1.0.6

• Add support for CAS client >= 3.6 (#147)

1.0.5

• Fix java 11 build error due to incompatibility between lombok and javadoc (#146)

1.0.4

• Replace @PostConstruct to avoid mess with JDK8 / JDK11

1.0.3

• Add new interface ProxyCallbackUrlAwareTicketValidator if you'd like to create your own TicketValidator but do not
  want to extends Cas20ServiceTicketValidator (or others) because they added final everywhere and so is impossible
  to extends...

1.0.2

• Update dependencies for security fixes

1.0.1

• Happy new year 🎉
• Move some method to become public in order to facilate customization (02e1e80)

1.0.0

• First release that supporting Spring boot 2 (#32)
• Remove deprecated module cas-security-dynamic-service-resolver (#35)
• Open some api to facilitate extensibility (#122, #109)

Breaking changes

• Related to #35 Remove cas-security-dynamic-service-resolver module, you must use spring-security-cas-extension instead.
• Related to #33
  Rename package com.kakawait.spring.boot.security.cas to com.kakawait.spring.boot.security.cas.autoconfigure, you must rewrite your import statements to append .autoconfigure..
• Property security.cas.authorize-mode has been renamed security.cas.authorization.mode
• CasHttpSecurityConfigurer.cas().configure(http) will no secure paths, only configure CAS authentication
• Autoconfiguration java class package was moved from com.kakawait.spring.boot.security.cas to com.kakawait.spring.boot.security.cas.autoconfigure

Spring boot 2 support breaking changes

By supporting Spring Boot 2, you should understand that some security features has been removed on Spring Boot 2 regarding Spring Boot 1 (see official documentations Spring boot 2 migration guide - security and Spring boot 2 security migration).

No more basic auth by default on Spring boot 2

Some behaviors will not be able on Spring Boot 2 for example excepting getting Basic Auth support in addition to Cas Auth if you put security.basic.enabled=true (which is default). You must re-add Basic Auth by yourself like on cas-security-spring-boot-sample.

No more default ROLE_USER and ROLE based authentication by default

In addition, no more default role ROLE_USER will be added to any authenticated user.

Thus default security.cas.authorization.mode (formerly security.cas.authorization.mode) value is now authenticated instead of role.

However if you want to re-add default ROLE_ on every authenticated user you could use:

security:
  cas:
    user:
      default-roles: USER

Where security.cas.user.default-roles accepts list of roles.

And if you comes back to ROLE based authentication instead of just authenticated, you should:

security:
  cas:
    user:
      default-roles: USER
    authorization:
      mode: role
      roles: USER

Where security.cas.authorization.roles (which only useful when using security.cas.authorization.mode=ROLE) is list of roles that use must have to be accepted.

0.8.1

Bug fixes

• Fix IllegalArgumentException when using security.cas.paths

0.8.0

Release 0.8.0

0.7.1

Bug fixes

• Fix pom.xml deployment phase