Releases: kumuluz/kumuluzee-jwt-auth
v1.1.3
v1.1.2
We are announcing the release of KumuluzEE JWT Auth 1.1.2.
This release includes a new configuration setting which allows for some leeway on timestamp based claims. The leeway can be configured by setting the configuration value kumuluzee.jwt-auth.maximum-leeway. The default value is 5 (seconds).
Dependency versions have also been updated in this version.
Enhancements:
- Added support for leeway for timestamp based claims.
- Updated dependency versions.
v1.1.1
We are announcing the release of KumuluzEE JWT Auth 1.1.1. This release brings simplified configuration, as manual import of the JWT filter and dynamic feature is no longer required and is done automatically. KumuluzEE JWT Auth now implements the MicroProfile JWT Authentication 1.1. It also fully supports Java 9+.
This release is based on the KumuluzEE core release 3.1.0, which brings configurable dependency scanning. This means that the JWT Auth dependency is now automatically scanned and thus JWTAuthorizationFilter and JWTRolesAllowedDynamicFeature are automatically added, removing the need to import them manually. This feature will only work when using KumuluzEE core version 3.1.0 or above.
KumuluzEE JWT Auth now supports public keys supplied in JWK or JWKS formats, both Base64 URL encoded and in plain text.
Another added feature is the ability to disable extension simply with a configuration property. To do so, set the kumuluzee.jwt-auth.enabled property to false. For example in config.yml:
kumuluzee:
jwt-auth:
enabled: falseFull support for Java 9+ has also been added in this release.
Features:
- Implementation of MicroProfile JWT Authentication 1.1.1 specification.
- Scanning of the JWT Auth dependency.
- Disabling the extension through configuration.
Enhancements:
- Support of JWK and JWKS public key formats.
- Java 9+ support.
Bugs:
- Fixed null check.
