0.1.3

0.1.3 - 2016-09-28

Added

Changed

• Fix a NPE in request validator if query parameter is missing
• Do not validate query parameter if there is none.
• Handle the case that security defintion is empty.

0.1.2

Added

• Jwt token scope verification based on swagger spec in security
• Status module to standardize error response
• Config can be loaded from classpath directly so that test case can inject different combination of configs.

Changed

• Update the jwt.json and secuirty.json to support multiple certificates and kid to pick up the right certificate
  for jwt verification. Also, expired token will throw ExpiredJwtException now.
• Move request uri matching and swagger.json to utility
• Move exceptions to status from utility
• Instead of using Jackson ObjectMapper to serialize Status object, using toString now. 10 times faster

0.1.1

In this release, the following modules are added:

• client - wrapper of apache HttpClient and HttpAsyncClient. support automatically cache and renew client credentials jwt token
• validator - validate request based on the swagger.json for uri parameters, query parameters and body which is based on json-schema-validator
• audit - dump most important info about request and response into audit.log in JSON format. Also, there is a full audit handler to dump everything regarding to request and response.
• info - a handler that injects an endpoint /server/info that can out all plugged in component on the server and configuration of each component.
• mask - used to mask sensitive info before logging to audit.log or server.log
• swagger-codegen - a generator that generates the routing handlers and running API application with swagger spec.

Modules released in previous release:

• server - a framework on top of undertow http core that support plugins to performance different middleware handling.
• security - oauth2 jwt token verification and mock token generation. Also, there is an testing OAuth2 server released here
• utility - utility classes that are shared between modules.