2022.7 brings a major update to GGCE with a new implementation of the user authentication mechanism. It is now possible to configure GGCE for single sign-on with Azure, Google, Octa, Keycloak and a number of other OpenID login providers. GGCE user accounts can be deactivated, but not fully deleted (to keep referential integrity of the database). Compatibility with the Curator Tool is enhanced so that the CT now detects GGCE as a valid server.

The documentation on how to configure GGCE for single sign-on is available as PDF.

We added several improvements to how the API handles incoming data, making it a bit easier for clients to interact with it. Reading of dates received special attention and we will be able to provide better API responses for date queries based on the custom X-Timezone HTTP request header.

New features:

  • Implemented single sign-on with OpenID and disabling of local accounts
  • Updated GGCE Server Administration user interface
  • New endpoints in the Trait API
  • Deactivation (not deletion) of user accounts
  • Client timezone as X-Timezone HTTP header for API calls
  • Curator Tool detects GGCE as a valid GG server when ”testing" connection settings

Improvements and bug fixes:

  • Barcode is automatically minted for every new Inventory
  • Split inventories have availability status NOT-SET by default
  • Improved font support in generated PDFs
  • JSON deserialization with improved resolution of entities referenced by only their ID
  • Improved date handling
  • Improved handling and display of server errors
  • Software libraries updated to latest versions (Spring, Jetty, etc.)

Database changes:

  • SysUser with provider: sys_user table gets a new column provider that specifies which login service is used by each user. It defaults to local.

Important other notes:

  • config.file configuration variable is renamed to CONFIG_FILE
  • New indexes added to inventory and accession tables for even faster lookups

2022.7 Changelog

  • 78b0d291 PDF: Make ggce-model.jar downloadable
  • 352378a5 Fix: Cache evict when removing sys user
  • 8c5aa8e3 OAuth: Persistent JWK keys
  • 06269ce2 Startup: Register stock PDF template for Inventory QR labels
  • 591989ce Elasticsearch list indices not found response
  • 2e81ddb8 PDF: Jasper fonts
  • 8ec90c2c Docker: Add ttf-mscore-fonts for Jasper
  • 32b8963e Jasper: Added extra dependencies for PDF barcode generation
  • 09b12524 Scheduler: Include SchedulerConfig with ThreadPoolTaskExecutor
  • c61fd6d4 PDF: Updated to StreamingResponseBody for improved error handling
  • 676717d9 OAuth: Reduce logging
  • f6ba9864 LocaleContextResolver for locale and time zone from header
  • 29d2fb10 SysUser: Allow for removing users
  • 308a36f4 SysUser: Allow for updating the login provider
  • 71c577c3 SimpleObjectIdResolver: resolve model by id
  • c0282a95 JSON: Fix deserialization of objects by their ID
  • 3f02f9f7 Admin alert about users without or with repeatable cooperators
  • 0bb0ed2c Disable login with local account
  • 8c5c1744 OAuth: Tenant configuration using env variables
  • efef3240 OAuth: Configuration of multiple authorization servers with application properties
  • fca8db11 OAuth: Adjust access_token claims with locally defined authorities
  • 6a016066 OAuth: Build SysUser and Cooperator for new OIDC logins
  • 6f696356 JSP: Login screen error from context
  • 5675708b OAuth login with an external provider
  • b040554c OAuth authorization server configuration
  • 55ffcc46 Cookies: Exclude HTTP session management for /api/**
  • 62b06c5c JSP: Updated /admin page layout
  • d24a2556 Errors: Fix double Sitemesh decoration for error pages
  • c96937ef MVC: Forgot password
  • 53f491ef PDF: Set Content-Type and Content-Disposition headers before streaming the PDF
  • 64dc3789 Automatically assign barcode to new inventory
  • 5ebbef91 Security filter chain for /api without session
  • c1b1fc0a OAuth: Keep local OAuth registration, but remove it from login page
  • ecf4f0e7 OAuth: for Swagger
  • 2217cda5 OAuth: Extracted tenant configuration
  • a3166d23 Error: Updated error handling
  • 21d611f3 SOAP: MvcContext initializer must use getServletFilters()
  • 48089f1e SOAP: Using new auth
  • ec210be0 OAuth: Re-enabled clientOriginCheckFilter
  • e86c3f91 OAuth: Enable ATiC and disable session creation if not needed
  • 7de70e9c OAuth: Use baseUrl as issuer
  • dfdca280 OAuth: Add authorities to access token and use userService to retrieve roles
  • 4107c1f5 OAuth: Spring Security only supports JWTs or Opaque Tokens, not both at the same time
  • baccc07a OAuth: Try Opaque tokens
  • 4c6bcafc OAuth: localhost as redirect_uri is not supported
  • 45b5bd77 OAuth: Migrated to Spring OAuth authentication server
  • 3b00aad0 OAuth: Switch to OAuthClientService
  • 1d63858e Add indexes for accession and inventory
  • 70b757d4 OAuth: Allow switching to old OAuth implementation
  • 3a73c771 SOAP: Minor updates
  • b5e53b7b SOAP: Make CT happy to connect to GGCE
  • 9ff6d9e3 Servlet: Formatted error page with MVC
  • 139939d0 Branding
  • 2c32cab6 Cookies: localhost is considered secure context
  • a440ffb9 Cleanup: Moved bits around
  • b73ad5dd jetty: 10.0.11
  • 8abc099c ES: Add mappings for Instant, LocalDate
  • 5e34b1ce Code cleanup: Updated JSP branding
  • 8ec7a237 Code cleanup: Reduce logger noise
  • 0631e452 Code cleanup: Moved bean declarations
  • 05c0bbb8 MVC: A custom deserializer for incoming date strings to Instant is required
  • 4ee100f5 English translations for not declared languages
  • 84177834 Apply inventory maintenance policy for split inventories
  • fe12cfde NOT-SET availability status for split inventories.
  • c4e9a9f1 Fix: NPE in update OrderRequestItem#update(source, target)
  • 60c38a93 Liquibase: added pre-conditions before making sys_group ID the primary key
  • 7eafddab FIX: Fixed issue with updating OrderRequestItem
  • 496fd188 Logging: Default to warn level logging
  • 2d3cc59a API: error messages should start with the cause and up
  • 7c50bf8a BUG: Added unit test to demonstrate issue with updating OrderRequestItem
  • b5dcacff Trait observations API endpoints
  • dcc48b5e Config: Common conversion service
  • f29134db JSON: Configure JSON mappers with builder
  • d9ce23b3 pom: forceJavacCompilerUse shows useful errors