1.9. Change Log¶
Caution
This version is already obsolete. Please check the latest guideline.
Modified on | Modified locations | Modification details |
---|---|---|
2017-03-17 | - | 5.3.0 RELEASE version published
|
General | Correction of guideline mistakes (typing errors, simple mistakes, etc.)
Description details improved
Modification in Maven command’s startup option for generating a blank project due to the change of Maven archetype (change to Maven Central)(guideline#2444) |
|
Criteria based mapping of guideline | Description details added
|
|
Terms of Use | Description details modified
|
|
Stack of TERASOLUNA Server Framework for Java (5.x) | Version of OSS to be used updated(guideline#2441)
OSS version to be used in accordance with version update of Spring IO Platform is updated |
|
Domain Layer Implementation | Description details modified
|
|
Implementation of Application Layer | Description details added
Modifications related to Spring Framework 4.3
|
|
Input Validation | Description details added
Description details modified
|
|
Exception Handling | Fix according to Spring Framework 4.3 support
|
|
Session Management | Description details added
|
|
Internationalization | Description details added
|
|
File Upload | Description details added
|
|
RESTful Web Service | Modification related to Spring Framework 4.3
Description details added
|
|
REST Client (HTTP Client) | Modification related to Spring Framework 4.3
|
|
Database Access (MyBatis3) | Description details updated,added
Description details added
Description details modified
|
|
Description details added
|
||
Description details added
|
||
Sending E-mail (SMTP) | Description details added
|
|
Authentication | Description details added
Description details modified
|
|
Authorization | Modification related to Spring Framework 4.3
Description details added
|
- * -
- Coordinating with browser security countermeasure function
- Modifications associated with Spring Security 4.1.4 support
- Added description on Content Security Policy (CSP)”(guideline#2400)
- Description added for HTTP Public Key Pinning (HPKP) (guideline#2401)
- OAuth
- New addition
- Added OAuth(guideline#2145)
- Tutorial (Todo Application)
- Correction of description
- Code example of entity when using JPA modified (guideline#2476)
- Maven Repository Management using NEXUS
- Modification to migration into Maven Central
- Delete the description about TERASOLUNA Server Framework for Java (5.x) repository (guideline#2496)
- 2016-08-31
- -
- 5.2.0 RELEASE version published
- For details of update, refer Issue list of 5.2.0.
General
Correction of errors in the guideline (typos or simple description errors)
- For details of modifications, refer Issue list of 5.2.0 (clerical error).
Description details modified
- For details of modification, refer Issue list of 5.2.0 (improvement).
Review of all the chapters
- For details of update, refer Optimize the order of chapters and sections #1683.
Update common library version to 5.2.0.
- For details of update, refer Check Version #2076.
Description details modified
- Added regarding pom dependency of common library (guideline#1982)
Description details added
- Embedding status of common library standards of blank project added (guideline#1700)
- mybatis-typehandlers-jsr310, jackson-datatype-jsr310 added to OSS stack (guideline#1966)
- spring-jms and its dependent libraries added to OSS stack (guideline#1992)
Version of OSS used (Spring IO Platform version) updated)
- Spring IO Platform version updated to 2.0.6.RELEASE
- Spring Framework version updated to 4.2.7.
- Spring Security version updated to 4.0.4.RELEASE
OSS version used in accordance with Spring IO Platform version update is updated
- Domain Layer Implementation
- Description details added
- For MyBatis 3.3 + MyBatis-Spring 1.2, “value specified in timeout attribute of @Transactinal is not used” is added (guideline#1777)
- Implementation of Application Layer
- Description details added
- HttpSession should not be used as an argument for handler method (guideline#1313)
- Precautions for using JSR-310 Date and Time API are described (guideline#1991)
Addition of description contents
- Add input check method to values in collection(guideline#407)
Description details modified
- A method to directly handle a message property file without conversion from Native to Ascii is added (guideline#994)
- Description for cross-field validation added (guideline#1561)
- @DateTimeFormat description added (guideline#1873)
- Description for ValidationMessages.properties modified (guideline#1948)
- Precautions for input check which use Method Validation added (guideline#1998)
Description details added
- Description for OS command injection added (guideline#1957)
- Exception Handling
- Modification associated with Spring Framework 4.2.7
- Description details for HTTP response header output modified (guideline#1965)
Description details added
- Description for specifications and implementation methods of
TransactionTokenType.CHECK
which was newly added in type attribute of@TransactionTokenCheck
annotation (guideline#2071)
“How to manage transaction token life cycle in How To Extend programmatic” deleted.
- When API for application offered by
TransactionTokenContext
is used, it impacts the behaviour of internal framework like inability to maintainTransactionToken
in the appropriate state Current API is deprecated. Description for how to use function in accordance with deprecation, deleted.
- Description for specifications and implementation methods of
- Internationalization
- Description details modified
- Position of request parameter (default parameter name) description modified (guideline#1354)
- File Upload
- Description details added
- CVE-2016-3092Precautions for (File Upload vulnerability) added (guideline#1973)
- Description for directory traversal attack added (guideline#2010)
- Health Check
- Added new
- Health check added (guideline#1698)
- RESTful Web Service
- Description details changed / added
- Description for the configuration while using JSR-310 Date and Time API / Joda Time changed (guideline#1966)
- Precautions while using Jackson in Java SE 7 environment described (guideline#1966)
- Configuration while using JSR-310 Date and Time API in JSON described (guideline#1966)
- REST Client (HTTP Client)
- Description details modified
- HTTP Proxy server configuration for RestClient added (guideline#1856)
- SOAP Web Service (Server/Client)
- Description details added
- Added an option “Do not connect to SOAP server at the time of SOAP client start (guideline#1871)
- Description for env project of SOAP client modified (guideline#1901)
- How to fetch status code at the time of SOAP Web service exception occurrence added (guideline#2007)
- Database Access (MyBatis3)
- Description details added
- “How to avoid tentative WARN log output” deleted (guideline#1292)
- “How to configure for using JSR-310 Date and Time API in Mybatis3.3” described (guideline#1966)
- Precautions while using MyBatis in Java SE 7 environment described (guideline#1966)
- Exclusive Control
- Description details added
- warning message added to ExclusionControl (guideline#1694)
- Logging
- Description details added
- “How to extend in order to output log message with ID” described (guideline#1928)
- String Processing
- Description details added
- An example to add terasoluna-gfw-string to dependency is added (guideline#1699)
- Precautions for surrogate pair added to description of @Size annotation (guideline#1874)
- Description for JIS characters
U+2014
(EM DASH) UCS(Unicode) characters added (guideline#1914)
- Bean Mapping (Dozer)
- Description details added
- Precautions while using JSR-310 Date and Time API described (guideline#1966)
- JMS(Java Message Service)
- Added new
- JMS added (guideline#1407)
- Authentication
- Modifications for Spring Security 4.0.4
- Code example modified to include modification of specifications of authentication-failure-url in Spring Security 4.0.4 and Note deleted (guideline#1963)
- Authorization
- Description details added
- How to handle CVE-2016-5007 Spring Security / MVC Path Matching Inconsistencyadded (guideline#1976)
- Implementation Example of Typical Security Requirements
- Description details added
- “Input value check for security” added
- “Audit log output” added
- Reference Books
- Description details added
- Spring thorough introduction” added as a a reference material (guideline#2043)
- 2016-02-24
- -
- 5.1.0 RELEASE version published
- For details of change contents, refer 5.1.0 Issue List.
General
Correction of errors in the guideline (typo mistakes and simple description errors)
Description details modified
- For details of modification, refer 5.1.0 Issue list (improvement).
- In the Beginning
- Description details added
- Description related to operation verification environment of the details described in the guideline added
OSS version to be used (Spring IO Platform version) updated
- Spring IO Platform version updated in 2.0.1.RELEASE
- Spring Framework version updated in 4.2.4.RELEASE
- Spring Security version updated in 4.0.3.RELEASE
OSS version to be used along with Spring IO Platform version update is updated
- OSS version to be used updated. For update details, refer version 5.1.0 migration guide.
New project added
- Descriptions for
terasoluna-gfw-string
,terasoluna-gfw-codepoints
,terasoluna-gfw-validator
,terasoluna-gfw-web-jsp
projects added.
New function of common library added
terasoluna-gfw-string
- Half width to full width conversion
terasoluna-gfw-codepoints
- Codepoint check
- Bean Validation constraint annotation for code point check
terasoluna-gfw-validator
- Bean Validation constraint annotation for byte length check
- Bean Validation constraint annotation for field value comparison correlation check
Description details modified
- Modification of sample source corresponding to Spring Security 4 (guideline#1519)
AuthenticationPrincipalArgumentResolver
package changed
Modifications corresponding to Spring Security 4
- Modification of source corresponding to Spring Security 4 (guideline#1519)
AuthenticationPrincipalArgumentResolver
package changed- Since the specification is true by default,
<use-expressions="true">
deleted from sample source
- Create Web application development project
- Modification of description details
- A method wherein mvn command is used in the offline environment is added (guideline#1197)
- Implementation of Application Layer
- Description details modified
- A method to create a request URL using EL function is added (guideline#632)
- Database Access (Common)
- Description details added
- Precautions for
Log4jdbcProxyDataSource
overhead added (guideline#1471)
- Precautions for
- Database Access (MyBatis3)
- Description details corresponding to MyBatis 3.3 added
- Setup method of
defaultFetchSize
added (guideline#965) - “Changed the default at the time of delayed reading to
JAVASSIST
” added (guideline#1384) - Sample code which assigns Genrics to
ResultHandler
modified (guideline#1384) - Source example which use newly added
@Flush
annotation, and precautions added (guideline#915)
- Setup method of
Bug correction for the guideline
- Utility which use Like condition modified appropriately (guideline#1464)
- Incorrect implementation of true value in JPQL corrected (guideline#1525)
- Incorrect implementation of pagination corrected (guideline#1463)
- Incorrect implementation of sample code corrected which implements
DateTimeProvider
(guideline#1327) - Incorrect implementation in Factory class for generating an instance of implementation class for common Repository interface corrected (guideline#1327)
Description details modified
- Default value of
hibernate.hbm2ddl.auto
corrected (guideline#1282)
- Input Validation
- Description details modified
- Description for MethodValidation added (guideline#708)
Description details modified
- Description where
ServiceLoader
mechanism is used in Logback setting, is added (guideline#1275) - Sample source corresponding to Spring Security 4 modified (guideline#1519)
- Since the specification is true by default,
<use-expressions="true">
deleted from the sample source
- Description where
- Session Management
- Description details modified
- Description of session scope reference which use SpEL expression is added (guideline#1306)
- Internationalization
- Description details modified
- Description for appropriately reflecting locale in JSP is added (guideline#1439)
- Description of
defaultLocale
ofSessionLocalResolver
corrected (guideline#686)
- File Upload
- Description details added
- Description for directory traversal attack added (guideline#2010)
- Codelist
- Description details added
- Description which recommends a pattern wherein
JdbcTemplate
is specified in JdbcCodeList, is added (guideline#501)
- Description which recommends a pattern wherein
- Health Check
- New
- Health check added (guideline#1698)
- RESTful Web Service
- Description details modified
- Creation of ObjectMapper which use
Jackson2ObjectMapperFactoryBean
added (guideline#1022) - Modified to a format where MyBatis3 is used as a prerequisite in the implementation of domain layer of REST API application (guideline#1323)
- Creation of ObjectMapper which use
- REST Client (HTTP Client)
- Added new
- REST client (HTTP client) added (guideline#1307)
- SOAP Web Service (Server/Client)
- Added new
- SOAP Web Service (Server / Client) added (guideline#1340)
- File Upload
- Description details modified
- Basic flow of uploading process and its description modified to description which use
MultipartFilter
of Spring (guideline#193) - “A method which sends CSRF token by query parameter” deleted due to issues like security issues, variation in the operation according to AP server etc. Precaution - “when allowable size for file upload exceeds, CSRF token check is not carried out appropriately in some AP servers” added (guideline#1602)
- Basic flow of uploading process and its description modified to description which use
Description details corresponding to Spring Framework4.2 added
AbstractXlsxView
which manages xlsx format, is added (guideline#996)
Description details modified
- Source example which use
com.lowagie:itext:4.2.1
modified to a format which usescom.lowagie:itext:2.1.7
for the specification change of the iText
- Sending E-mail (SMTP)
- Added new
- E-mail sending (SMTP) added (guideline#1165)
- Date operations (JSR-310 Date and Time API)
- Added new
- Date and time operation (JSR-310 Date and Time API) added (guideline#1450)
- Date Operations (Joda Time)
- Description details added and modified
- The object of sample code which handles the date that does not use Timezone modified to
LocalDate
(guideline#1283) - A method to handle Japanese calendar in Java8 and earlier versions is added (guideline#1450)
- The object of sample code which handles the date that does not use Timezone modified to
- Logging
- Description details added
- Extension method to output log message with ID is described (guideline#1928)
- String Processing
- Added new
- String processing added (guideline#1451)
- JMS(Java Message Service)
- Added new
- JMS added (guideline#1407)
- Security countermeasures
- Configuration review
Password hashing
moved in Authentication- Session management items are separated as Session Management from Authentication
Modify corresponding to Spring Security 4
- Restructuring overall description
spring-security-test
introduction- Since the specification is true by default,
<use-expressions="true">
deleted from sample source - Description related to
RedirectAuthenticationHandler
deprecation deleted
- Spring Security Tutorial
- Modified corresponding to Spring Security 4
- Modified tutorial source to a format corresponding to Spring Security 4 (guideline#1519)
Modified corresponding to Spring Security 4 (guideline#1519)
- Restructuring of overall description
- Deleted
auto-config="true"
- Authentication event listener modified to
@org.springframework.context.event.EventListener
- Modified
AuthenticationPrincipal
package - Since prefix is assigned by default,
ROLE_
prefix deleted from sample source
Modified corresponding to Spring Security 4 (guideline#1519)
- Restructuring of overall description
- Since the prefix is assigned by default,
ROLE_
prefix deleted from sample source - Since the specification is true by default,
<use-expressions="true">
deleted from sample source - Definition example of
@PreAuthorize
added
Modified corresponding to Spring Security 4
- Restructuring of overall description
- CSRF invalidation settings modified
<sec:csrf disabled="true"/>
- Description details modified
- Items related to multi-part request moved to File Upload (guideline#1602)
- Encryption
- Added new
- Encryption guidelines added (guideline#1106)
- Implementation Example of Typical Security Requirements
- Description details added
- “Input check for security” added
- “Audit log output” added
- Typical implementation example of security requirements added (guideline#1604)
- Session tutorial
- Added new
- Session tutorial added (guideline#1599)
Modified corresponding to Spring Security 4
- Modified source corresponding to Spring Security 4 (guideline#1519)
- CSRF invalidation settings modified
<sec:csrf disabled="true"/>
- Since the specification is true by default,
<use-expressions="true">
deleted from sample source
- 2015-08-05
- -
- Released “5.0.1 RELEASE” version
- For update details, refer to Issue list of 5.0.1
Overall modifications
Fixed guideline errors (corrected typos, mistakes in description, etc.)
- For modification details, refer to Issue list of 5.0.1 (clerical error)
Improved the description
- For improvement details, Issue list of 5.0.1 (improvement)
Fixed the description about application server
- Removed the description for the Resin
- Updated the link of reference page
- In the Beginning
- Added the description
- Added description about tested environments for contents described in this guideline
Updated the OSS version(Spring IO Platform version) to protect security vulnerability
- Spring IO Platform version updated to 1.1.3.RELEASE
- Spring Framework version updated to 4.1.7.RELEASE (CVE-2015-3192)
- JSTL version updated to 1.2.5 (CVE-2015-0254)
Updated the OSS version by the Spring IO Platform version update
- Updated the OSS version to be used. For update details, refer to Migration guide of version 5.0.1
Improved the description (guideline#1148)
- Added the description of
terasoluna-gfw-recommended-dependencies
,terasoluna-gfw-recommended-web-dependencies
andterasoluna-gfw-parent
- Modified the description for some project
- Added the illustration to indicate project dependencies
- Create Web application development project
- Added the description
- Added how to build a war file (guideline#1146)
- Database Access (Common)
- Added the description
- Added the description of
DataSource
switching functionality (guideline#1071)
- Added the description of
- Database Access (MyBatis3)
- Fixed the guideline bug
- Modified the description about timing of batch execution (guideline#903)
- Logging
- Improved the description
- Added the description about
additivity
attribute of<logger>
tag (guideline#977)
- Added the description about
- Session Management
- Improved the description
- Modified the description about how to define a session scope bean (guideline#1082)
- Double Submit Protection
- Added the description
- Added the description about the transaction token check in case that response cache is disabled (guideline#1260)
- Codelist
- Added the description
- Added how to display a code name (guideline#1109)
Added the warning about CVE-2015-3192(XML security vulnerability)
- Added the warning at the time of the StAX(Streaming API for XML) use (guideline#1211)
Modified in accordance with bug fixes of common library
- Modified the description about
f:query
specification , in accordance with bug fixes of common library (terasoluna-gfw#297) (guideline#1244)
- Modified the description about
- Authentication
- Improved the description
- Added the notes about handling with some properties of parent class of
ExceptionMappingAuthenticationFailureHandler
(guideline#812) - Modified the setting example for the
requiresAuthenticationRequestMatcher
property ofAbstractAuthenticationProcessingFilter
(guideline#1110)
- Added the notes about handling with some properties of parent class of
- Authorization
- Fixed the guideline bug
- Modified the setting example for the
access
attribute of<sec:authorize>
tag (JSP tag library) (guideline#1003)
- Modified the setting example for the
- Elimination of environmental dependency
- Added the description
- Added how to apply the external classpath(alternative functionality of
VirtualWebappLoader
of Tomcat7) at the time of Tomcat8 use (guideline#1081)
- Added how to apply the external classpath(alternative functionality of
- 2015-06-12
- Overall modifications
- Released English version of “5.0.0 RELEASE”
- 2015-03-06
- RESTful Web Service
- Guideline bug modification
- Modification of sample code for exception handling (the code that contains the issue of generating
NullPointerException
). For improvement details, refer to guideline#918.
- Modification of sample code for exception handling (the code that contains the issue of generating
- Tutorial (Todo Application REST)
- Guideline bug modification
- Fixed a problem that generates `` NullPointerException`` in the processing of exception handling. For improvement details, refer to guideline#918.
- 2015-02-23
- -
- Released “5.0.0 RELEASE” version
- For update details, refer to Issue list of 5.0.0 and Backport issue list of 1.0.2.
Overall modifications
Fixed guideline errors (corrected typos, mistakes in description, etc.)
- For modification details, refer to Backport issue list of 1.0.2 (clerical error).
Improved the description
- For improvement details, refer to Issue list of 5.0.0 (improvement) and Backport issue list of 1.0.2 (improvement).
Added new
- Create Web application development project
- Database Access (MyBatis3)
- JSP Tag Libraries and EL Functions offered by common library
- Reducing Boilerplate Code (Lombok)
Updated in accordance with version 5.0.0
- Deleted MyBatis2
Spring IO Platform compatible
- Added a point that except for some libraries, the management of recommended libraries is changed to a structure delegating it to Spring IO Platform.
Updated the OSS version
- Updated the OSS version to be used. For update details, refer to Migration guide of version 5.0.0.
- First application based on Spring MVC
- Updated in accordance with version 5.0.0
- Used Spring Framework 4.1
- Reviewed structure of document.
- Application Layering
- Fixed bugs in English translation.
- Fixed translation bugs related to domain layer and other layers. For modification details, refer to guideline#364 issue.
- Tutorial (Todo Application)
- Updated in accordance with version 5.0.0
- Use of Spring Framework 4.1.
- MyBatis3 support as infrastructure layer.
- Revised document structure.
- Create Web application development project
- Added new
- Added a method to create a project having multi project structure
Modified in accordance with Spring Framework 4.1
- Added description about handling
@Transactional
of JTA 1.2. For modification details, refer to guideline#562 issue. - Modified description about handling
@Transactional(readOnly = true)
when using JPA (Hibernate implementation). With SPR-8959 (Spring Framework 4.1 and later versions) support, it has been improved so that instruction can be given so as to handle as “Read-only transactions” for JDBC driver.
Added description
- Added notes regarding the cases where “Read-only transactions” are not enabled. For added contents, refer to guideline#861 issue.
- Added description about handling
- Implementation of Infrastructure Layer
- Modified in accordance with MyBatis3
- Added a method to use MyBatis3 mechanism as implementation of RepositoryImpl.
- Implementation of Application Layer
- Modified in accordance with Spring Framework 4.1
- Added description about the attribute (attribute to filter the Controllers to be used) added in
@ControllerAdvice
. For modification details, refer to guideline#549 issue. - Added description about
<mvc:view-resolvers>
. For modification details, refer to guideline#609 issue.
- Added description about the attribute (attribute to filter the Controllers to be used) added in
Modified in accordance with bug fixes of common library
- Added description about handling double byte wild card characters (
%
,_
), in accordance with bug fixes of common library (terasoluna-gfw#78). For modification details, refer to guideline#712 issue.
Modified in accordance with Spring Framework 4.1
- Removed the description about the problem where pessimistic locking error of JPA (Hibernate implementation) is not converted into
PessimisticLockingFailureException
of Spring Framework. This problem is resolved in SPR-10815 (Spring Framework 4.0 and later versions).
Modified in accordance with Apache Commons DBCP 2.0
- Changed the sample code and its description to use component for Apache Commons DBCP 2.0.
- Added description about handling double byte wild card characters (
- Database Access (MyBatis3)
- Added new
- Added method to implement an infrastructure layer using MyBatis3 as O/R Mapper.
Fixed guideline bugs
- Modified the sample code of optimistic locking of long transactions (processing when records cannot be fetched). For modification details, refer to guideline#450 issue.
Modified in accordance with Spring Framework 4.1
- Removed the description about the problem where pessimistic locking error of JPA (Hibernate implementation) is not converted into
PessimisticLockingFailureException
of Spring Framework. This problem is resolved in SPR-10815 (Spring Framework 4.0 and later versions).
Modified in accordance with MyBatis3
- Added methods to implement exclusive control when using MyBatis3.
Fixed guideline bugs
- Modified the description of
@GroupSequence
. For modification details, refer to guideline#296 issue.
Modified in accordance with bug fixes of common library
- Added notes about
ValidationMessages.properties
, in accordance with bug fixes of common library (terasoluna-gfw#256). For modification details, refer to guideline#766 issue.
Added description
- Added a method to link with the mechanism of Group Validation of Bean Validation at the time of correlated item check using Spring Validator. For added contents, refer to guideline#320 issue.
Modified in accordance with Bean Validation 1.1 (Hibernate Validator 5.1)
- Added description about
inclusive
attribute of@DecimalMin
and@DecimalMax
. - Added description about Expression Language.
- Described about deprecated API from Bean Validation 1.1.
- Added description about a bug related to
ValidationMessages.properties
of Hibernate Validator 5.1.x (HV-881) and methods to prevent the same.
- Modified the description of
Added description
- Added a description that simple error page is likely to be displayed in Internet Explorer when an error having size lesser than 513 bytes is sent as response. For added contents, refer to guideline#189 issue.
Modified in accordance with Spring Framework 4.1
- Removed the description about the problem where pessimistic locking error of JPA (Hibernate implementation) is not converted into
PessimisticLockingFailureException
of Spring Framework. This problem is resolved in SPR-10815 (Spring Framework 4.0 and later versions).
- Session Management
- Modified in accordance with Spring Security 3.2
- Removed the description about a problem where CSRF token error occurs (SEC-2422 ) instead of session time out at the time of POST request. A mechanism to detect session time out is included in formal version of Spring Security 3.2, hence the problem is resolved.
- Message Management
- Reflected changes of common library
- Added description about newly added message type (warning) and deprecated messages types (warn), in accordance with the improvement of common library (terasoluna-gfw#24). For modification details, refer to guideline#74 issue.
Reflected changes of common library
- Changed description of page link in active state, in accordance with the improvement of common library (terasoluna-gfw#13). For modification details, refer to guideline#699 issue.
- Changed description of page link in disabled state, in accordance with the improvement of common library (terasoluna-gfw#14). For modification details, refer to guideline#700 issue.
Modified in accordance with Spring Data Common 1.9
- Added notes for the classes where API specifications (
Page
interface, etc.) are changed due to version upgrade.
Modified in accordance with bug fixes of common library
- Added notes about version upgrade and changing message key of
ExistInCodeList
in accordance with bug fixes of common library (terasoluna-gfw#16). For modification details, refer to guideline#638 issue. - Added notes about message definition of
@ExistInCodeList
in accordance with bug fixes of common library (terasoluna-gfw#256). For modification details, refer to guideline#766 issue.
Reflected changes of common library
- Added a method to use
EnumCodeList
class in accordance with addition of common library functions (terasoluna-gfw#25).
- Added notes about version upgrade and changing message key of
Modified in accordance with Spring Security 3.2
- Changed the sample code for CSRF measures (method to create
<meta>
tag for CSRF measures).
Modified in accordance with Jackson 2.4
- Changed the sample code and description to use components for Jackson 2.4.
- Changed the sample code for CSRF measures (method to create
Improvement in description
- Improve the method to build an URL to be set in location header and hypermedia link. For improvement details, refer to guideline#374 issue.
Modified in accordance with Spring Framework 4.1
- Added a description about
@RestController
. For modification details, refer to guideline#560 issue. - Changed the sample code to create
ResponseEntity
using builder style API.
Modified in accordance with Jackson 2.4
- Changed the sample code and description to use components for Jackson 2.4.
Modified in accordance with Spring Data Common 1.9
- Added notes for the classes where API specifications (
Page
interface, etc.) are changed due to version upgrade.
Fixed guideline bugs
- Modified version of Apache Commons FileUpload with resolved CVE-2014-0050 (File Upload vulnerabilities). For modification details, refer to guideline#846 issue.
Added description
- File upload function of Servlet 3 has a problem of garbled characters on a part of application server. Therefore, added a method to use Apache Commons FileUpload as a measure to prevent this event. For added contents, refer to guideline#778 issue.
- System Date
- Reflected changes of common library
- Changed document structure, package name and class name in accordance with the improvement of common library (terasoluna-gfw#224). For modification details, refer to guideline#701 issue.
Modified in accordance with Tiles 3.0
- Changed the example of settings and description to use component for Tiles 3.0.
Modified in accordance with Spring Framework 4.1
- Added description about
<mvc:view-resolvers>
,<mvc:tiles>
,<mvc:definitions>
. For modification details, refer to guideline#609 issue.
Added description
- Added method to use
LocalDateTime
. For added contents, refer to guideline#584 issue.
Modified in accordance with Joda Time 2.5
- Since
DateMidnight
class is deprecated in accordance with version upgrade, changed the method to fetch start time of specific date (0:00:00.000).
- Added method to use
- Spring Security Overview
- Modified in accordance with Spring Security 3.2
- Added “Settings to create secure HTTP header” in appendix.
- Spring Security Tutorial
- Updated in accordance with version 5.0.0
- Made changes so as to use MyBatis3 as infrastructure layer.
- Applied Spring Framework 4.1
- Applied Spring Security 3.2
- Revised document structure.
Fixed guideline bugs
- Modified the erroneous and inadequate description of
<form-login>
,<logout>
,<session-management>
tag. For modification details, refer to guideline#754 issue. - Modified the sample code that indicates extension method of AuthenticationFilter (added settings to validate CSRF measures and session fixation attack measures). For details, refer to guideline#765 issue.
Modified in accordance with Spring Security 3.2
- Added notes about logout method when CSRF measures are validated.
- Added description of
@AuthenticationPrincipal
, as a method to accessUserDetails
(authentication user information class) from Controller. - Added description of
changeSessionId
, as parameters ofsession-fixation-protection
attribute of<sec:session-management>
. - Added methods to detect session time-out and notes for same.
- Changed setting method to validate concurrent session control of identical users (made changes so as to use
<sec:concurrency-control>
). - Added a point that a class of concurrent session control of identical users is deprecated and other class is provided.
- Modified the erroneous and inadequate description of
Modified in accordance with Spring Security 3.2
- Removed description about the component for CSRF measures of Spring Security 3.2.0 (provisional version before formal release) included in common library of version 1.0.x.
- Changed setting method to validate CSRF measures by a proper method of Spring Security 3.2 (method using
<sec:csrf>
). - Added description about JSP tag library (
<sec:csrfInput>
and<sec:csrfMetaTags>
) for CSRF measures. - Added methods to detect session time-out and precautions when CSRF measures are validated.
Modified in accordance with Spring Framework 4.1
- Changed description about the condition where CSRF token is output as hidden, when
<form:form>
is used.
Improved the description
- Changed to the contents that do not depend on specific infrastructure layer (O/R Mapper), by adding REST API in the project created in Tutorial (Todo Application). For modification details, refer to guideline#325 issue.
Updated in accordance with version 5.0.0
- Applied Spring Framework 4.1.
- Applied Spring Security 3.2.
- Applied Jackson 2.4.
- Create a new project from a blank project
- Improved the description
- Supported method to create a project having multi project structure.
- Updated the method to create a project having single project structure.
- JSP Tag Libraries and EL Functions offered by common library
- Added new
- Added description about EL functions and JSP tag libraries provided by common libraries.
- Reducing Boilerplate Code (Lombok)
- Added new
- Added description about how to remove a boilerplate code where Lombok is used.
- English version
- Added English version of the following.
- Create Web application development project
- Database Access (Common)
- Database Access (JPA)
- Database Access (MyBatis3)
- Exclusive Control
- Logging
- Properties Management
- Pagination
- Double Submit Protection
- Internationalization
- Codelist
- Ajax
- RESTful Web Service
- File Upload
- File Download
- Screen Layout using Tiles
- System Date
- Bean Mapping (Dozer)
- Spring Security Overview
- Authentication
- Authorization
- CSRF Countermeasures
- Create a new project from a blank project
- Maven Repository Management using NEXUS
- Elimination of environmental dependency
- Project Structure Standard
- Reducing Boilerplate Code (Lombok)
- Spring Framework Comprehension Check
2014-08-27
-
Released “1.0.1 RELEASE” version
Refer to Issue list of 1.0.1 for details.
Overall modifications
Fixed guideline bugs (corrected typos, mistakes in description etc.)
Refer to Issue list of 1.0.1 (bug & clerical error) for details.
- Japanese version
- Added Japanese version of the following.
- English version
- Added English version of the following.
- Stack of TERASOLUNA Server Framework for Java (5.x)
- Updated the OSS version in accordance with bug fixes.
- GroupId (
org.springframework
) updated to 3.2.10.RELEASE from 3.2.4.RELEASE - GroupId (
org.springframework.data
)/ArtifactId(spring-data-commons
) updated to 1.6.4.RELEASE from 1.6.1.RELEASE - GroupId (
org.springframework.data
)/ArtifactId(spring-data-jpa
) updated to 1.4.3.RELEASE from 1.4.1.RELEASE - GroupId (
org.aspectj
) updated to 1.7.4 from 1.7.3 - Deleted GroupId (
javax.transaction
)/ArtifactId(jta
)
- GroupId (
- Implementation of Application Layer
- Added a warning about CVE-2014-1904 (XSS Vulnerability of
action
attribute in<form:form>
tag)
Japanese version
Added description about bug fix
- Fixed bugs of
<t:messagesPanel>
tag of common library (terasoluna-gfw#10)
- Fixed bugs of
Japanese version
Updated description about bug fix
- Fixed bugs of
<t:pagination>
tag of common library (terasoluna-gfw#12 ) - Fixed bugs of Spring Data Commons (terasoluna-gfw#22 )
- Fixed bugs of
Japanese version
Updated description of countermeasures against XXE Injection
Japanese version
Added a warning about CVE-2014-0050 (File Upload Vulnerability)
Fixed guideline bugs.
- Added how to handle
MultipartException
using error-page functionality of servlet container, because your application can’t handleMultipartException
usingSystemExceptionResolver
when usedMultipartFilter
. Refer to Issue of guideline#59 for details.
- Added how to handle
- Japanese version
- Change how to create following projects to be carried out from
mvn archetype:generate
- Japanese version
- Minor modifications in how to create following Maven archetype
- Spring Security Tutorial
- Create a new project from a blank project
- 2013-12-17
- Japanese version
- Released “1.0.0 Public Review” version