Version 3.1.4
Remarkable changes
Remarkable changes do not affect system stability after ApiOmat upgrade, but may require changes in configuration, apps, or modules in the next development cycle.
|
Dynamic Roles |
When using Dynamic Roles, the custom role check (a.k.a. overwritten isUserInRoles() method in Native Module) was not called for ApiOmat's Customer objects since 3.1.1 . Since 3.1.4 the custom role check is executed for Customers, again. You may be affected, if you implemented your own isUserInRoles() method that should be called for Customer requests assumed that the role class is assigned to a MetaModel. The isUserInRoles() method will now be called for Customers credentials again, like it is supposed to. |
|
AOM.checkRoles() method |
The basic user roles have always been hierarchical, which means for example that a user with the grant role could also read and write the object, and a user with the write role could also read the object. AOM.checkRoles() didn't adhere to this hierarchy, but instead lead to an authorization error when for example a user had write permissions and wanted to read an object. This was fixed. AOM.checkRoles() is usually only required when combining custom auth methods with existing basic user roles. If you're using this method and didn't take the role hierarchy into account, you should revise your auth handling. |
|
Java |
We switched from Oracle JDK 8 to AdoptOpenJDK 8. On Windows, when installing the JDK with the ApiOmat installer, the JDK installation path was previously "C:\Java\jdk8" (independent of the exact version), and now it depends on the OpenJDK version, for example "C:\Java\jdk8u202-b08", with a slightly changed subdirectory structure. To copy the old Java keystore to the new location you can run the following command (only necessary when you changed the keystore): copy "C:\Java\jdk8\jre8\lib\security\cacerts" "C:\Java\jdk8u202-b08\jre\lib\security\cacerts"
|
All changes in the current and previous versions can be found at the root page.
All deprecations and their removal date can be found at Deprecations and Migration.
Changelog
|
Schlüssel |
Zusammenfassung |
S |
Lösung |
|
Customer requests aren't checked by custom role check anymore |
|
Fixed |
|
|
|
Fixed |
||
|
[Analytics] Fix Customer deletion when Analytics is activated |
|
Fixed |
|
|
|
Fixed |
||
|
|
Fixed |
||
|
Manual auth verification in a hook method doesn't work when using an OAuth token |
|
Fixed |
|
|
|
Fixed |
||
|
Query with '+' gets decoded when using X-forwarded-proto header |
|
Fixed |
|
|
|
Fixed |
||
|
Give developer the possibility to disable classNameFilter in native modules findBy.. methods |
|
Fixed |
|
|
Docker with consul based hazelcast not working because of wrong configuration |
|
Fixed |
|
|
|
Fixed |
||
|
|
Fixed |
||
|
|
Fixed |
||
|
A PUT request without changed allowedRoles is seen as GRANT request |
|
Fixed |
|
|
|
Fixed |
||
|
|
Fixed |
||
|
|
Fixed |
||
|
|
Fixed |
||
|
[Swift] When loading a reference collection the query parameter should not be ignored |
|
Fixed |
