OACC v2.0.0

Release date: 2018-10-11

Summary of changes in this release:

• fixes minor javadoc issue referencing a private field
• updates version of bouncycastle dependency to latest
• updates copyright notice to include 2018
• removes all deprecated methods
• fixes #48: adds correct reference to outer table in correlated subqueries for permission lookups by name
• adds new authenticate() method that only takes credentials (it does not require an explicit Resource argument) to support authentication protocols with encrypted tokens that contain the necessary information to resolve the resource; Note that the built-in password-based authentication provider does not support token-based authentication, and that a custom provider must return the associated resource to the OACC context

Summary of API changes:

• *New feature* Support for token-based authentication
  • Prior to this release, OACC has required a Resource parameter to identify who is authenticating. Now OACC supports a method that only requires Credentials, for the case when an encrypted auth-token contains the information to resolve the resource to be authenticated.
• removes all previously deprecated methods from rc.5 - rc.8

Bug fixes:

• fixes #48: adds correct reference to outer table in correlated subqueries for permission lookups by name

Use the following dependency to include this release of OACC into your Maven project:

<dependency>
  <groupId>com.acciente.oacc</groupId>
  <artifactId>acciente-oacc</artifactId>
  <version>2.0.0</version>
</dependency>

Corresponding oacc-db release:
The version of the oacc-db database configuration scripts to be used with this release can be found here.

OACC v2.0.0-rc.8

Release date: 2017-06-07

Summary of changes in this release:

• adds support for pluggable password encryptors to the built-in SQLPasswordAuthenticationProvider, and prefixes the password hash with an identifier for the encryptor settings that created the hash
• adds a Jasypt-based password encryptor implementation with configurable digest parameters
• adds an OpenBSD-based bcrypt password encryptor implementation
• adds a transitioning password encryptor that can check existing passwords hashed with an old encryptor, but creates hashes with a new encryptor
• deprecates old factory methods for SQLAccessControlContext that did not specify a SQLPasswordAuthenticationProvider
• adds a PasswordEncryptor parameter to SQLAccessControlContext factory methods that did not already take a SQLPasswordAuthenticationProvider
• SQLAccessControlSystemInitializer now requires a new -pwdencryptor command line argument
• deprecates LegacyJasyptPasswordEncryptor (formerly known as StrongCleanablePasswordEncryptor)
• renames CleanablePasswordEncryptor interface to PasswordEncryptor
• replaces Jasypt-based Unicode text normalization with up-to-date (and backwards compatible) ICU4J implementation, and applies it across all password encryptors
• fixes #31 - SQLAccessControlSystemInitializer command line tool now correctly accepts not specifying dbSchema
• makes several command line arguments of SQLAccessControlSystemInitializer optional for databases that do not require them, and improves usage info
• changes Resource's toString() to output a more accurate and future-proof representation
• modifies toString() on all permission implementations for simplicity and consistency
• adds equals() and hashCode() methods to the PasswordCredentials implementation
• fixes acciente/oacc-db#3 - changes case of table identifiers in SQL statements to match the database setup scripts
• refactors internal SQLAccessControlSystemInitializer to delegate to AuthenticationProvider and to use Credentials
• updates SQLPasswordAuthenticationProvider's serialVersionUID due to serialization-incompatible structural changes
• removes unused SQLDialect parameter in the SQLPasswordAuthenticationProvider constructors
• removes the JUnit test suite classes to simplify running all tests, and removes obsolete test classes
• improves Javadoc comments and fixes typos
• updates dependencies to latest versions in pom.xml, and adds the PostgreSQL JDBC driver (test scope)
• removes obsolete configuration of surefire plugin in pom.xml and updates licensing-related information
• updates copyright notices

Summary of API changes:

• *New feature* Pluggable password encryptors
  • Prior to this release, OACC's built-in authentication provider used a Jasypt-based password hash. Now OACC supports configuring the password hashing scheme and provides two implementations of the PasswordEncryptor interface: Jasypt and BCrypt.
  • adds a Jasypt-based password encryptor implementation with configurable digest parameters
  • adds an OpenBSD-based bcrypt password encryptor implementation
  • adds a transitioning password encryptor that can check existing passwords hashed with an old encryptor, but creates hashes with a new encryptor
  • deprecates and moves StrongCleanablePasswordEncryptor to LegacyJasyptPasswordEncryptor
  • renames CleanablePasswordEncryptor interface to PasswordEncryptor
  • updates SQLPasswordAuthenticationProvider's serialVersionUID due to serialization-incompatible structural changes
  • adds new factory methods to SQLAccessControlContextFactory that take a PasswordEncryptor parameter
  • SQLAccessControlSystemInitializer now requires a new -pwdencryptor command line argument, but several command line arguments become optional for databases that do not require them
  • adds support to provide alternate resource identifier to createResource() with externalId String parameter
  • allows one-time setting of alternate resource identifier to an existing resource via the new setExternalId() method
  • adds externalId to Resource and modifies getId() to return Long instead of a primitive
• changes Resource's toString() to output a more accurate and future-proof representation
• modifies toString() on all permission implementations for simplicity and consistency
• adds equals() and hashCode() methods to the PasswordCredentials implementation
• *Deprecation* deprecates old factory methods for SQLAccessControlContext that did not specify a SQLPasswordAuthenticationProvider
• *Deprecation* deprecates LegacyJasyptPasswordEncryptor (formerly known as StrongCleanablePasswordEncryptor)

Bug fixes:

• fixes #31 - SQLAccessControlSystemInitializer command line tool now allows not specifying the optional dbschema
• fixes acciente/oacc-db#3 - changes case of table identifiers in SQL statements to match the database setup scripts

Use the following dependency to include this release of OACC into your Maven project:

<dependency>
  <groupId>com.acciente.oacc</groupId>
  <artifactId>acciente-oacc</artifactId>
  <version>2.0.0-rc.8</version>
</dependency>

Corresponding oacc-db release:
The version of the oacc-db database configuration scripts to be used with this release can be found here.

OACC v2.0.0-rc.7

Release date: 2016-02-15

Summary of changes in this release:

• refactors all permission factories to cache immutable permission objects
• normalizes post create permission parameters to OACC's internal implementation in create permission factories
• fixes #26 - replaced import statements in test classes that incorrectly had a dependency to the icu4j library
• changes the type of the post-create permission field in create-permission implementations
• adds database config properties for official mariaDB database drivers for testing
• updates databaseName property to upper case in MySQL test configuration, to be consistent with the MySQL DDL scripts in oacc-db
• updates test suite for the aforementioned changes
• updates pom.xml to allow publishing release artifacts to the Maven Central Repository

Summary of API changes:

• Create-permission factory methods now normalize the post-create permission parameter to OACC's internal implementation and throw an IllegalArgumentException if the parameter was null

Bug fixes:

• fixes #26 - replaced import statements in test classes that incorrectly had a dependency to the icu4j library
• fixes create-permission implementations to guarantee serializability

Use the following dependency to include this release of OACC into your Maven project:

<dependency>
  <groupId>com.acciente.oacc</groupId>
  <artifactId>acciente-oacc</artifactId>
  <version>2.0.0-rc.7</version>
</dependency>

Corresponding oacc-db release:
The version of the oacc-db database configuration scripts to be used with this release can be found here.

OACC v2.0.0-rc.6

Release date: 2016-01-11

Summary of changes in this release:

• adds serialVersionUIDs to all applicable classes
• deprecates preSerialize() methods
• validates dataSource or connection are not null
• fixes a bug that could cause NullPointerException for equals() and hashCode() of OACC's Resource implementation
• modifies getAuthenticatedResource() and getSessionResource() to return lazily-cached defensive copies of the session variables
• validates that database schema names are either null or a single sequence of unicode word characters
• updates test suite for the aforementioned changes
• updates copyright notices

Summary of API changes:

• Improves serialization support
  • adds serialVersionUids to all applicable classes
  • unserializable fields are now marked transient
  • consistent usage of Serializable marker interface
• Deprecation deprecates obsolete preSerialize() methods because unserializable fields are now marked transient

Bug fixes:

• fixes #23 - equals() and hashCode() of OACC's Resource implementation no longer can produce NullPointerException when resource was created without a resourceId

Corresponding oacc-db release:
The version of the oacc-db database configuration scripts to be used with this release can be found here.

OACC v2.0.0-rc.5

Release date: 2015-11-17

Summary of changes in this release:

• adds support for creating resources with an external id as an alternate resource identifier
• adds externalId to Resource and modifies getId() to return Long instead of a primitive
• adds support for all API methods that take a resource, to handle the alternate externalId identifier
• resolves and validates resource references passed to the API
• normalizes and validates permissions passed to the API
• deprecates the getInstance() permission factory methods that take a boolean indicating the grant option and replaces them with dedicated getInstanceWithGrantOption() methods
• deprecates withGrant in all permissions and replaces it with withGrantOption for clarity
• refactors implementation to remove redundant map traversals and to extract duplicate code blocks
• adds calls to close jdbc statements in tests where it was missing in several instances, and updates Oracle database config properties to use UCP datasource for the tests
• updates test suite for the aforementioned changes

Summary of API changes:

• New feature External id as alternate resource reference
  • Prior to this release, OACC exported a single numerical resourceId as the minimal way of coupling, instead of importing a client value, so as to allow the most flexibility in how clients can integrate OACC into their application.
    Now OACC allows a client application to specify a single String representation of a globally unique externalId to create and reference resources, so that clients can avoid having to store the resourceId generated by OACC
  • adds support to provide alternate resource identifier to createResource() with externalId String parameter
  • allows one-time setting of alternate resource identifier to an existing resource via the new setExternalId() method
  • adds externalId to Resource and modifies getId() to return Long instead of a primitive
• Deprecation deprecates withGrant in all permission objects and replaces it with withGrantOption for clarity
• Deprecation deprecates the getInstance() permission factory methods that take a boolean to indicate the grant option and replaces them with dedicated getInstanceWithGrantOption() methods

Corresponding oacc-db release:
The version of the oacc-db database configuration scripts to be used with this release can be found here.

OACC v2.0.0-rc.4

Release date: 2015-09-29

Summary of changes in this release:

• adds implementation strategies to handle databases that do not support recursive queries or sequence generators
• adds SQL dialect support for HSQLDB, MySQL/MariaDB, and SQLite
• adds SQLProfile and replaces SQLDialect as the parameter to instantiate a SQLAccessControlContext
• fixes a bug related to getting resources by permission, which didn't take domain-inherited SYSTEM permissions into account
• updates test suite for the aforementioned changes and bug fixes

Summary of API changes:

• New feature Expanded database support
  • Prior to this release, OACC made use of certain database features (such as recursive CTEs to efficiently traverse the permission graph, and sequence generators to provide new IDs) that aren't supported in all database systems;
    Now OACC includes support for auto-incrementing identity columns and to allow non-recursive querying, which will allow persisting the permission graph in many more RDBMS implementations
  • Requires an instance of the new SQLProfile class instead of the SQLDialect enum when getting an AccessControlContext from the SQLAccessControlContextFactory, to account for the aforementioned database features supported by the underlying database system
  • Adds profiles for HSQLDB, MySQL and SQLite

Bug fixes:

• fixes #16 - getResourcesByPermission() and getResourcesByPermissionAndDomain() methods did not take into account global system permissions that are inherited from a domain

Corresponding oacc-db release:
The version of the oacc-db database configuration scripts to be used with this release can be found here.

OACC v2.0.0-rc.3

Release date: 2015-07-14

Summary of changes in this release:

• adds grant/revoke permission methods
• adds methods to delete resources and domains
• adds query authorization
• adds set-based versions of methods that previously only accepted vararg permissions
• removes methods that are overloaded with the session resource or its domain as the default accessor or target domain
• modifies getEffectivePermission-methods to include permissions acquired implicitly via super-user privileges
• modifies methods that take vararg permission arguments to validate that they don't contain identical duplicates
• fortifies StrongCleanablePasswordEncryptor with checks for null arguments
• fixes two bugs related to setting duplicate permission that differ in grant option, as described in more detail below
• updates test suite for the aforementioned API changes
• updates Javadoc comments with the aforementioned API changes

Summary of API changes:

• New feature Grant/Revoke permission methods
  • For more fine-grained control of permission assignment, OACC now also provides grant and revoke methods for each permission type, which allow to add or remove one (or more) permissions from the set of existing direct permissions, respectively
• New feature Delete resources and domains
  • Adds new deleteResource() method that will perform a cascading delete of a resource from the security graph
  • Adds new deleteDomain() method that will delete a domain and any nested child domains
• New feature Query authorization
  • Allows for control of which resources can be inquired about via new *QUERY system resource permission
  • All query methods now check if the session resource is authorized to query. This affects:
    • permission retrieval methods
    • permission verification methods
    • resource retrieval by permissions methods
• Set-based versions for all vararg methods
  • All methods that take vararg permission parameters use a pattern to enforce a compile-time check that at least one permission parameter has been passed, which unfortunately doesn't allow for an elegant Collections-compatible way to call the method; for this reason such methods now also have a version that takes a Set of permissions instead of the vararg pattern
• Overloaded method removal
  • Removes methods that are overloaded by defaulting the accessor resource or target domain based on the session resource, such as
    • permission assertion methods
    • has-permission methods
    • get-permission methods
    • createResource
    • getResourcesByResourcePermissions/-AndDomain
  • The only methods remaining in the OACC API overloaded for convenience' sake are those that accept permission parameters as Sets or as varargs
• More consistent and comprehensive permission handling
  • The getResourcePermissionNames() method now includes any applicable system permissions in its result set
  • All getEffectivePermission-methods now explicitly include any permissions acquired implicitly via super-user privileges
• Parameter validation
  • Modifies methods that take vararg permission arguments to validate that they don't contain identical duplicates.
    Note that this modification changes the behavior from previously silently ignoring such duplicates to now throwing an exception!

Bug fixes:

• fixes #15 - setDomainCreatePermissions() now checks for duplicate create permission with differing grant options to prevent a SQLException
• fixes #14 - setResourceCreatePermissions() now checks for duplicate *CREATE permission with differing grant options to prevent a SQLException

Corresponding oacc-db release:
The version of the oacc-db database configuration scripts to be used with this release can be found here.

OACC v2.0.0-rc.2

Release date: 2015-03-23

Summary of changes in this release:

• replaces the checked AccessControlException with hierarchy of unchecked exceptions
• enhances permission verification API with boolean has-permission methods and updates all verification methods to accept multiple permissions, as well as to consistently provide overloaded versions with optional accessorResource and/or domainName arguments
• renames getResourcesByResourcePermissions() to getResourcesByResourcePermissionsAndDomain() when it takes a domainName argument
• updates method signatures to always place domainName parameter directly after resourceClassName parameter, where applicable
• updates resource getters (getResourcesByResourcePermissions and getAccessorResourcesByResourcePermissions) to accept multiple permissions
• adds resource class and domain as arguments to AuthenticationProvider.validateCredentials() for more context
• adds parameter validation to API methods to assert that accessor resource arguments reference an existing resource
• refactors parameter validation in API methods to be slightly more consistent by validating in the order of the method signature
• fixes several bugs, as described in more detail below
• updates test suite for the aforementioned API changes
• updates Javadoc comments with the aforementioned API changes

Summary of API changes:

• Exception handling
  • replaces the checked AccessControlException with more nuanced hierarchy of unchecked exceptions (including more structured and consistent exception messages)
• Permission verification
  • changes the assert methods based on a redesign that makes them consistent with the effective permission getters: now assert methods for each type of permission are overloaded with optional accessor resource and/or domain name arguments
  • introduces new kind of permission verification method: the has-permission method, which returns a boolean instead of throwing an exception; there is a has-permission method as an alternative for each of the assert methods
  • updates the assert and has-permission methods to accept permissions as (one or more) varargs, instead of a just single permission
• Method signatures
  • updates method signatures to always place domainName parameter directly after resourceClassName parameter, where applicable
  • updates resource getters (getResourcesByResourcePermissions and getAccessorResourcesByResourcePermissions) to accept permissions as (one or more) varargs, instead of just a single permission
  • renames the getResourcesByResourcePermissions-methods with a domain name argument to getResourcesByResourcePermissionsAndDomain, to distinguish them from the getResourcesByResourcePermissions-methods without a domain name argument, which return results across all domains
  • adds resource class and domain as arguments to AuthenticationProvider.validateCredentials() for more context
• Parameter validation
  • adds parameter validation to API methods to assert that accessor resource arguments reference an existing resource
  • refactors method parameter validation to be slightly more consistent by validating in the order of the method signature

Bug fixes:

• fixes internal permission validation method to ensure RESET_CREDENTIALS and IMPERSONATE are only valid for authenticatable resource classes
• fixes setResourcePermissions() to prevent an INHERIT cycle from a resource to itself
• fixes createResource() to now assert session is authenticated when called without domain name arguments (because it will implicitly use the session resource domain in those cases)
• fixes internal has-permission helper methods to remove redundant check for global permissions after checking effective permissions

Corresponding oacc-db release:
The version of the oacc-db database configuration scripts to be used with this release can be found here.

OACC v2.0.0-rc.1

Release date: 2015-01-09

Summary of changes in this release:

• adds new API methods to retrieve direct permissions
• changes all permission classes to interfaces and moves factory methods to new permission factories
• fixes several bugs, as described in more detail below
• extends comprehensive test suite to essentially cover the entire API
• adds checks to API methods to assert arguments are not null or blank
• refines javaDoc comments
• refactors internal codebase (i.e. not the public-facing API)
  • to be more consistent and descriptive in method and class names
  • to improve readability
• updates copyright notices

Summary of API changes:

• in AccessControlContext, adds get-methods for direct permissions to provide round-trip symmetry with the set-methods (enhancement #13) - previously OACC only had getters for effective permissions.
  • getResourcePermissions()
  • getGlobalResourcePermissions()
  • getResourceCreatePermissions()
  • getDomainPermissions()
  • getDomainCreatePermissions()
• changes all permission classes to interfaces and moves factory methods to the following newly added permission factories
  • ResourcePermissions
  • ResourceCreatePermissions
  • DomainPermissions
  • DomainCreatePermissions

Bug fixes:

• fixes overloaded getResourcesByResourcePermission() to check permissions to the accessor resource when the accessor resource is not identical to the session resource
• fixes getResourcesByResourcePermission() to not check permissions to the accessor resource when it is identical to the session resource
• fixes impersonate() to explicitly use the authenticated resource when checking permissions and to check for null arguments
• fixes getDomainNameByResource() to not throw NullPointerException for non-existent resource references
• fixes getResourceClassInfo() to not throw NullPointerException for non-existent resource class references
• fixes #12 - assertResourcePermission() now takes withGrant attribute into account when asserting permission
• fixes #11 - assertGlobalResourcePermission() now takes withGrant attribute into account when asserting permission
• fixes #10 - assertPostCreateResourcePermission() now takes withGrant attribute into account when asserting permission
• fixes #9 - setCredentials() now allows the authenticated resource to set its credentials without requiring explicit permissions
• fixes getAccessorResourcesByResourcePermission() to be whitespace consistent
• fixes getResourcePermissionNames() to be whitespace consistent
• fixes assertPostCreateResourcePermission() to be whitespace consistent
• fixes setGlobalResourcePermissions() to be whitespace consistent
• fixes getEffectiveGlobalResourcePermissions() to be whitespace consistent
• fixes getEffectiveResourceCreatePermissions() to be whitespace consistent
• fixes getEffectiveDomainPermissions() to be whitespace consistent
• fixes createDomain() for child domains to be whitespace consistent
• fixes getResourcesByResourcePermission() to be whitespace consistent
• fixes all effective permission getters to remove grant-equivalent duplicates from the result
• fixes #8 - setDomainCreatePermissions() no longer checks grant permissions on permissions that are not being changed
• fixes #7 - setDomainPermissions() no longer checks grant permissions on permissions that are not being changed
• fixes #6 - setGlobalResourcePermissions() no longer checks grant permissions on permissions that are not being changed and correctly handles up/downgrade of permissions with grant
• fixes #4 - setResourceCreatePermissions() no longer checks grant permissions on permissions that are not being changed and correctly handles up/downgrade of permissions with grant
• fixes #5 - setResourceCreatePermissions() strictly validates requested create permissions against specified resource class
• fixes #3 - setResourcePermissions() no longer checks grant permissions on permissions that are not being changed and correctly handles up/downgrade of permissions with grant
• fixes #2 - setResourcePermissions() no longer checks grant permissions on permissions that are not being changed and only requires the granting privileges that are necessary
• fixes #1 - getEffectiveResourcePermissions() now includes global and domain-inherited permissions

Corresponding oacc-db release:
The version of the oacc-db database configuration scripts to be used with this release can be found here.

OACC v2.0.0-alpha.4

Summary of changes in this release:

• pluggable authentication provider support
• redesigned authentication API calls to use credentials instead of passwords
• new extensible credentials interface to allow arbitrary authentication mechanisms
• built-in authentication provider now uses char[] instead of String for passwords

Summary of API (AccessControlContext) changes:

• authenticate method now takes a Credentials instance instead of a password
• new authenticate method to support authentication without providing credentials (for authentication provider that support it)
• renames setResourcePassword() to setCredentials()
• replaces createAuthenticatableResource() with overloaded createResource() methods

Includes a built-in AuthenticationProvider that provides password-based authentication, so that clients have the option to use OACC without having to implement their own authentication mechanism. Note that any passwords handled by the built-in authentication provider now use char[] exclusively, instead of String.

Bug fixes:

• fixes a bug that caused AccessControlContext instances to not be serializable

Corresponding oacc-db release:
The version of the oacc-db database configuration scripts to be used with this release can be found here.