Support for spring security 6 and spring boot 3.

See https://github.com/Waffle/waffle/blob/master/CHANGELOG.md for details.

See https://github.com/Waffle/waffle/blob/master/CHANGELOG.md for details.

See https://github.com/Waffle/waffle/blob/master/CHANGELOG.md for details.

This release is just library patches over 3.1.0 to ensure log4j2 / logback vulnerabilities do not show in the tree at all.

• Introduction of waffle-tomcat10 module
• Introduction of waffle-jna-jakarta module for usage with jakarta package rename direct usage
• #956: Fix DelegatingNegotiateSecurityFilter @cmolodo - Fixes #453

2.2.1 (1/26/2020)

• Fixed checkstyle configuration that failed 2.2.0 release.

2.2.0 (not released)

• Security Check in tomcat valves performs a redirect to servletPath when successful. This is not required to finish the chain and causes an underlying error when servletPath returns empty string. This redirect has been removed.
• Negotiate Check in tomcat valves performs half the necessary negotiation which is resulting in popup to log into windows. By catching the negotiation result and forcing a redirect to error page as intended (similar to security check), the browser and tomcat are able to successfully negotiate the communication without unnecessary popup to the user. Note that first request will still require popup to get data primed but all subsequent after logging out and back in save the hit.
• Added logback to demos. It was defined and confirmed but not setup.
• Cleanup documentation
• Dependency updates
• Add build environment entries to jar, source, and war modules
• Add JPMS automatic module naming throughout
• Moved onto Spring boot 2.2.x (no compatibility changes over 2.1.x)
• Moved onto Spring 5.2.x (no compatibility changes over 5.1.x)
• Fix sonar issues including prevention of XML entity attacks and other security related items
• Fix spring boot modules as JNA alignment was broken

Waffle 2.1.0 Release

• Remove obsolete tomcat8 from project - use tomcat 85 as a direct replacement
• Correctly align spring boot 2 starter to spring security 5 module
• Many library updates
• Restored site distribution to github io pages

2.0.0 (6/27/2019)

• Dependency Updates
• Stabalized Release

2.0.0-beta2 (2/6/2019)

• Add spring boot demos to distro
• Add spring boot and spring security 5 modules to distro
• Dependency Updates

2.0.0-beta1 (12/31/2018)

• JNA 5.2.0 support (breaking internal changes resulting in beta release for waffle)
• Dependency Updates
• Pom rework / cleanup
• Changes
  • [#649] (https://github.com/Waffle/waffle/pull/649): Bring dependencies up-to-date including JNA 5.x breaking changes @hazendaz.

1.9.1 (7/1/2018)

• Documentation Updates
• Added some tests for NegotiateSecurityFilter
• Added test for new class waffle.util.CorsPreflightCheck
• Add ability to disable SSO through servlet config parameter.
• Added check for DELETE action in isNtlmType1PostAuthorizationHeader as IE will strip the body on challenge.
• Resume filter chain when not in a windows environment
• Changes
  • #631: Added excludeBearerAuthorization and excludeCorsPreflight #627@pedroneil.
  • #636: DisableSso flag, Delete option, skip when running on non windows [@MoreHeapSpace}(https://github.com/MoreHeapSpace)

• Documentation Updates

• Version Updates

• Sonar / Coverity Cleanup

• Spring boot support

• Spring / Spring Security 5 support

• Breaking changes

  • Requires Java 8+
  • Dropped Tomcat 6 and Spring 3 modules
  • Moved servlet on Examples to servlet 4.0
  • Replaced guava with caffeine for caching
  • All remainder guava usage uses standard java routines

• Changes

  • #479: Upgrade to Java 8 - using caffeine #304@ben-manes.
  • #482: Remove Spring Security 3 #478@hazendaz.
  • #483: Remove Tomcat 6 #323@hazendaz.
  • #486: Upgrade to Servlet 3.0 in demos #471@hazendaz.
  • #487: Updated guava joiner to string.join #304@hazendaz.
  • #488: Use java.util.Base64 with java 8 #304@hazendaz.
  • #491: Rewrite guava Files.write to java 7 FilesWrite #304@hazendaz.
  • #498: Add third party license files@hazendaz.
  • #553: Add spring boot starter and demo@mgoldgeier.
  • #558: Add initial support for spring 5 using spring security 4 still@hazendaz.
  • #559: Add spring milestone repo and upgrade to spring security 5.0.0.M4@hazendaz.
  • #571: Custom instances of GenericPrincipal in WaffleAuthenticatorBase@Snap252.
  • #583: Added continueContextsTimeout property to WaffleAuthenticatorBase for tomcat(s): Ported forwards (1.8.4)@alanlavintman.
  • #609: Use only securityContext.isContinue() to decide if SC_UNAUTHORIZED response is needed to trigger another pass in authentication @tjstuart on behalf @AriSuutariST.

1.8.3 (2/6/2017)

• Documentation updates
• Version Updates
• Sonar / Coverity Cleanup
• Added third party license files to distribution to make it easier for those requiring license certification within our distro.

1.8.2 (12/31/2016)

• Lots of documentation updates from the community (many thanks!)
• Moved to 'Waffle' organization with removal of 'dblock' from groupId and documentation
• #338: Don't allow SPNEGO NegTokenArg to start re-authentication process @AriSuutariST.
• #342: Add tomcat 8.5.x support @hazendaz.
• #357: Fix security token handle leak in Tomcat. Issue #355
• #382: Bug fix in DelegatingNegotiateSecurityFilter when no custom authentication provider was declared [@Unaor]
• #397: WindowsLoginModule missing roles in Principal. @devnullpointer
• #454: Tomcat 9.0.0.M15+ support for Realm class simple name change for logging. @hazendaz

And cumulative changes on .net side sees official release since 1.8.