When the principal of the Authentication is an object, it is not necessarily
an User: it could be another implementation of UserDetails, or even a
completely unrelated type. Since the type of the object is serialized as a
property and used by the deserialization anyway, there's no point in
enforcing a stricter type.
Not only is it more efficient without converting to an intermediate String,
using JsonNode.toString() may not even produce valid JSON according to its
Javadoc (ObjectMapper.writeValueAsString() should be used).
We have an issue where token strings that contain a colon break
the existing decoding strategy, which tokenizes on colons. so this
change urlencodes the individual tokens when creating the cookie
string; and urldecodes them decoding the cookie and extracting the
tokens. This also eliminates the need for existing code to deal with
openid tokens which contain urls, and thus colons.
Allows the username only (without domain) to be used in custom search filter like "sAMAccountName={1}",
in eg. situations where the userPrincipalName has a different suffix than domain.
Thanks to contributors in issue.
fixes gh-2448
Originally, if the return from getAllowFromValue(request) is "DENY",
then the X-Frame-Options header's value will proceed to be written as
"ALLOW FROM DENY" - an invalid value.
This commit adds a condition in the if clause that checks whether
allowFromValue is "DENY". This way, the X-Frame-Options header will be
written as "ALLOW FROM origin" or "DENY".
Prior to this commit, the ObjectIdentity id had to be a number. This
commit allows for domain objects to use UUIDs as their identifier. The
fully qualified class name of the identifier type can be specified
in the acl_object_identity table and a ConversionService can be provided
to BasicLookupStrategy to convert from String to the actual identifier
type.
There are the following other changes:
- BasicLookupStrategy has a new property, aclClassIdSupported, which
is used to retrieve the new column from the database. This preserves
backwards-compatibility, as it is false by default.
- JdbcMutableAclService has the same property, aclClassIdSupported,
which is needed to modify the insert statement to write to the
new column. Defaults to false for backwards-compatibility.
- Tests have been updated to verify both the existing functionality
for backwards-compatibility and the new functionality.
Fixes gh-1224
Frank Pavageau
SignleMR
Rob Winch
Jeremy Waters
Trygve Aasjord
Johnny Lim
Nathan Wong
Antoine
Arend v. Reinersdorff
Kyle Anderson
Eddú Meléndez
Joe Grandja
Paul Wheeler
Joris Portegies Zwart