...
- MDA-166: The
ItemSerializerandItemCollectionSerializerinterfaces now allow serializers to throwIOExceptionwhen appropriate. The providedDOMItemSerializerwill throw anIOExceptionwrapping aTransformerExceptionif the latter is thrown during XML serialization. Previously, this condition would only have resulted in logging at ERROR level. - MDA-167: The
ItemIdTransformStagenow transforms identifiers using a collection ofFunctionobjects rather than of the similarConverterprovided by the Spring framework. This also affects the type of theMDQueryMD5ItemIdTransformerandMDQuerySHA1ItemIdTransformerclasses. This change will not affect existing configurations if only those classes are in use. This matches the use ofFunctionelsewhere in the API, and allows the use of Guava'sFunctionshelper class. - MDA-169: The
SAMLMetadataSupport.getDescriptorExtensionsmethod has been renamed togetDescriptorExtensionto reflect the fact that it returns a single result. - MDA-171: The
SAMLMetadataSupport.getDescriptorExtensionmethod's parameters must now be non-null; their annotations have been changed to@Nonnullto correspond with this. In previous releases, they were annotated as@Nullableand passingnullwould result in the method returningnull. - MDA-175: The
ItemOrderingStrategyinterface defined by theEntitiesDescriptorAssemblerStagenow allows the ordering strategy to throw aStageProcessingExceptionif, for example, the items presented are invalid in some way and can not be ordered. Such an exception will be propagated upwards to the caller of the stage'sexecutemethod. - MDA-179: The
Versionclass'sgetMicroVersionmethod has been renamed togetPatchVersionto align with current (semantic versioning) terminology. - MDA-182: Several classes exposed as part of the API for building custom stages have been reworked to simplify implementation of other stages and to correspond to current naming conventions:
BaseStagehas been renamed toAbstractStageBaseIteratingStagehas been renamed toAbstractFilteringStage- A new
AbstractIteratingStageallows the simpler construction of stages which process each Item independently
- MDA-188: The
AbstractDOMTraversalStageframework has been generalised to allow the use of custom context objects specific to the particular traversal, rather than relying on sometimes tortured uses of theClassToInstanceMultiMapto carry everything. This is a breaking change, but will only affect writers of stages derived fromAbstractDOMTraversalStage:- Context objects must implement the
DOMTraversalContextinterface. This no longer includes thegetStashmethod (returning aClassToInstanceMultiMapbut does add a newend()method to be called at the end of the traversal. - A basic implementation of
SimpleDOMTraversalContextis provided without any data fields. This can be used in many cases where custom storage is not required in the context; for an example, seeAbstractElementVisitingStage. - More complex cases can extend
SimpleDOMTraversalContextto include additional fields and method. For a very straightforward example, seeCRDetectionStage. A more complex example, including use of theend()method fromDOMTraversalContext, can be found inElementsStrippingStage.
- Context objects must implement the
- MDA-192: The
ancestorEntitymethod has been removed fromAbstractDOMTraversalStage; a protectederrorPrefixmethod has replaced it in order to allow sub-classes to replicate this or similar behaviour. A newAbstractSAMLTraversalStageclass has been added to incorporate the specific old behaviour. - MDA-198: In previous releases, the three X.509 validation component (
X509RSAExponentValidator,X509RSAKeyLengthValidatorandX509RSAOpenSSLBlacklistValidator) all set a default ID related to their names (e.g.,RSAKeyLength). This default ID setting behaviour has been removed. This may have two effects on configurations which do not explicitly set the component ID:- If a configuration did not set the component ID, initializing the component will now fail with a
ComponentInitializationException. - Configurations that implicitly set the component ID to a defaulted Spring component ID using
IdentifiableBeanPostProcessormay give different results, as the Spring component ID may now appear in status objects replacing the previous default.
- If a configuration did not set the component ID, initializing the component will now fail with a
- MDA-206: The
PipelineDemultiplexerStage'swaitingForPipelinesproperty previously defaulted tofalse, which could result in unexpected behaviour if the stage was invoked a second time without arranging to synchronise execution with the called pipelines. As a result, most deployments setwaitingForPipelinestotrueso that the called pipelines will all complete before control is passed on from thePipelineDemultiplexerStage; this behaviour is now the default. - JSE-28: This release bundles a new version of the Shibboleth
spring-extensionsproject, which removes support for SVN-based resources. - MDA-191: The stages
PullUpCacheDurationStage,PullUpValidUntilStage,SetCacheDurationStage,SetValidUntilStageandValidateValidUntilStagenow use theInstantandDurationclasses (introduced in Java 8) in their APIs rather than usinglongvalues representing milliseconds as in previous releases.- This aligns the metadata aggregator with other Shibboleth projects based on the Java 11 platform. If you use the Java language to configure these stages, you will need to re-code appropriately; in most cases, this can be done quickly using
Instant.fromEpochMilli()andDuration.ofMillis(), but we recommend adopting the modernjava.timeclasses throughout. - The
DurationToLongConverteris no longer included as part of thejava-supportdependency. If you were using it as part of an XML configuration to specify durations in ISO 8601 format (e.g., "PT15M") then you should replace references toDurationToLongConverterwith references to the newStringToDurationConverter.
- This aligns the metadata aggregator with other Shibboleth projects based on the Java 11 platform. If you use the Java language to configure these stages, you will need to re-code appropriately; in most cases, this can be done quickly using
- MDA-222: The contract for bean properties representing collections has changed:
- Property setters for collection properties are now annotated as
@Nonnull@NonnullElements@Unmodifiable.- Previously, some setters allowed a null value to act in place of an empty collection. This usage will now result in most cases in a
NullPointerException. - Previously, some setters filtered null values out of provided collections. Again, this usage will now result in most cases in a
NullPointerException. - Setters now guarantee not to modify the passed collection. This was previously true in practice in most cases, but is now guaranteed.
- Previously, some setters allowed a null value to act in place of an empty collection. This usage will now result in most cases in a
- Most property getters for collection properties are also now annotated as
@Nonnull@NonnullElements@Unmodifiable.- In exceptional cases, getters may be annotated as
@NonnullAfterInitinstead of@Nonnull. This is only done when an "empty collection" default is inappropriate for the property and would normally be accompanied by@NotEmptyon both the setter and the getter.
- In exceptional cases, getters may be annotated as
- Property setters for collection properties are now annotated as
- MDA-223: A number of constant fields have been removed from the
XMLSignatureSigningStageandXMLDSIGSupportclasses and therefore the API, as they are now part of the base Java API. For example,XMLSignatureSigningStage.ALGO_ID_SIGNATURE_RSA_SHA256is replaced by Java'sSignatureMethod.RSA_SHA256.
Improvements
- MDA-183: the
compromised-1024.txtandcompromised-2048.txtresources have been extended with keys shipped with some releases of the Jetty container.
...
