Broadleaf Microservices
  • v1.0.0-latest-prod

Auth Release Notes for 2.0.3-GA

Tip
 The 2.x versions are Spring Boot 3 compatible.
Note
 Includes changes in 1.8.16-GA

Requirements

  • JDK 17 is required for Broadleaf release trains 2.0.0-GA, and beyond.

Notable Changes

  • Adding Serializable to few classes so that they can be cached by non-OOB caching implementations (Redis, Memcached).

  • Adjusted initialization order of CacheEnableFilter to be invoked before the Spring security chain

  • Updates to AuthenticationController

    • Modify oauth2AuthenticationProviders to hold a LRUMap wrapped in a synchronizedMap to more appropriately manage the cache size and increase thread-safety.

    • Improved the logic in getOauth2AuthenticationProviders for concurrency by building a complete list of IDPs per client as part of the cache computation, instead of mutating an existing list. This ensures thread-safety by performing atomic cache interactions only.

Configuration Properties

  • broadleaf.auth.cache.client-identity-provider-cache-size

    • Description: Size of the LRUMap cache to use to store AuthenticationController#oauth2AuthenticationProviders

    • Default value: 100