spring-lemon

Updated to Spring Boot 2.7.1 and fixed deprecations

Spring Boot 2.6 update, Fix for #41, Jacoco plugin addition in lemon-demo-jpa

Updated for Spring Boot 2.5
Also, now spring-lemon is available on maven central!

Spring Boot 2.4.1 Update, and a couple of minor improvements. No breaking changes.

• Fixed a couple of things that broke with 2.3.0
• No breaking changes in the API or public methods

1. Added Reactive Social Login. Seems quite stable, but not sure why Spring Security creates a SESSION cookie, so please use it a bit carefully.
2. Now bean validation messages and other i18n messages are segregated into ValidationMessages.properties and messages.properties. Look at the Getting Started guide for more details. This is a BREAKING CHANGE.

No breaking changes

Spring Boot 2.1 update. No major breaking changes, except that now you'll need to add this property to your application.yml:

spring:
  main.allow-bean-definition-overriding: true

Reactive OAuth2 Login isn't still supported. It's planned it in a future release.

No breaking API changes, but some things changed internally. Mainly, now we have two token services, namely BlueTokenService and GreenTokenService with their JWS and JWE implementations respectively. The authorization tokens are now JWS instead of JWEs.

Also, documentation for Spring Lemon Commons module now available.

Made some key enhancements to spring-lemon-exceptions, like

• MultiErrorException is now very powerful. It can be used for doing manual validation, bean validation, and both in the same cycle. If you want to follow a single pattern to take care of all your validation needs, it's the way to go.
• exceptionId in error responses can now be customized by providing your own ExceptionIdMaker bean.
• The key of error handlers map has changed from exception names to exception classes, to make it more robust.

There are many more changes.

BREAKING CHANGES

API Changes

exception is now renamed to exceptionId in error responses. Most of API users may not be using it though, and wouldn't be affected if so.

Your code changes

1. Constructors of your exception handler components would change to use the exception class instead of exception name.
2. There may be some other minor changes, which should be easy to fix.

Refer to out new [Spring Lemon Exceptions Guide] for more details.

Finally, we've started writing official documentation, which many of you have been asking for!

Added support for non-reactive microservices development. No API breaking changes, but a lot of internal changes. For example, splitted some modules into a few more modules. Read the homepage README for more details.

WARNING: Please note that, due to module splitting and some internal improvements, some classes are now altered. For example, AbstractUser now takes only one generic parameter. Also, utility classes are splitted. For example, afterCommit is moved from LemonUtils to LecjUtils. So, you may need to update your code accordingly. Please refer to the new source code of Spring Lemon for more details.

1. Divided spring-lemon-reactive into two module -- to facilitate microservices development
2. Added a new endpoint /fetch-full-token for fetching full tokens. To be called from gateway to convert a token to a self-sufficient one.
3. Merged ValidationMessages.properties into messages.properties.
4. Many other small enhancements

See the getting started guide for how to use the reactive module.

Note: Reactive CORS support at filter level, and OAuth2 Login not implemented - waiting for Spring Security 5.1 release

Segregated the library into several libraries:

1. spring-lemon-exceptions: use this if you only need exception handling part.
2. spring-lemon-commons: use this if you need security but not user domain object or LemonController.
3. spring-lemon-jpa: this is the one to use if you need everything.
4. spring-lemon-reactive: the reactive, MongoDB version. It's a work on progress -- coded, but we need to write test cases and do TDD based bug fixing.

A few API breaking changes:

1. POST /login changed to POST /api/core/login.
2. Reset password's content type changed from x-www-url-encoded to application/json.

Look at the API documentation for details.

The group id and artifact id have changed -- look at the updated Getting Started guide.

Also, many classes were divided among modules. For example, LemonUtils has been divided into LexUtils, LecUtils, LemonUtils and LerUtils.

No breaking API changes.

This is a massive change. Apart from updating for Spring Boot 2.0, we've gone completely stateless. Please refer to the Documentation and Resources for more details.

Please note that it's not compatible with earlier versions.

Some important changes - e.g. social signup/in, API key authentication etc. Beware - the API isn't compatible with 0.11

Uses Spring Boot 1.5 features. Tested with 1.5.1. Please note that, due to some bug it doesn't work with Spring Boot 1.5.2.

API changes:

1. POST .../signup changed to POST .../users
2. GET .../users/{id}/fetch-by-id changed to GET .../users/{id}
3. POST .../users/{id}/update changed to PUT .../users/{id}
4. CSRF token is now sent as only a cookie (with httpReadonly false)

Uses Spring Boot 1.4 features. The minimum requirement to use it is Spring Boot 1.4

For avoiding BeanCurrentlyInCreationException error, made the injection of the LemonService to AuthenticationSuccessHandler as @Lazy ( See http://stackoverflow.com/questions/36990328 )