
- Updated client info API (replaced user authorization requirement with super
client authentication)
2023-01-30
- Made scope param required in authorization request (solved #508)
2023-01-31
- Allowed OAuth2 clients to use localhost as redirect URIs.
2023-02-03
- Fixed content-type in error responses by changing it to application/json
2023-02-06
- Allow admin access using admin token for the clean token API
2023-02-10
- Use admin filter instead of OAuth2 ADMIN scope
- Added a plugin test.
2023-02-15
- Moved user-group retrieval API to UserGroupAdminController
and changed the service path URL of UserGroupAdminController.
2023-02-20
- Deprecate API token (JWT) web-service
- Fixed Slf4J binding
2023-02-28
- Exclude junit5 dependencies to keep test runner in Eclipse using JUnit 4
2023-03-06
- Fixed testing refresh token expiry.
# version 0.69.1
- Upgrade version for docker including indexer (diewald)
# version 0.69
- Migrated to Java 11 and Jersey 2
- Updated dependencies
- Use LDAP authentication in Kustvakt-full oauth2 example config (kupietz)
# version 0.68
2022-05-25
- Added a new API: list plugins (e.g for marketplace)
- Added redirect URI validation in authorization request (addressed #374)
- Handled user-defined refresh token expiry (added in client info and
list API response)
- Added installed_plugins table
- Added a new API: install plugin
- Handled redundant plugin installation
- Handled super client id in plugin installation
- Deprecated UserClientDto and uses ClientinfoDto instead
- Updated redirect URI error message for coherence
2022-05-27
- Added maximum limit to custom refresh token expiry
2022-06-01
- Added new APIs: list user-installed plugins and uninstall plugin.
- Moved install and list plugin APIs to PluginController and updated their
service paths under /plugins.
2022-06-03
- Implemented searching option using a network endpoint
- Implemented initial super client registration for user authentication.
- Fixed admin clean token API and restrict plugins to confidential only.
# version 0.67.1
2022-05-12
- Implemented mapping of LDAP username to email
- Handled null parameters in authorization requests
2022-05-25
- Fixed null client_id
- Updated ldap.config path in the kustvakt-test.conf
# version 0.67
2022-05-09
- LDAP authentication and authorization is now configurable and supports SSL (LDAPS) connections.
- An embedded LDAP server can now be started automatically if configured accordingly.
2022-05-11
- Changed the SQL script updating oauth2_client table
# version 0.66
2022-03-31
- Updated query and user-group name pattern.
2022-04-08
- Added redirect_uri to client info API.
2022-04-11
- Added registration_date, refresh_token_expiry, source and is_permitted
to the oauth2_client database table, and updated the OAuth2 client
registration mechanism.
- Added authorization request with GET and deprecated that with POST.
2022-04-13
- Updated OAuth2Client list API (added redirect_uri, registration_date,
permitted, source to OAuth2UserClientDto).
2022-04-20
- Updated authorization error response. (Included error and error
description in the client redirect URI except for missing or
invalid client id or redirect URI.
# version 0.65.2
2022-03-03
- Removed VCLoader.
- Added foreign keys to the DB tables of access and refresh token scopes.
2022-03-07
- Added more parameter checks and OAuth2Client web-service tests.
2022-03-17
- Updated admin filter by using admin token and role checks.
2022-03-18
- Added an OAuth2 admin API to delete expired/revoked access and refresh tokens.
2022-03-28
- Updated admin filter (admintoken as a form param) and uses
it for the closing index reader API.
- Removed unused admin API: clear access token cache.
2022-03-29
- Updated and moved admin API: updateClientPrivilege to OAuth2AdminController
# version 0.65.1
2022-03-01
- Restricts the field retrieval web-service to admin only.
# version 0.65
!!! includes security updates - please update all Kustvakt libraries
!!! Please also update Krill to version 0.60.2 and Koral to version 0.38
2021-12-02
- Updated VC cache.
2021-12-03
- Enabled listing system vc for authorized users.
2021-12-08
- Removed koralQuery and statistics from VC list.
- Added a web-service to retrieve KoralQuery of a VC
2021-12-10
- [security] Updated log4j libs due to CVE-2021-44228.
2021-12-13
- Fixed broken test suite.
2022-01-03
- [security] More log4j security updates
- Bumped unboundid-ldapsdk
- Updated tests.
2022-01-25
- Added show-tokens option to the search API.
2022-01-31
- Added an API retrieving fields of a virtual corpus.
# version 0.64.1
2021-10-26
- Bump Kustvakt and Krill versions.
# version 0.64
2021-07-29
- Updated the change files and made a new version.
2021-08-12
- Fixed errors due to missing query type and added tests.
2021-08-13
- Fixed missing request entity.
- Updated the query service to enable editing query references.
2021-08-16
- Fixed creator param when storing query or VC by admins for
the system or other users.
# version 0.63.2
2021-06-11
- Updated OAuth2 token length & secure random algorithm config.
- Added character set filter to random code generator, e.g. for client_id.
2021-06-14
- Updated roleId and super client parameters.
2021-06-24
- Fixed broken test.
2021-07-22
- Updated cache settings and some loggings.
2021-07-26
- Replaced annotation parsing with restoring the annotation tables to the
database.
- Moved cache config to the full config.
# version 0.63.1
2021-02-22
- Updated libraries (margaretha)
- Renamed virtual corpus to query (margaretha)
2021-02-26
- Added query access roles and fixed vc access roles (margaretha)
- Added delete query webservice and tests (margaretha)
2021-03-25
- Updated Koral version for Info Controller (margaretha)
- Updated OAuth2 token list with token type and user clientId
parameters (margaretha)
2021-03-29
- Added client type in the client list web-service. Resolved #58 (margaretha)
2021-04-19
- Updated OAuth2Client JSON definition and controller tests (margaretha)
2021-04-26
- Updated OAuth2 Client list (margaretha)
2021-04-30
- Updated parameters in the error responses of OAuth2 APIs for coherence (margaretha)
- Updated OAuth2 API responses for coherence (margaretha)
2021-06-07
- Updated OAuth2 client dto (margaretha)
# version 0.63
26/10/2020
- Updated dependency of nimbus-jose-jwt and oauth2-oidc-sdk (diewald)
29/10/2020
- Introduction of a query reference rewrite mechanism (diewald)
30/10/2020
- Added database methods for storing query references (diewald)
04/12/2020
- Fix hibernate dialect for SQLite. (margaretha)
04/12/2020
- Fix pipe warning. (margaretha)
14/01/2021
- Updated Flyway (margaretha)
21/01/2021
- Fixed running pipe and updated tests with mockserver (margaretha)
01/02/2021
- Updated methods dependent to Antrl4-maven-plugin libraries (margaretha)
05/02/2021
- Add query reference web-service (diewald,margaretha)
10/02/2021
- Fixed problem with multiple desktop apps (diewald, margaretha)
12/02/2021
- Added listing available queries for users (margaretha)
17/02/2021
- Removed escaping for KoralQuery in VC and query reference responses (margaretha)
- Added query and query language in virtual corpus table (margaretha)
18/02/2021
- Set corpus access public for stored query (margaretha)
19/02/2021
- Enabled API info web-service (margaretha)
# version 0.62.4
24/01/2020
- Removed salt from config and updated config files (margaretha)
03/02/2020
- Added an admin API for clearing access token cache (margaretha)
05/02/2020
- Added a config properties for a long-time access token expiry
and excluded refresh tokens for public clients in OAuth2 token
responses (margaretha)
- Removed client authentication from the client deregistration and
client-secret reset APIs (margaretha)
04/03/2020
- Updated the sample index (diewald)
# version 0.62.3
03/12/2019
- Implemented pipe extension in the search API (margaretha)
11/12/2019
- Added errors when requesting VC in caching process (margaretha,
resolved #47)
12/12/2019
- Added support for multiple cq parameters (margaretha, resolved #46)
13/12/2019
- Handled pipe errors and added tests (margaretha)
19/12/2019
- Updated create update user-group API (margaretha)
20/12/2019
- Removed transactional annotations from simple select queries (margaretha)
- Updated free resource controller (margaretha)
15/01-2020
- Added additional statistic figures to virtual corpus info API
response (margaretha)
# version 0.62.2
17/10/2019
- Handled vulnerability CVE-2019-17195. (margaretha)
8/11/2019
- Added user-group name pattern (margaretha, issue #33)
11/11/2019
- Updated user group service paths and replaced groupId with groupName
(margaretha, resolved #33)
12/11/2019
- Removed UserGroupJson & updated listUserGroups and createUserGroup
services (margaretha)
- Added prefixes to username and groupname parameters in service paths
(margaretha, resolved #35)
13/11/2019
- Added tests for issue #43 (margaretha)
14/11/2019
- Added client description and URL to list-authorized-clients service
(margaretha, close #53)
- Implemented a service to list clients registered by a user (margaretha,
close #52)
- Added a check for OAuth2 client, VC, and group name length (margaretha)
15/11/2019
- Merged list authorized client and list registered client services
(margaretha)
21/11/2019
- Added a service to list active refresh tokens of a user (margaretha)
- Added username filtering to token revocation service via super client
(margaretha)
26/11/2019
- Added a service to revoke a single refresh token via super client
(margaretha)
# version 0.62.1
08/07/2019
- Added tests for public metadata response in search api (margaretha,
issue #43)
- Disabled some tests of unused/disabled web-services (margaretha)
07/08/2019
- Fixed missing scopes after requesting access token with refresh token
(margaretha)
- Fixed post requests with status OK and empty body (margaretha)
07/08/2019
- Added users to hidden group when searching in a published VC (margaretha,
resolved #40)
15/08/2019
- Updated the response statuses of VC PUT requests (margaretha)
# version 0.62
28/02/2019
- Removed old VC controllers and updated tests (margaretha, issue #34)
- Updated VC access controllers (margaretha)
19/03/2019
- Added close index controller (margaretha)
11/04/2019
- Fixed unknown authentication scheme, missing VC entity, and parameter
checker (margaretha)
- Fixed sharing unknown VC, updating corpusQuery, and handling non-
unique group name and unknown VC access (margaretha)
27/06/2019
- Handled LDAP errors, fixed #45 (margaretha)
03/07/2019
- Added re-caching VC at closing-index service, resolved #44 (margaretha)
- Changed the response media-type of authentication controllers (margaretha)
- Fixed bugs: allow guest to retrieve system VC,
remove VC from cache when it is deleted (margaretha)
04/07/2019
- Updated VC name pattern and tests (margaretha)
# version 0.61.6
04/02/2019
- Fixed SQL data and merged oauth2_client_url and oauth2_client (margaretha)
- Updated client deregistration behavior (margaretha)
05/02/2019
- Added delete-group-by-name controller (margaretha)
- Added unique index to group name (margaretha)
06/02/2019
- Updated a user setting test using array for multiple values (margaretha)
- Added metadata controller tests (margaretha)
18/02/2019
- Fixed tests (margaretha)
- Updated handling errors from Koral (margaretha)
19/02/2019
- Added fields to metadata controller (margaretha, issue #39)
# version 0.61.5
17/12/2018
- Added a search timeout test (margaretha)
18/12/2018
- Updated tests using BeanConfigTest to use SpringJerseyTest (margaretha)
08/01/2019
- Improved predefined vc caching (issue #28, margaretha)
09/01/2019
- Added comments (margaretha)
- Updated code structure (margaretha)
11/01/2019
- Degraded API version to 1.0 (margaretha)
- Added OAuth2 client info tests (margaretha)
14/01/2019
- Added retrieveVCByName and deleteVCByName controllers (margaretha)
16/01/2019
- Added a PUT request for both creating and editing vc (margaretha)
- Added aliases to some VC controllers (margaretha)
- Merged VC access list controllers (margaretha)
21/01/2019
- Removed codes related to user registration & password management (margaretha)
22/01/2019
- Added create, edit, retrieve user default setting controllers (margaretha)
22/01/2019
- Updated default setting controllers & added tests (margaretha)
- Added delete key in setting controllers (margaretha)
23/01/2019
- Added default setting key validation (margaretha)
- Fixed UserdataTest (margaretha)
24/01/2019
- Added default setting key validation & fixed UserdataTest (margaretha)
25/01/2019
- Added VC reference and MapUtil tests (margaretha)
28/01/2019
- Fixed username verification in DefaultSettingService (margaretha)
- Added foundry rewrite with user default setting (margaretha)
- Added default foundry for morphology layer (margaretha)
29/01/2019
- Fixed share VC type (margaretha)
- Added delete setting controller (margaretha)
- Handled "no resource found" cases (margaretha, issue #37)
30/01/2019
- Added server shutdown description in readme (margaretha)
# version 0.61.4
14/11/2018
- Integrated lite and full services and controllers in core (margaretha)
21/11/2018
- Updated OAuth2 refresh token request to create a new refresh token and
revoke the old one per request (margaretha)
28/11/2018
- Updated NamedVCLoader to delete existing VC in DB (margaretha)
- Handled storing cached VC with VC reference (margaretha)
29/11/2018
- Added a controller for listing user clients having active refresh tokens
(margaretha)
6/12/2018
- Added debug flags to mitigate log4j debugging performance (margaretha)
- Fixed KoralNode at() method (margaretha)
11/12/2018
- Implemented revoking all tokens of a user client via a super client
(margaretha)
- Removed document controllers and KustvaktResource (margaretha)
- Fixed rewrite bugs (updated rewriteQuery & KoralNode) (margaretha)
# version 0.61.3
17/10/2018
- Updated NamedVCLoader to be optional (margaretha)
- Updated annotation tables & implemented key-value structure (margaretha)
- Added annotation parser for annotation data from kalamar (margaretha)
- Implemented parsing free resource info from json (margaretha)
22/10/2018
- Updated jetty, spring and hibernate versions (margaretha)
- Fixed the order of annotation keys and values, and added tests (margaretha)
- Fixed resource DAO & added tests (margaretha)
24/10/2018
- Fixed query serialization service (margaretha)
- Added "highlights" parameter to matchInfo controller (margaretha)
- Added "fields" parameter to search controllers (margaretha)
- Integrated lite controllers, services and tests in full version (margaretha)
29/10/2018
- Moved javax.servlet-api to core (margaretha)
07/11/2018
- OpenJDK8u181-workaround (see Debian Bug report #911925; diewald)
13/11/2018
- Added Shutdown handler to Jetty server (margaretha)
- Fixed storing VC order in NamedVCLoader (margaretha)
# version 0.61.2
12/09/2018
- Added various log4j2 configurations (margaretha)
13/09/2018
- Implemented VirtualCorpusRewrite (margaretha)
14/09/2018
- Fixed SpringJerseyTest ApplicationContext (margaretha)
- Handled VCRef with username in VirtualCorpusRewrite (margaretha)
- Enabled VCReferenceTest in maven test suite (margaretha)
18/09/2018
- Handled unique constraints / inserting duplicate items to DB (margaretha)
- Added a controller for editing user group member roles (margaretha)
19/09/2018
- Fixed cached-VC ref with username (margaretha)
# version 0.61.1
28/08/2018
- Added API URL versioning (margaretha)
- Deactivated IdRewrite (margaretha)
- Fixed kustvakt controller (margaretha)
30/08/2018
- Fixed root packages & added api version properties in kustvakt.conf
(margaretha)
- Fixed versioning in SearchController (margaretha)
- Added API versioning tests (margaretha)
# version 0.61.0
02/08/2018
- Added VC reference tests (margaretha)
- Implemented loading and caching named VCs (margaretha)
03/08/2018
- Implemented OAuth2 revoke token (margaretha)
- Updated OAuth2 refresh token implementation (margaretha)
14/08/2018
- Implemented revoke all OAuth2 access tokens and authorization codes of
client users when deregistering/deleting a client (margaretha)
- Fixed update OAuth2 access token (margaretha)
- Implemented reset client secret (margaretha)
- Fixed revoking latest access token when refreshing OAuth2 access token
(margaretha)
15/08/2018
- Implemented OAuth2 client info controller (margaretha)
- Implemented update OAuth2 client privilege controller for admins
(margaretha)
- Implemented unlimited authorization scope for super clients with OAuth2
password grant (margaretha)
- Marked native clients implementation to deprecated in favour of super
clients (margaretha)
- Enabled using Bearer tokens as user authentication tokens (Authorization
header value) for many controllers including OAuth2 controllers (margaretha)
16/08/2018
- Implemented degrading super clients (margaretha)
- Improved and added OAuth2 tests (margaretha)
21/08/2018
- Added VC name pattern check (margaretha)
22/08/2018
- Implemented loading VC from gz files (margaretha)
- Updated OAuth2 authorization codes' & access tokens' expiry check
(margaretha)
23/08/2018
- Updated RefreshToken implementations with separate DB tables (margaretha)
- Allows multiple access tokens per refresh token (margaretha)
27/08/2018
- Added statistic with VC reference tests (margaretha)
- Fixed OAuth2 SQL files (margaretha)
28/08/2018
- Added c3p0 datasource configuration to Spring default-config-xml
(margaretha)
- Added running Kustvakt server with custom spring config in the readme
(margaretha)
- Removed old OAuth2 codes (margaretha)
- Moved non-config test codes to misc (margaretha)
# version 0.60.5
09/07/2018
- Added service layer to the search controller (margaretha)
- Added OAuth2 scope checking in search and VC controllers (margaretha)
- Added handling OAuth2 bearer token for VC access and User group
controllers (margaretha)
- Added default scope to password grant (margaretha)
10/07/2018
- Made createBasicAuthorizationHeaderValue static (margaretha)
- Added store access token in openID token service (margaretha)
- Fixed empty scope in openID authorization and token service (margaretha)
- Implemented storing authorization code in cache (margaretha)
11/07/2018
- Fixed authentication time in authentication controller (margaretha)
- Added OAuth2 access token tests (margaretha)
12/07/2018
- Updated maven surefire setting for faster test suite runtime (margaretha)
- Implemented refreshing OAuth2 access token (margaretha)
26/07/2018
- Fixed issue #27 (margaretha)
02/08/2018s
- Fixed clientId encoding in OAuth2ClientControllerTest (margaretha)
# version 0.60.4
05/07/2018
- implemented OAuth2 authorization code request with OpenID Authentication
(margaretha)
- enabled OAuth2 authorization without OpenID authentication using Nimbus
library (margaretha)
- implemented response handler for OpenID authentication errors in authorization
requests (margaretha)
- added tests regarding OpenID authentication in authorization requests
(margaretha)
- implemented OAuth2 authorization error response via redirect URI instead of
JSON (margaretha)
- added state to OAuth2 authorization error response (margaretha)
- implemented OpenID token service for authorization code flow (margaretha)
- implemented signed OpenID token with default algorithm RSA256 (margaretha)
- implemented JSON Web Key (JWK) set web-controller listing kustvakt public
keys (margaretha)
- implemented OpenId configuration (margaretha)
- added authentication time and support for auth_time in id_token (margaretha)
- implemented support for nonce and max_age parameters in OpenID authentication
(margaretha)
- implemented OAuth2 token request with password grant using Nimbus library
(margaretha)
- updated redirect URI validator (margaretha)
- updated client registration requirement to allow desktop applications
(margaretha)
- fixed RSA key configuration (margaretha)
- merged OAuth2 client deregistration controllers (margaretha)
- fixed OAuth2 client unique URL-hashcode (margaretha)
- migrated logging to log4j 2 and adapted java.util.logging to log4j(margaretha)
- Added support for unrestricted corpus statistics (ndiewald)
- updated paths of user-group deletion-controllers (margaretha)
- Do not pass broken queries to Krill (diewald)
- added OAuth2 token request with client authentication via Authorization
header (margaretha)
- added port checking in test suite (margaretha)
# version 0.60.3
06/06/2018
- improved user authentication by using authentication filter for authorization
code request (margaretha)
- limited client authentication to client id checking in authorization code
request (margaretha)
- added user_id in the oauth2_access_token database table (margaretha)
- implemented OAuth2Authentication provider for token context management
(margaretha)
- added parameter checking for authorization DAO (margaretha)
- added controller tests using OAuth2 access token (margaretha)
- added database tables for MySQL (margaretha)
- updated JWT library and related codes (margaretha)
# version 0.60.2
03/05/2018
- implemented OAuth2 client registration (margaretha)
- implemented OAuth2 client authentication (margaretha)
- changed virtual corpus search to retrieval (margaretha)
- implemented public client deregistration task (margaretha)
- added client registration and deregistration tests (margaretha)
- implemented confidential client deregistration task (margaretha)
- fixed storing client secret (margaretha)
- implemented OAuth2 response handler (margaretha)
- implemented OAuth2 request access token with client credentials grant
(margaretha)
- implemented OAuth2 request access token with resource owner password grant
(margaretha)
- implemented OAuth2 authorization code request (margaretha)
- added OAuth2 error codes (margaretha)
- added OAuth2 authorization, scope and access token tables for SQLite
(margaretha)
- implemented OAuth2 authorization, scope and access token DAO (margaretha)
- implemented OAuth2 request access token with authorization code grant
(margaretha)
- added setting default scopes in the config file (margaretha)
- fixed loading spring config multiple times in the test suite (margaretha)
- added SQLite created_date trigger for access token (margaretha)
- added a join table for access token scopes (margaretha)
- added access scopes handling (margaretha)
- added tests about request token with authorization code (margaretha)
# version 0.60.1
28/03/2018
- added admin-related SQL codes (margaretha)
- updated AdminDao (margaretha)
- added optional username query parameter to group list controller (margaretha)
- fixed non hierarchical URI of kustvakt conf files (margaretha)
- added delete group member triggers (margaretha)
- added list user-group by username and status for system admin (margaretha)
- added user-group status in user-group DTO (margaretha)
- added check for hidden groups in user-group tests (margaretha)
- added database trigger test on deleting members when deleting group
(margaretha)
- renamed VC type PREDEFINED to SYSTEM (margaretha)
- added VC list controller for system admin (margaretha)
- added VC controller tests with for system admin (margaretha)
- added hidden access removal when deleting published VC (margaretha)
- added check for hidden groups in VC controller tests (margaretha)
- added search user-group controller (margaretha)
- removed createdBy from VirtualCorpusJson (margaretha)
- moved member role setting from the invitation phase to the after-subscription
phase (margaretha)
- added member role removal after deleting members (margaretha)
- added add and delete member role controllers (margaretha)
# version 0.60
14/03/2018
- set up mail settings using localhost port 25 (margaretha)
- added mail template in kustvakt configuration (margaretha)
- added mail settings to readme (margaretha)
- disabled email notification for auto group (margaretha)
- added metadata retrieval (diewald)
- enabled custom implementation for email address retrieval (margaretha)
- removed old policy and deprecated code (margaretha)
- moved authentication related code to /full (margaretha)
- added userRoles attribute to UserGroupDto. (margaretha)
- fixed sqlite trigger (margaretha)
- fixed member exist error message (margaretha)
- fixed member invitation to join deleted group (margaretha)
- added checking deleted group (margaretha)
# version 0.59.10
20/02/2018
- added sort VC by id (margaretha)
- added test cases regarding VC sharing (margaretha)
- implemented withdraw VC from publication (margaretha)
- added Changes file (margaretha)
- implemented add/invite users to group (margaretha)
- implemented delete user-group and member tasks (margaretha)
- added userMemberStatus in group lists (margaretha)
- updated and added SQL test data (margaretha)
- added user group related tests (margaretha)
- implemented custom configuration for deleting user groups and members (margaretha)
- updated library versions and java environment (margaretha)
- added expiration time check for member invitation (margaretha)
- moved .properties files (margaretha)
- merged changelog file to Changes (margaretha)
- updated status codes and error messages to be more detailed (margaretha)
- testing mail implementation using embedded jetty jndi (margaretha)
- fixed collection rewrite regarding OR operation with other fields
(margaretha)
- implemented sending mail using spring injection and removed jetty jndi
(margaretha)
- fixed unrecognized application/json (margaretha)
- fixed and updated velocity template (margaretha)
# version 0.59.9
19/01/2018
- restructured basic authentication (margaretha)
- fixed AuthenticationException to include authentication scheme (margaretha)
- fixed rewrite redundancy in collection rewrite (margaretha)
- fixed foundry rewrite for constituents (margaretha)
- introduced authentication methods, schemes and tokens (margaretha)
- implemented collection rewrite with multiple licenses (margaretha)
- fixed foundry rewrite for korap span without wrap node (margaretha)
- implemented list user group (margaretha)
- implemented delete VC task (margaretha)
- implemented create user-group, subscribe to user-groups, unsubscribe to
user-groups tasks(margaretha)
- fixed handling JSON mapping exception for missing enums (margaretha)
- implemented list VC task (margaretha)
- added KoralQuery in VC lists (margaretha)
- implemented edit VC task (margaretha)
- implemented publish VC task (margaretha)
- implemented share VC task (margaretha)
- implemented list only owned VC task (margaretha)
- implemented list VC access task (margaretha)
- implemented search VC by id task (margaretha)
- implemented delete VC access (margaretha)
- implemented search for project VC (margaretha)
- added search VC related tests (margaretha)
- removed PredefinedUserGroup.ALL and related codes (margaretha)
- implemented search for published VC (margaretha)
# version 0.59.8
21/09/2017
- restructured statistics service (margaretha)
- removed deprecated loader codes and tests (margaretha)
- removed old Spring java configurations (margaretha)
- implemented entity classes for the new database (margaretha)
- added MySQL codes regarding VC and for testing (margaretha)
- added dao methods regarding VC (margaretha)
- added similar SQL codes (to MySQL) for sqlite (margaretha)
- added dao methods regarding user groups (margaretha)
- restructured web-service codes into controller and logic/business-service
(margaretha)
- implemented user role and privilege, and added tests (margaretha)
- prepared test suite using new database (margaretha)
- implemented UserGroupDao and tests (margaretha)
- fixed missing exceptions in JsonUtils (margaretha)
- restructured web filters and authentication codes (margaretha)
- implemented create/store VC (margaretha)
- fixed collection rewrite bug regarding availability with operation or
(margaretha)
# version 0.59.7
13/10/2016
- MOD: updated search to use new siglen (diewald)
- MOD: fixed matchinfo retrieval in light service (diewald)
05/05/2015
- ADD: rest test suite for user service (hanl)
- MOD: setup parameter modification (hanl)
- ADD: oauth2 client unique constraint (hanl)