Broadleaf Microservices
  • v1.0.0-latest-prod

Release Notes for 1.8.10-GA

Important
 Release Train 1.8.2-GA includes changes from 1.8.5-1.8.10. These have been consolidated here for convenience. In the future, services like Auth will see release candidates (RCs) created instead of GAs so that they align with Release Train RCs and GAs.

Requirements

  • JDK 11 is required for Broadleaf release trains 1.7.0-GA, and beyond.

  • JDK 17 is supported for Broadleaf release trains 1.8.1-GA, and beyond.

New Features & Notable Changes

General Updates

  • Added configuration property to Auth Client initialization process to allow setting a default reset password base uri value.

    • Set using broadleaf.auth.server-creation-defaults.{default|tenantid|applicationId}.reset-password-base-uri

  • Deprecated misspelled AuthenticationController#oath2AuthenticationProviders map in favor of corrected AuthenticationController#oauth2AuthenticationProviders map.

  • Fixed URLs referenced in message files for auth hosted login forms being incorrectly translated into Arabic since they should still use English path segments.

  • Cache Auth Providers by clientId instead of Auth Client type (admin or commerce).

  • Added field to store reset password base uri to Auth Client.

    • This is needed when the commerce app and auth are on different domains.

    • The default method of using the defaultRedirectUri should point to the commerce app, but, if SSO is still in use, then the reset password form is hosted by Auth, which is on a different domain. Thus, it should be possible to specify the reset password form base URL (e.g., https://www.my-auth-server.com) in addition to the default redirect URI, used for redirecting the user after login or registration back to the commerce (or even admin) app.

    • If blank, the default redirect URI will be used.

Bug Fixes

  • Fixed possible validation errors when anonymizing users due to unique email constraint.

    • Before, it wasn’t possible to anonymize multiple users because they all used the same email and username constant.

    • Anonymous emails are now unique.

  • Fixed possible bug where clientIds using tenant-based IDP discrimination picked up providers cached by the same type of AuthorizedClient.

    • Deprecates AuthenticationController#getOath2AuthenticationProviders(ClientProperties, boolean) to no longer cache oauth2AuthenticationProviders by 'ADMIN' or 'COMMERCE' keys only.

    • Adds getOauth2AuthenticationProviders(AuthorizedClient) method to resolve authentication providers by key specific to the requesting AuthorizedClient.

    • Adds getAuthenticationProviderCacheKey(AuthorizedClient) method to derive cache keys from the client’s ID as well as its type ('ADMIN' or 'COMMERCE').

New Permissions and Scopes

New permissions and scopes have been added and should be inserted into the auth database with the following SQL:

INSERT INTO blc_security_scope ("id", "name", "open")VALUES ('-420', 'BACKEND_STORE_CREDIT_ACCOUNT', 'N');
INSERT INTO blc_security_scope ("id", "name", "open")VALUES ('-430', 'BACKEND_CREDIT_ACCOUNT', 'N');
INSERT INTO blc_security_scope ("id", "name", "open")VALUES ('-440', 'CREDIT_ACCOUNT_CREDIT_TRANSACTION', 'N');
INSERT INTO blc_security_scope ("id", "name", "open")VALUES ('-450', 'CREDIT_ACCOUNT_DEBIT_TRANSACTION', 'N');

INSERT INTO blc_permission_scope (id, "permission", is_permission_root, scope_id)
VALUES('-810', 'BACKEND_STORE_CREDIT_ACCOUNT', 'Y', '-420');
INSERT INTO blc_permission_scope (id, "permission", is_permission_root, scope_id)
VALUES('-820', 'BACKEND_CREDIT_ACCOUNT', 'Y', '-430');
INSERT INTO blc_permission_scope (id, "permission", is_permission_root, scope_id)
VALUES('-840', 'CREDIT_ACCOUNT_CREDIT_TRANSACTION', 'Y', '-440');
INSERT INTO blc_permission_scope (id, "permission", is_permission_root, scope_id)
VALUES('-850', 'CREDIT_ACCOUNT_DEBIT_TRANSACTION', 'Y', '-450');

INSERT INTO blc_user_permission ("id", "archived", "last_updated", "name", "is_account_perm")
VALUES('-740', 'N', '1970-01-01 00:00:00.000', 'ALL_BACKEND_STORE_CREDIT_ACCOUNT', 'N');
INSERT INTO blc_user_permission ("id", "archived", "last_updated", "name", "is_account_perm")
VALUES('-750', 'N', '1970-01-01 00:00:00.000', 'READ_BACKEND_STORE_CREDIT_ACCOUNT', 'N');
INSERT INTO blc_user_permission ("id", "archived", "last_updated", "name", "is_account_perm")
VALUES('-760', 'N', '1970-01-01 00:00:00.000', 'CREATE_BACKEND_STORE_CREDIT_ACCOUNT', 'N');
INSERT INTO blc_user_permission ("id", "archived", "last_updated", "name", "is_account_perm")
VALUES('-770', 'N', '1970-01-01 00:00:00.000', 'DELETE_BACKEND_STORE_CREDIT_ACCOUNT', 'N');

INSERT INTO blc_user_permission ("id", "archived", "last_updated", "name", "is_account_perm")
VALUES('-780', 'N', '1970-01-01 00:00:00.000', 'ALL_BACKEND_CREDIT_ACCOUNT', 'N');
INSERT INTO blc_user_permission ("id", "archived", "last_updated", "name", "is_account_perm")
VALUES('-785', 'N', '1970-01-01 00:00:00.000', 'READ_BACKEND_CREDIT_ACCOUNT', 'N');
INSERT INTO blc_user_permission ("id", "archived", "last_updated", "name", "is_account_perm")
VALUES('-790', 'N', '1970-01-01 00:00:00.000', 'CREATE_BACKEND_CREDIT_ACCOUNT', 'N');
INSERT INTO blc_user_permission ("id", "archived", "last_updated", "name", "is_account_perm")
VALUES('-795', 'N', '1970-01-01 00:00:00.000', 'DELETE_BACKEND_CREDIT_ACCOUNT', 'N');

INSERT INTO blc_user_permission ("id", "archived", "last_updated", "name", "is_account_perm")
VALUES('-840', 'N', '1970-01-01 00:00:00.000', 'ALL_CREDIT_ACCOUNT_CREDIT_TRANSACTION', 'N');
INSERT INTO blc_user_permission ("id", "archived", "last_updated", "name", "is_account_perm")
VALUES('-850', 'N', '1970-01-01 00:00:00.000', 'ALL_CREDIT_ACCOUNT_DEBIT_TRANSACTION', 'N');

-- Admin Roles
--- ALL_BACKEND_STORE_CREDIT_ACCOUNT to FULL_ACCESS role
INSERT INTO blc_role_permission_xref (role_id, permission_id) VALUES ('-2', '-740');
--- ALL_BACKEND_CREDIT_ACCOUNT to FULL_ACCESS role
INSERT INTO blc_role_permission_xref (role_id, permission_id) VALUES ('-2', '-780');
--- ALL_CREDIT_ACCOUNT_CREDIT_TRANSACTION to FULL_ACCESS role
INSERT INTO blc_role_permission_xref (role_id, permission_id) VALUES ('-2', '-840');
--- ALL_CREDIT_ACCOUNT_DEBIT_TRANSACTION to FULL_ACCESS role
INSERT INTO blc_role_permission_xref (role_id, permission_id) VALUES ('-2', '-850');

-- Store Credit Client
INSERT INTO blc_client_scopes (id, "scope") VALUES('storecreditclient', 'BACKEND_CREDIT_ACCOUNT');
INSERT INTO blc_client_permissions (id, permission) VALUES ('storecreditclient', 'READ_BACKEND_CREDIT_ACCOUNT');

-- Cart Operation Client
INSERT INTO blc_client_scopes (id, "scope") VALUES('cartopsclient', 'BACKEND_CREDIT_ACCOUNT');
INSERT INTO blc_client_permissions (id, permission) VALUES ('cartopsclient', 'READ_BACKEND_CREDIT_ACCOUNT');

If you’re consuming the openapi client for use with OpenAPI, the following permission updates are necessary:

INSERT INTO blc_client_scopes (id, "scope") VALUES('openapi', 'CUSTOMER_STORE_CREDIT_ACCOUNT');
INSERT INTO blc_client_permissions (id, "permission") VALUES('openapi', 'ALL_CUSTOMER_STORE_CREDIT_ACCOUNT');
INSERT INTO blc_client_scopes (id, "scope") VALUES('openapi', 'BACKEND_STORE_CREDIT_ACCOUNT');
INSERT INTO blc_client_permissions (id, "permission") VALUES('openapi', 'ALL_BACKEND_STORE_CREDIT_ACCOUNT');
INSERT INTO blc_client_scopes (id, "scope") VALUES('openapi', 'BACKEND_CREDIT_ACCOUNT');
INSERT INTO blc_client_permissions (id, permission) VALUES ('openapi', 'READ_BACKEND_CREDIT_ACCOUNT');
INSERT INTO blc_client_scopes (id, "scope") VALUES('openapi', 'CREDIT_ACCOUNT_CREDIT_TRANSACTION');
INSERT INTO blc_client_permissions (id, permission) VALUES ('openapi', 'ALL_CREDIT_ACCOUNT_CREDIT_TRANSACTION');
INSERT INTO blc_client_scopes (id, "scope") VALUES('openapi', 'CREDIT_ACCOUNT_DEBIT_TRANSACTION');
INSERT INTO blc_client_permissions (id, permission) VALUES ('openapi', 'ALL_CREDIT_ACCOUNT_DEBIT_TRANSACTION');