SpringBot 1.3.1.0

The release notes from the new version 1.3.1.0 of SpringBot.


Features

  • No new features in this release.

Improvements

  • Expand testing for CSRF tokens
  • Update SpringBot to use standardised token and cookie names for CSRF
  • Replace full custom CSRF cookie implementation with an implementation of the CsrfTokenRepository provided by Spring Boot.
  • By default production mode forces SSL, this can now be configured using the protected region called Override strict HTTPS mode here in the SecurityConfig.java file.

Resolved defects

  • Fixed issue where no feedback was provided to users attempting to register.
  • Resolve failing API tests
  • Issue resolved where entity diagrams with more than 84 entities without the Security extension breached a JVM parameter number limitation causing a compilation error.

Migration path

Any custom code that utilised the CSRF cookie or token will need to be updated to operate with the new values.

Feature Old name New name
CSRF cookie XSRF-TOKEN XSRF-TOKEN
CSRF token header XSRF-TOKEN X-XSRF-TOKEN
CSRF query parameters Ā  _csrf

CustomAuthenticationSuccessHandler#setSameSiteAttributeForAllCookie

This method has been moved to SecurityConfig.java.

AuthenticationService#addAuthentication

Code relating to CSRF has been removed from the inactive protected region Add any additional logic before configuring the response here. If you have enabled this protected region, it is recommended that you temporarily turn it off, build again, and then migrate your changes back into the protected region to ensure that you have the new changed.

AuthenticationService#getCsrfToken

This method has been removed. Please migrate any custom code in the protected region called Add any additional preprocessing logic for getCsrfToken here into the JwtAuthenticationFilter#attemptAuthentication method.

AuthenticationServiceTest

CSRF references have mostly been removed from this set of tests, they have been migrated to the XsrfTokenRepositoryTest.

JwtAuthenticationFilterTest

CSRF references have mostly been removed from this set of tests, they have been migrated to the XsrfTokenRepositoryTest.


Ready to start building?

Sign up to Codebots today to see how much faster you can build apps with us.