Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MTM-58822 Prepares for Spring Security 6.0 in MS-SDK #2617

Merged
merged 1 commit into from
Nov 8, 2024
+21 −0
Merged

MTM-58822 Prepares for Spring Security 6.0 in MS-SDK #2617

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions ...ication-enablement/cumulocity-1020-140-0-microservices-sdk-pre-spring-boot-3.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
date: 2024-10-31
title: Prepare to update Microservice SDK to Spring Boot 3
change_type:
- value: change-inv-3bw8e
label: Announcement
product_area: Application enablement & solutions
component:
- value: component-Sv2buFZ5l
label: Microservice SDK
build_artifact:
- value: tc-QHwMfWtBk7
label: cumulocity
version: 10.20.140.0
ticket: MTM-58822
---
This is a follow-up on a recent [announcement](https://cumulocity.com/docs/change-logs/?change-type=.change-type-announcement%2C.change-type-api-change#cumulocity-undefined-microservices-sdk-spring-boot3-announcement) about migrating the Microservice SDK to Spring Boot 3.

As a second step of this process, starting from version **10.20.140.0**, the Microservice SDK is now using Spring Security 5.8. This change enabled a migration preparing for Spring Security 6.0 to be performed in the Microservice SDK following [this migration guide](https://docs.spring.io/spring-security/reference/5.8/migration/index.html). We recommend all users of the Microservice SDK to also follow that guide when updating their applications using the updated version of the SDK.

Note that following the changes in the <code>MethodSecurityExpressionHandler</code> configuration [described here](https://docs.spring.io/spring-security/reference/5.8/migration/servlet/authorization.html#_use_a_custom_bean_instead_of_subclassing_defaultmethodsecurityexpressionhandler), the methods provided by <code>com.cumulocity.microservice.security.service.SecurityExpressionService</code> that were previously configured using a custom <code>SecurityExpressionRoot</code> extension, are now available via an independent bean definition named <code>c8yAuthz</code>. This means that, for example, the expression <code>isCurrentTenantManagement()</code> will no longer resolve and needs to be prefixed by the bean name instead <code>@c8yAuthz.isCurrentTenantManagement()</code>. This allows customers to easily add their own security expression extensions, if needed.