Skip to content

1.0.0
Compare
Choose a tag to compare
@kakawait kakawait released this 31 Jan 12:01
· 29 commits to master since this release
1.0.0
2f11ae1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
  • First release that supporting Spring boot 2 (#32)
  • Remove deprecated module cas-security-dynamic-service-resolver (#35)
  • Open some api to facilitate extensibility (#122, #109)

Breaking changes

Spring boot 2 support breaking changes

By supporting Spring Boot 2, you should understand that some security features has been removed on Spring Boot 2 regarding Spring Boot 1 (see official documentations Spring boot 2 migration guide - security and Spring boot 2 security migration).

No more basic auth by default on Spring boot 2

Some behaviors will not be able on Spring Boot 2 for example excepting getting Basic Auth support in addition to Cas Auth if you put security.basic.enabled=true (which is default). You must re-add Basic Auth by yourself like on cas-security-spring-boot-sample.

No more default ROLE_USER and ROLE based authentication by default

In addition, no more default role ROLE_USER will be added to any authenticated user.

Thus default security.cas.authorization.mode (formerly security.cas.authorization.mode) value is now authenticated instead of role.

However if you want to re-add default ROLE_ on every authenticated user you could use:

security:
  cas:
    user:
      default-roles: USER

Where security.cas.user.default-roles accepts list of roles.

And if you comes back to ROLE based authentication instead of just authenticated, you should:

security:
  cas:
    user:
      default-roles: USER
    authorization:
      mode: role
      roles: USER

Where security.cas.authorization.roles (which only useful when using security.cas.authorization.mode=ROLE) is list of roles that use must have to be accepted.

Assets 2
Loading