Liam java 11
This is a rebased / reworked version of !177 (closed). Credit to @cedricwilleken for doing the initial migrations The biggest difference between the two branches is:
- The schema is stable in this version compared to master. Due to the fixes regarding Id generation.
The problem originated because Hibernate reinterpets
GenerationType.Auto
in newer versions. This pr fixes it to Identity generation as it used to be. - Hibernate ddl is set to validate
- A few security classes added in !177 (closed) are now gone namely
Encoder
and the infamousSavedRequestAwareAuthenticationSuccessHandler
- Formatting has been applied in the original commits that introduced the code changes.
Things to review:
-
SecurityWebApplicationInitializer
registers the web security config regardless of profile? is that correct?i -
Why is the heroku properties file required?
Things left todo:
-
Update the contributing guide to mention java 11+ and the command to insert the yaml template. -
The redirect to the login page is broken in the dev security setup. (Probably has to do with QueueAuthenticationEntryPoint
) -
Security in dev setup seems to remember users for to long (even across incognitos?) -
The yaml template currently enables: allow-bean-definition-overriding: true
which seems slightly hacky.
Edited by Liam Clark
Merge request reports
Activity
added 13 commits
- 472d7ece - Refactor queue for java 11
- d6764765 - Fix the tests so they work with java 11
- 9a599677 - Also change pom to reflect the gradle file
- d5b92f64 - Use java 11 compatible image to test code
- 8c738b45 - Migrate ci build and test stages to use java 11+
- 54d3573a - Re-enable redis sessions and make encoder and savedrequestawareauthentication...
- 00b073ed - Add the dependency for redis session data
- d59a3529 - Move thymeleaf and hibernate versions to a variable
- 50209bc4 - Thymeleaf versions dont match apperently to remove them
- 335238b9 - Apply the suggested edits by intellij
- c71450c7 - Pick id generation strategy Identity
- 14bd20e3 - Fix all warnings due to deprecated methods/classes
- 0eb63212 - Remove Encoder and SavedRequestAwareAuthenticationSuccessHandler
Toggle commit listassigned to @cedricwilleken, @otto, @taicoaerts, and @sander
- Resolved by Liam Clark
@cedricwilleken The redirect and logout works in development properly again if I remove this line
http // .exceptionHandling().authenticationEntryPoint(new QueueAuthenticationEntryPoint()).and() .authorizeRequests() .antMatchers("/").permitAll()
Any input on why you added this or why we would want it?
In ac040524 the bean overriding is no longer required and more extra security classes can be removed. Furthermore the login redirect on dev is working again
- Resolved by Liam Clark
- Resolved by Liam Clark
- Resolved by Liam Clark
- Resolved by Liam Clark
- Resolved by Liam Clark
Please register or sign in to reply