Releases: OhadR/authentication-flows
2.1-RELEASE
#71 make sure links are single-used
2.0.0-RELEASE
migration to gradle
adding init-db script, for easily DB configuration.
"create account" flow: fix bug (add app-name, o/w it works ONLY for cases where contextPath="/")
1.6.1-RELEASE
#32 #46 #56 support custom-endpoints (for custom-validations and custom-behavior of post-create-account)
#36 create account: add optional firstName and lastName
#35 #37 #43 support REST
#39 enable to set the authority for user
#48 AuthenticationPolicyRepository - read from config file
#52 GAEAuthenticationAccountRepositoryImpl: allow classes that inherit this class to use datastore elegantly
#54 support eternal passwords ('passwordLifeInDays')
#55 configurablization of app-admin emails sender.
#59 unbind version of auth-flows from crypto's version
#60 #61 UT
auth-flows is available from Maven Central:
<dependency>
<groupId>com.ohadr</groupId>
<artifactId>authentication-flows</artifactId>
<version>1.6.1-RELEASE</version>
</dependency>
1.6.0-RELEASE
This release contains bugfixes and some major enhancements. All changes are in 'authentication-flows'.
After #15 in the previous release, the road was ready to fully support GAE (#26)
- #2 create account: confirm "retype passwrod" equal to "password"
- #5 use "authorities" for authorization …
- #22 in GAE, after login, user is redirect to change password
- #23 username is case-sensitive
- #25 support layers model
- #26 support Google AppEngine
- #28 create account: validate that "username" is a valid email.
- #29 'create account': can create already-existing account
- #30 change/set-new password: confirm "retype passwrod" equal to "password" … ……
- #31 content of email: read from file + configurabilitization
auth-flows is available from Maven Central:
<dependency>
<groupId>com.ohadr</groupId>
<artifactId>authentication-flows</artifactId>
<version>1.6.0-RELEASE</version>
</dependency>
1.5.0-RELEASE
This release contains bug-fixes, and major improvements.
crypto-common
- issue #15 : Support common-crypto to work on system like GAE, where files cannot be created/stored. So if the keystore does not exist, common-crypto checks a flag before it stores a new-created KS file; in cases of GAE this flag is false.
auth-flows
- Better support Spring data-structures. Several classes were removed, like AuthenticationUser iface, and some logic from the 'JdbcAuthenticationAccountRepositoryImpl'
- issue #17 : 'loadUserByUsername()': use 'UsernameNotFoundException' if user not found (never return null). change all callers to adapt.
- issue #7 : read Auth-Policy from DB
- issue #11 : add login-success-handler
- issue #18 : supprt flow: account lock-out after exceeding max login attempts.
support AuthenticationFailure handler (rather than listener) - so upon exceeding # attempts, user is redirected to "account locked" page. listener cannot (and should not) redirect (it has no request/response)
add bean declaration in spring-servlet.xml for handler, with all ctor and props. - support flow : change password #20 . this flow occurs in 2 cases: (1) after successful login, when password has expired. (2) a link "change password" was clicked in the 'hosting' application.
auth-flows is available from Maven Central:
<dependency>
<groupId>com.ohadr</groupId>
<artifactId>authentication-flows</artifactId>
<version>1.5.0-RELEASE</version>
</dependency>
in the next release:
- support GAE as another data-source. different implementation for the repository.
Auth-Flows as a stand alone JAR!
Authentication-Flows is now a stand-alone JAR, AKA 'flows jar' (that the oauth-srv uses. the oauth-client can use it as well...). This flows jar is used by another project from another repo, called 'authentication-flows'.
Currently, the flows jar supports all flows (except change password): forgot password, create account. a mail is sent to the inbox of the user (we assume that the 'username' is the email!), with a link with encrypted data. Endpoints in the flows jar handle these events respectively.
In the next release
- I will support Spring data-structures even better. It will save me some classes, like AuthenticationUser iface, and some logic from the 'JdbcAuthenticationAccountRepositoryImpl'
1.1 issue #17 : loadUserByUsername(): use UsernameNotFoundException if user not found (and never return null). change all callers to adapt. - issue #15 : support common-crypto to work on system like GAE, where files cannot be stored. so if the keystore does not exist, common-crypto checks a flag before it stores a new-created file; in cases of GAE this flag is false.
- issue #7 : read Auth-Policy from DB
- issue #11 : add login-success-handler
- issue #18 : supprt flow: account lock-out after exceeding max login attempts.
support AuthenticationFailure handler (rather than listener) - so upon exceeding # attempts, user is redirected to "account locked" page. listener cannot (and should not) redirect (it has no request/response)
add bean declaration in spring-servlet.xml for handler, with all ctor and props. - support GAE as another data-source. different implementation for the repository.
- support flow : change password #20 . 2 cases: (1) after successful login, when password has expired.
(2) a link "change password" was clicked in the 'hosting' application.
added processing of flows: register, forgot password
add UserActionController, and repository implementations, for "register", "forgotpassword" and "change password" flows. this release is before the migration from oauth-server to a seperated JAR, "authentication-flows".
Works with spring-sec-oauth:1.0.5.RELEASE
Works with spring-sec-oauth:1.0.5.RELEASE
Works over spring-sec-oauth:1.0.0.RC2a (release candidate)
Works over spring-sec-oauth:1.0.0.RC2a (release candidate)
after getting rid of all occurences of w...x in the code and packages name.
works with spring-security-oauth 1.0.0.M6
v.1.0.0.M6 resource server