更新记录
# v1.0.5 (2021-09-15)
- feat: Add
jap-http-apimodule. (Gitee Issue #I43ZS7 (opens new window)) - feat: Add
jap-ids-webmodule. Package the filter of ids as a separate component. - feat: add HTTP servlet adapter to decouple jakarta servlets. Note [1]
- feat: [jap-social] Support to bind the account of the third-party platform. (Gitee Issue #I46J6W (opens new window))
- change: [jap-ids] scope changed to optional.
- change: Upgrade
simple-httpto 1.0.5. - change: Upgrade
JustAuthto 1.16.4. - change: Optimize code.
Note [1]:
In versions prior to version 1.0.5 of jap, rely on the HttpServletRequest, Cookie, HttpServletResponse, and HttpSession under the javax.servlet.http package in jakarta-servlet, such as:
// Interface provided by jap
public interface JapStrategy {
default JapResponse authenticate(AuthenticateConfig config, HttpServletRequest request, HttpServletResponse response) {
return null;
}
}
1
2
3
4
5
6
2
3
4
5
6
// Use jap in spring framework
XxJapStrategy.authenticate(config, request, response);
1
2
2
In order to improve the adaptability of the framework, since version 1.0.5, JAP removed the dependency of jakarta-servlet and adopted a new set of interfaces (reference: jap-http (opens new window) ).
The developer needs to adapt the original request when calling the JAP interface.
For example, if the developer uses jakarta-servlet, then the HttpServletRequest needs to be adapted:
// Use 1.0.5 or higher version of jap in spring framework
XxJapStrategy.authenticate(config, new JakartaRequestAdapter(request), new JakartaResponseAdapter(response));
1
2
2
- feat: 增加
jap-http-api模块。 (Gitee Issue #I43ZS7 (opens new window)) - feat: 增加
jap-ids-web模块。 将jap-ids的过滤器打包为一个单独的组件。 - feat: 添加 HTTP servlet 适配器以解耦 jakarta servlet。注[1]
- feat: [jap-social] 支持绑定第三方平台账号,该版本将社会化登录和绑定账号独立开来,以使其更加使用与多场景。 (Gitee Issue #I46J6W (opens new window))
- change: [jap-ids]
scope在各个流程中都更改为可选,遵循 RFC6749 规范。 - change: 升级
simple-http的版本为 1.0.5. - change: 升级
JustAuth的版本为 1.16.4. - change: 优化代码。
注[1]:
在 1.0.5 以前版本,jap 中依赖 jakarta-servlet 中 javax.servlet.http 包下的 HttpServletRequest、Cookie、HttpServletResponse、HttpSession,比如:
// jap 提供的接口
public interface JapStrategy {
default JapResponse authenticate(AuthenticateConfig config, HttpServletRequest request, HttpServletResponse response) {
return null;
}
}
1
2
3
4
5
6
2
3
4
5
6
// 在spring框架中使用 jap
XxJapStrategy.authenticate(config, request, response);
1
2
2
为了提高框架适配性,自 1.0.5 版本开始,JAP 去掉了 jakarta-servlet 依赖,采用了一套全新的接口(参考:jap-http (opens new window)),开发者在调用 JAP 接口时需要对原 request 进行适配。
比如,开发者使用了 jakarta-servlet,那么需要对 HttpServletRequest 进行适配处理:
// 在spring框架中使用 1.0.5 或更高级版本的 jap
XxJapStrategy.authenticate(config, new JakartaRequestAdapter(request), new JakartaResponseAdapter(response));
1
2
2
# v1.0.4 (2021-08-15)
- fix: [jap-ids] Support to generate custom token. (Gitee#I3U1ON (opens new window))
- fix: [jap-ids] Support custom verification of client_secret, such as: BCrypt, etc. (Gitee#I44032 (opens new window))
- feat: [jap-ids] When
IdsConfig#enableDynamicIssueristrue, customcontext-pathis supported. - fix: [jap-ids] Solve the problem of "After refreshing the token, the user information cannot be obtained with the new access token". (#I3XHTK (opens new window))
- feat: [jap-oauth2]
Oauth2Strategysupports the following methods:refreshToken,revokeToken,getUserInfo - fix: [jap-social] Cannot customize
JapCacheandAuthStateCacheofSocialStrategyat the same time. (Github#6 (opens new window)) - fix: [jap-core] fix npe bug. (Github#5 (opens new window))
- doc: change the template of issue and PR
- fix: [jap-ids] 支持生成自定义 token(包含 access_token 和 refresh_token)。 (Gitee#I3U1ON (opens new window))
- fix: [jap-ids] 支持自定义验证
client_secret,适配多种场景,如:BCrypt 等。 (Gitee#I44032 (opens new window)) - feat: [jap-ids] 当启用
IdsConfig#enableDynamicIssuer时,支持自定义context-path - fix: [jap-ids] 解决“刷新token后,用新的access_token无法获取用户信息”问题。 (Gitee#I3XHTK (opens new window))
- feat: [jap-oauth2]
Oauth2Strategy支持使用以下方法:refreshToken、revokeToken、getUserInfo - fix: [jap-social] 无法同时自定义
SocialStrategy的JapCacheandAuthStateCache.(Github#6 (opens new window)) - fix: [jap-core] 修复
userId为空时 NPE 异常. (Github#5 (opens new window)) - doc: 更改 issue 和 pr 的模板
# v1.0.3 (2021-07-28)
- (fix): a bug of JwkUtil
- (fix): cannot refresh token
- (pr): Merge Gitee PR #16 (opens new window) by @lowis (opens new window)
- (issue): Fix Gitee #I3YWTD (opens new window)
- Upgrade justauth to 1.16.2
# v1.0.2 (2021-05-24)
# New features
jap-ids
- Add the
enableDynamicIssuerinIdsConfig. WhenenableDynamicIssuer=true, jap ids will automatically extractissuerfrom the currently requested domain name. - Add the
loginPageUrlinIdsConfig:loginPageUrl: login form page urlloginUrl: The api url for login
- Add the
externalLoginPageUrlinIdsConfig. when the login page is not provided by an authorized service (the login page is hosted by other services), you need to enable this configuration. - Add the
externalConfirmPageUrlinIdsConfig. When the authorization confirmation page is not provided by an authorized service (the authorization confirmation page is hosted by other services), you need to enable this configuration. - Add the
authorizeAutoApproveUrlinIdsConfig. When the authorize url containsautoapprove=true, it will not jump to theconfirmPageUrl, but will jump directly to theauthorizeAutoApproveUrl. - Add some scopes, such as
profile,address,readandwrite. - Add the
uidin theOauthUtil#createAuthorizeUrl(String, IdsRequestParam). - Add the
IdsUserStoreServiceinterface to support custom operations on user data after login. - Add the
IdsPipelineinterface, developers can customize the process, currently only supports the process of customizingIdsxxFilterandLoginEndpoint. - Add
SPIplugin mechanism
- Add the
jap-social
SocialStrategyprovides methods ofrefreshToken,revokeToken, andgetUserInfo
# Modified
jap
javax.servlet-api->jakarta.servlet-api
jap-ids
- Modify
IdsConfig.confirmUrltoconfirmPageUrl. - Modify the return value of
ApprovalEndpoint#getAuthClientInfo(HttpServletRequest)toIdsResponse<String, Map<String, Object>>. - Modify the return value of
Ap provalEndpoint#authorize(HttpServletRequest)toIdsResponse<String, String>. - Modify the return value of
AuthorizationEndpoint#agree(HttpServletRequest)toIdsResponse<String, String>. - Modify the return value of
LoginEndpoint#signin(HttpServletRequest)toIdsResponse<String, String>. - Modify the return value of
LogoutEndpoint#logout(HttpServletRequest)toIdsResponse<String, String>. - Modify the comment content of
ClientDetail. - Modify the return type of
IdsResponse#getData()to the specified generic. - Remove
IdsScopeProvider#initScopes(List<IdsScope>). - When
response_type=id_token, the resulting Claims are returned in the ID Token. - Optimize the process of
UserInfoEndpoint#getCurrentUserInfo(HttpServletRequest), Response UserInfo Claims using Scope Values. - Modify the
loginByUsernameAndPasswordandgetByNamemethods of theIdsUserServiceinterface, and add theclientIdparameter, which can be used to distinguish multi-tenant scenarios
- Modify
# PR
- Gitee
- Merge PR #11 (opens new window) by @dreamlu (opens new window)
- Merge PR #12 (opens new window) by @sywd (opens new window)
- Merge PR #13 (opens new window) by @dreamlu (opens new window)
- Merge PR #14 (opens new window) by @dreamlu (opens new window)
# Issue
# v1.0.1(2021-04-21)
# New features
- Add
com.fujieid.jap.core.util.RequestUtil - Complete the development of the
jap-idsmodule, and provide oauth services externally based onjap-ids- Supported features:
- Authorization Code Grant
- Proof Key for Code Exchange
- Implicit Grant
- Resource Owner Password Credentials Grant
- Client Credentials Grant
- Refresh access token
- Revoke access token
- Get the currently authorized user
- Verify login status
- Abnormal prompt
- Sign out
- OpenID Connect Discovery
- JWK Endpoint
- Custom jwt encryption and decryption certificate
- Support multiple response types, such as:
code,token,id token,id token token,code id token,code token,code id token token - ...
- Supported features:
For more details about the use of jap-ids, please refer to the sample project: jap-ids-demo (opens new window), or refer to the document: IDS OAuth 2.0 服务端 (opens new window)
# Modified
- [jap-oidc] Optimize the
OidcStrategy#authenticatemethod, cache theOidcDiscoveryDto, and reduce unnecessary http requests - [jap-oidc] Optimize the code of
OidcUtil, fix known bugs - [jap-social] fix known bugs
- Refactor
com.fujieid.jap.core.cache.JapLocalCache, implement timer manually, clean local cache regularly
# PR
- Merge Gitee PR #9 (opens new window) by @dreamlu (opens new window)
# Issue
- Fix Gitee Issue #I3DC7N (opens new window)
# v1.0.1-alpha.1(2021-03-07)
# Modified
- Fix the description error in
JapErrorCode - Improve the
JapTokenHelper
# PR
- Merge Gitee PR #8 (opens new window)
# v1.0.1-alpha(2021-03-05)
# jap-core
# New features
- Add
JapErrorCodeenumeration class to manage exception codes and exception prompts - Add
JapResponseclass to standardize interface return content - Add
JapTokenHelperclass to manage user tokens uniformly - Add
JapContextclass to maintain jap context information - Add
JapAuthenticationclass, unified management of login status information and jap context information
# Modified
- Package structure
- Move
AuthenticateConfig,JapConfigtocom.fujieid.jap.core.configpackage - Move
JapUtiltocom.fujieid.jap.core.utilpackage
- Move
- delete
- Delete
JapCacheContextHolder - Delete
JapUserStoreContextHolder
- Delete
- Code
- Refactored
AbstractJapStrategy, introducedJapContextandJapAuthenticationclasses - Refactor the
JapConfigclass, only retain thessoandssoConfigattributes, and add thetokenExpireTimeandcacheExpireTimeattributes at the same time - Modify the default validity period of the cache in
JapCacheConfigto 7 days - Modify the default content in the
JapUserServiceinterface class - Add the
void remove key( string key)method toJapCache - Add
errorCodeanderrorMessageattributes inJapExceptionto facilitate the processing of exception information into unified format return data - Add the
tokenattribute toJapUser, and the jap token will be automatically returned after login - In the
JapStrategyinterface, the return type of theauthenticatemethod is changed toJapResponse, and the strategy methods of all modules return data in a unified format - Mark the
redirectmethod with@Deprecatedin theJapUtilclass, and it may be deleted in the future. At the same time add thecreateTokenmethod
- Refactored
# jap-oauth2
- Modify the
authenticatemethod ofOauth2Strategyto returnJapResponse
# jap-oidc
- Modify the
authenticatemethod ofOidcStrategyto returnJapResponse
# jap-simple
- Modify the
authenticatemethod ofSimpleStrategyto returnJapResponse
# jap-social
- Modify the
authenticatemethod ofSocialStrategyto returnJapResponse
# jap-sso
- Modify the return value of the
JapSsoHelper#loginmethod to the jap token of the current user - Add
JapSsoUtil - In the
japSsoConfigclass, delete thelogin urlandlogout urlattributes
# Other
- Add some unit tests
# v1.0.0(2021-02-18)
# New features
- added
jap-mfamodule to realize TOTP verification - The
logoutmethod is added to theJapUserStoreContextHolderto support clearing cookies and sessions - added test cases
# Modified
- Updated
jap.sh, support a variety of common commands - The
optionsattribute inJapConfigis deleted, and thejustathConfigattribute is added toSocialConfig - Change the name of
RemberMeDetailsUtilstoRembermeUtils - Move the
Oauth2Strategy#checkOauthConfig()andOauth2Strategy#isCallback()to theOauth2Util
# Other
- Improved code
- Reconstruct the
SimpleConfig, and move the unnecessary configuration items and business logic to theRememberMeUtils
# v1.0.0-alpha.1(2021-02-01)
# New features
- Add cache module
com.fujieid.jap.core.cache.JapCache - Add 'state' verification logic in
jap-oauth2 - Add some
package-info.java
# Modified
- Revision notes
- To solve the problem that 'codeverifier' in 'pkceutil' can only be cached locally
- Upgrade
simple-jsonto0.0.2
# other
- Fix Javadoc compilation failure
# 1.0.0-alpha(2021-01-28)
JA Plus(JAP) is an open source authentication middleware, it is highly decoupled from business code and has good modularity and flexiblity. Developers could integrate JAP into web applications effortlessly.
# Completed
Last Updated: 2024/04/06, 18:00:25