Skyve 8.2.2 Released
Skyve 8.2.2 introduces a new access control mechanism that improves the security of all Skyve applications. It adds a new Oauth2 login provider (Microsoft Azure Active Directory). It also adds support for multi-tenant offsite backups and new Bizlet lifecycle methods.
Access Control
Before a user can access application resources, Skyve checks that the user has been granted permission via the role-based privelege mechanism. If a user does not have access to a resource via a menu or navigation from a view, they will be prevented access.
A new accesses
element has been added to the role
metadata per module which allows developers to grant resource access to a role when Skyve cannot determine this automatically.
New Bizlet Lifecycle methods
Two new Bizlet lifecycle methods, postRender
and postDelete
have been added. These allow developers further opportunities to hook into the rendering pipeline to implement business logic after server-side rendering has been completed, and after deletion of records agianst the persistent datastore.
Multi-tenant Offite Backups
Skyve 6.0 first introduced the ability to perform backups against a cloud provider, but this only worked in single-tenant applications. Skyve 8.2.2 now provides support for multi-tentant applications to Microsoft Azure cloud storage. See the Developer Guide for instructions on how to enable this for your application.
Dev mode changes
Dev mode, which previously did not cache metadata to allow developers to observe changes to views without redpeloying, has now been enhanced to perform more real-time evaluation of changes to metadata. This enables developers to observe additional application changes, such as changes to the menu, without redeploying.
This additional evaluation comes with some performance overhead and should not be used during any production deployment. See Notes for Upgrading for instructions on how to disable this.
Remove button
It was previously possible to configure permissions so that a user had the ability to create a child record, but not delete it, which would leave the user stuck if they decided to back out of creation of a new child record. Skyve now provides a Remove
button when creating child records in a grid, allowing users the ability to cancel creation of the record.
Admin
- Turn off sanitisation for
Communication
andCommunicationTemplate
so that data urls are not stripped out of embedded images in HTML emails - Update
Registration
to handle invalid email addresses by warning the user if the email is invalid and asking the user to confirm their email during registration - Update
CommunicationBizlet.anonymouslyCommunicationExists
to use a DocumentQuery instead of SQL
Framework
- Add REST content management remoting
- Remove
false from XML document generation - Add documentation regarding access control for Map Models
- Add
AccessException
as a Subclass ofSecurityException
- Components no longer embed/replace with their targets but reference normalised view fragments by customer and uxui
- Add Two Factor Email Authentication
- Create unique model names for inline chart builder metadata
- Depend on Spring Security 5.7.5
- Add
Bizlet.postRender()
callback - Add
Bizlet.postDelete()
callback - Update Azure backups to cater for multiple tenants
- Add fluent builder classes for module role access metadata
- Switch
DataGrid
action visibility on document privileges - Call
Bizlet.resolve()
when editing a bean in an edit view - Remove derived
Router.unsecuredRoutes
and moveRouterMerger
toRouter.merge()
- Update Domain Generation to throw helpful error message when a Document has both
persistent strategy="mapped"
and a persistent name - Support PostregSQL case insensitive indexed searches
- Add support for Microsoft Azure AD OAuth 2 login
Responsive Renderer
- Display a Remove action button when the user does not have a delete privilege but the record not is not persisted
- Fix text wrapping in view rendering
Desktop Renderer
- Display a Remove action button when the user does not have a delete privilege but the record not is not persisted
Notes for Upgrading
To upgrade your Skyve project to this version, change the Skyve version in your pom.xml to 8.2.2 and perform an assemble.
If you are upgrading from a version older than 8.1.5, please see the previous release notes and also apply those changes.
There are some changes to how devMode
operates since the previos release which will have more of a performance impact in production environments. This should only be used for local development and turned off (set to false
) for all production systems.
"environment": {
...,
"devMode": false,
There is a new property to specify the URL of the Rest Content Server if this is going to be used:
"content": {
...,
"serverUrl": "<restServerAddress>"
The new access control security is enabled by default in new and existing projects when being upgraded to 8.2.2, but this can be disabled by setting the new property to false
.
"environment": {
...,
// Check Skyve URLs and endpoints against the metadata and what can be navigated to
"accessControl": true,
There are new oauth2 properties to specify tenant and client ids if are enabling Azure AD authentication in your Skyve application:
"account": {
...,
// For Microsoft Azure AD authentication - see portal.azure.com
// (redirectUrl URL is <Context URL>/login/oauth2/code/github)
"azureAdAuthClientId": null,
"azureAdAuthTenantId": null,
"azureAdAuthSecret": null
See the complete upgrade instructions on GitHub.