- fix: Gitee Issue #I4GV39
- feat: 正式支持 LDAP 中用户的登录认证
- fix: 重构发布快照流水线。 (Github PR #15)
- fix: Github PR #16
- fix: Gitee Issue #I4FGZ1
- change: 修改 JapUserService 接口中的 createAndGetHttpApiUser 方法名使其更符合语义。 (Github PR #13)
- change: 为
AbstractJapStrategy
的子类增加构造函数,支持自定义JapUserStore
。(Gitee Issue #I4BHBJ) - change: [jap-ids] 将 AccessToken 中的 LocalDateTime 改为 Date
- change: 升级
hutool
的版本为 5.7.14 - change: 升级
JustAuth
的版本为 1.16.5 - change: 更新了一些错误的文案
- feat: Support LDAP.
- fix: Github PR #15
- fix: Github PR #16
- fix: Gitee Issue #I4FGZ1
- change: optimize JapUserService interface to fix jap-http-api module. (Github PR #13)
- change: Add a constructor for subclasses of
AbstractJapStrategy
, support customJapUserStore
. (Gitee Issue #I4BHBJ) - change: [jap-ids] Change the LocalDateTime in AccessToken to Date
- change: Upgrade
hutool
to5.7.14
- change: Upgrade
JustAuth
to1.16.5
- feat: Add
jap-http-api
module. (Gitee Issue #I43ZS7) - feat: Add
jap-ids-web
module. Package the filter of ids as a separate component. - feat: add HTTP servlet adapter to decouple jakarta servlets. Note [1]
- feat: [jap-social] Support to bind the account of the third-party platform. (Gitee Issue #I46J6W)
- change: [jap-ids] scope changed to optional.
- change: [jap-sso] Upgrade
kisso
to 3.7.7, Solve the vulnerability of jackson. - change: [jap-mfa] Upgrade
googleauth
to 1.5.0, Solve the vulnerability of apache httpclient. - change: Replace the theme of the document site https://justauth.plus to solve the problem of the soaring memory of the document site. (Gitee Issue I4958H | Github Issue 8)
- change: Upgrade
simple-http
to 1.0.5. - change: Upgrade
JustAuth
to 1.16.4. - change: Optimize code.
Note [1]:
In versions prior to version 1.0.5 of jap, rely on the HttpServletRequest
, Cookie
, HttpServletResponse
,
and HttpSession
under the javax.servlet.http
package in jakarta-servlet
, such as:
// Interface provided by jap
public interface JapStrategy {
default JapResponse authenticate(AuthenticateConfig config, HttpServletRequest request, HttpServletResponse response) {
return null;
}
}
// Use jap in spring framework
XxJapStrategy.authenticate(config,request,response);
In order to improve the adaptability of the framework, since version 1.0.5, JAP removed the dependency
of jakarta-servlet
and adopted a new set of interfaces (reference: jap-http ).
The developer needs to adapt the original request when calling the JAP interface.
For example, if the developer uses jakarta-servlet
, then the HttpServletRequest
needs to be adapted:
// Use 1.0.5 or higher version of jap in spring framework
XxJapStrategy.authenticate(config,new JakartaRequestAdapter(request),new JakartaResponseAdapter(response));
- feat: 增加
jap-http-api
模块。 (Gitee Issue #I43ZS7) - feat: 增加
jap-ids-web
模块。 将jap-ids
的过滤器打包为一个单独的组件。 - feat: 添加 HTTP servlet 适配器以解耦 jakarta servlet。注[1]
- feat: [jap-social] 支持绑定第三方平台账号,该版本将社会化登录和绑定账号独立开来,以使其更加使用与多场景。 (Gitee Issue #I46J6W)
- change: [jap-ids]
scope
在各个流程中都更改为可选,遵循 RFC6749 规范。 - change: [jap-sso] 升级
kisso
的版本为 3.7.7, 解决 jackson 的漏洞。 - change: [jap-mfa] 升级
googleauth
的版本为 1.5.0, 解决 apache httpclient 的漏洞。 - change: 替换文档站主题 https://justauth.plus,解决文档站内存暴涨的问题。(Gitee Issue #I4958H | Github Issue #8)
- change: 升级
simple-http
的版本为 1.0.5. - change: 升级
JustAuth
的版本为 1.16.4. - change: 优化代码,添加 package-info。
注[1]:
在 1.0.5 以前版本,jap 中依赖 jakarta-servlet
中 javax.servlet.http
包下的 HttpServletRequest
、Cookie
、HttpServletResponse
、HttpSession
,比如:
// jap 提供的接口
public interface JapStrategy {
default JapResponse authenticate(AuthenticateConfig config, HttpServletRequest request, HttpServletResponse response) {
return null;
}
}
// 在spring框架中使用 jap
XxJapStrategy.authenticate(config,request,response);
为了提高框架适配性,自 1.0.5 版本开始,JAP 去掉了 jakarta-servlet
依赖,采用了一套全新的接口(参考:jap-http),开发者在调用
JAP 接口时需要对原 request 进行适配。
比如,开发者使用了 jakarta-servlet
,那么需要对 HttpServletRequest
进行适配处理:
// 在spring框架中使用 1.0.5 或更高级版本的 jap
XxJapStrategy.authenticate(config,new JakartaRequestAdapter(request),new JakartaResponseAdapter(response));
- fix: [jap-ids] Support to generate custom token. (Gitee#I3U1ON)
- fix: [jap-ids] Support custom verification of client_secret, such as: BCrypt, etc. ( Gitee#I44032)
- feat: [jap-ids] When
IdsConfig#enableDynamicIssuer
istrue
, customcontext-path
is supported. - fix: [jap-ids] Solve the problem of "After refreshing the token, the user information cannot be obtained with the new access token". (#I3XHTK)
- feat: [jap-oauth2]
Oauth2Strategy
supports the following methods:refreshToken
,revokeToken
,getUserInfo
- fix: [jap-social] Cannot customize
JapCache
andAuthStateCache
ofSocialStrategy
at the same time. ( Github#6) - fix: [jap-core] fix npe bug. (Github#5)
- doc: change the template of issue and PR
- fix: [jap-ids] 支持生成自定义 token(包含 access_token 和 refresh_token)。 ( Gitee#I3U1ON)
- fix: [jap-ids] 支持自定义验证
client_secret
,适配多种场景,如:BCrypt 等。 ( Gitee#I44032) - feat: [jap-ids] 当启用
IdsConfig#enableDynamicIssuer
时,支持自定义context-path
- fix: [jap-ids] 解决“刷新token后,用新的access_token无法获取用户信息”问题。 (Gitee#I3XHTK)
- feat: [jap-oauth2]
Oauth2Strategy
支持使用以下方法:refreshToken
、revokeToken
、getUserInfo
- fix: [jap-social] 无法同时自定义
SocialStrategy
的JapCache
andAuthStateCache
.( Github#6) - fix: [jap-core] 修复
userId
为空时 NPE 异常. (Github#5) - doc: 更改 issue 和 pr 的模板
- (fix): a bug of JwkUtil
- (fix): cannot refresh token
- (pr): Merge Gitee PR #16 by @lowis
- (issue): Fix Gitee #I3YWTD
- Upgrade justauth to 1.16.2
-
jap-ids
- Add the
enableDynamicIssuer
inIdsConfig
. WhenenableDynamicIssuer=true
, jap ids will automatically extractissuer
from the currently requested domain name. - Add the
loginPageUrl
inIdsConfig
:loginPageUrl
: login form page urlloginUrl
: The api url for login
- Add the
externalLoginPageUrl
inIdsConfig
. when the login page is not provided by an authorized service (the login page is hosted by other services), you need to enable this configuration. - Add the
externalConfirmPageUrl
inIdsConfig
. When the authorization confirmation page is not provided by an authorized service (the authorization confirmation page is hosted by other services), you need to enable this configuration. - Add the
authorizeAutoApproveUrl
inIdsConfig
. When the authorize url containsautoapprove=true
, it will not jump to theconfirmPageUrl
, but will jump directly to theauthorizeAutoApproveUrl
. - Add some scopes, such as
profile
,address
,read
andwrite
. - Add the
uid
in theOauthUtil#createAuthorizeUrl(String, IdsRequestParam)
. - Add the
IdsUserStoreService
interface to support custom operations on user data after login. - Add the
IdsPipeline
interface, developers can customize the process, currently only supports the process of customizingIdsxxFilter
andLoginEndpoint
. - Add
SPI
plugin mechanism
- Add the
-
jap-social
SocialStrategy
provides methods ofrefreshToken
,revokeToken
, andgetUserInfo
-
jap
javax.servlet-api
->jakarta.servlet-api
-
jap-ids
- Modify
IdsConfig.confirmUrl
toconfirmPageUrl
. - Modify the return value of
ApprovalEndpoint#getAuthClientInfo(HttpServletRequest)
toIdsResponse<String, Map<String, Object>>
. - Modify the return value of
Ap provalEndpoint#authorize(HttpServletRequest)
toIdsResponse<String, String>
. - Modify the return value of
AuthorizationEndpoint#agree(HttpServletRequest)
toIdsResponse<String, String>
. - Modify the return value of
LoginEndpoint#signin(HttpServletRequest)
toIdsResponse<String, String>
. - Modify the return value of
LogoutEndpoint#logout(HttpServletRequest)
toIdsResponse<String, String>
. - Modify the comment content of
ClientDetail
. - Modify the return type of
IdsResponse#getData()
to the specified generic. - Remove
IdsScopeProvider#initScopes(List<IdsScope>)
. - When
response_type=id_token
, the resulting Claims are returned in the ID Token. - Optimize the process of
UserInfoEndpoint#getCurrentUserInfo(HttpServletRequest)
, Response UserInfo Claims using Scope Values. - Modify the
loginByUsernameAndPassword
andgetByName
methods of theIdsUserService
interface, and add theclientId
parameter, which can be used to distinguish multi-tenant scenarios
- Modify
- Gitee
- Add
com.fujieid.jap.core.util.RequestUtil
- Complete the development of the
jap-ids
module, and provide oauth services externally based onjap-ids
- Supported features:
- Authorization Code Grant
- Proof Key for Code Exchange
- Implicit Grant
- Resource Owner Password Credentials Grant
- Client Credentials Grant
- Refresh access token
- Revoke access token
- Get the currently authorized user
- Verify login status
- Abnormal prompt
- Sign out
- OpenID Connect Discovery
- JWK Endpoint
- Custom jwt encryption and decryption certificate
- Support multiple response types, such as:
code
,token
,id token
,id token token
,code id token
,code token
,code id token token
- ...
- Supported features:
For more details about the use of jap-ids
, please refer to the sample
project: jap-ids-demo, or refer to the
document: IDS OAuth 2.0 服务端
- [jap-oidc] Optimize the
OidcStrategy#authenticate
method, cache theOidcDiscoveryDto
, and reduce unnecessary http requests - [jap-oidc] Optimize the code of
OidcUtil
, fix known bugs - [jap-social] fix known bugs
- Refactor
com.fujieid.jap.core.cache.JapLocalCache
, implement timer manually, clean local cache regularly
- Fix Gitee Issue #I3DC7N
- Fix the description error in
JapErrorCode
- Improve the
JapTokenHelper
- Merge Gitee PR #8
- Add
JapErrorCode
enumeration class to manage exception codes and exception prompts - Add
JapResponse
class to standardize interface return content - Add
JapTokenHelper
class to manage user tokens uniformly - Add
JapContext
class to maintain jap context information - Add
JapAuthentication
class, unified management of login status information and jap context information
- Package structure
- Move
AuthenticateConfig
,JapConfig
tocom.fujieid.jap.core.config
package - Move
JapUtil
tocom.fujieid.jap.core.util
package
- Move
- delete
- Delete
JapCacheContextHolder
- Delete
JapUserStoreContextHolder
- Delete
- Code
- Refactored
AbstractJapStrategy
, introducedJapContext
andJapAuthentication
classes - Refactor the
JapConfig
class, only retain thesso
andssoConfig
attributes, and add thetokenExpireTime
andcacheExpireTime
attributes at the same time - Modify the default validity period of the cache in
JapCacheConfig
to 7 days - Modify the default content in the
JapUserService
interface class - Add the
void remove key( string key)
method toJapCache
- Add
errorCode
anderrorMessage
attributes inJapException
to facilitate the processing of exception information into unified format return data - Add the
token
attribute toJapUser
, and the jap token will be automatically returned after login - In the
JapStrategy
interface, the return type of theauthenticate
method is changed toJapResponse
, and the strategy methods of all modules return data in a unified format - Mark the
redirect
method with@Deprecated
in theJapUtil
class, and it may be deleted in the future. At the same time add thecreateToken
method
- Refactored
- Modify the
authenticate
method ofOauth2Strategy
to returnJapResponse
- Modify the
authenticate
method ofOidcStrategy
to returnJapResponse
- Modify the
authenticate
method ofSimpleStrategy
to returnJapResponse
- Modify the
authenticate
method ofSocialStrategy
to returnJapResponse
- Modify the return value of the
JapSsoHelper#login
method to the jap token of the current user - Add
JapSsoUtil
- In the
japSsoConfig
class, delete thelogin url
andlogout url
attributes
- Add some unit tests
- added
jap-mfa
module to realize TOTP verification - The
logout
method is added to theJapUserStoreContextHolder
to support clearing cookies and sessions - added test cases
- Updated
jap.sh
, support a variety of common commands - The
options
attribute inJapConfig
is deleted, and thejustathConfig
attribute is added toSocialConfig
- Change the name of
RemberMeDetailsUtils
toRembermeUtils
- Move the
Oauth2Strategy#checkOauthConfig()
andOauth2Strategy#isCallback()
to theOauth2Util
- Improved code
- Reconstruct the
SimpleConfig
, and move the unnecessary configuration items and business logic to theRememberMeUtils
- Add cache module
com.fujieid.jap.core.cache.JapCache
- Add 'state' verification logic in
jap-oauth2
- Add some
package-info.java
- Revision notes
- To solve the problem that 'codeverifier' in 'pkceutil' can only be cached locally
- Upgrade
simple-json
to0.0.2
- Fix Javadoc compilation failure
JA Plus(JAP) is an open source authentication middleware, it is highly decoupled from business code and has good modularity and flexiblity. Developers could integrate JAP into web applications effortlessly.