Overview of all update notes
1.8
Update Tomcat and Java
Please update you Tomcat instance to version 10. In case you have been using Java 11 so far, please update to version 17 or 21.
Breaking change for queries used in feature restrictions and spatial restrictions (since 1.8.1)
Policies allow to define feature restrictions and spatial restrictions to limit access to features of a layer. Both types of restrictions require you to define a query that may contain references to attributes of the requesting user like this:
{
...
"restrictions": {
"user_level_only": {
"type": "feature",
"query": "LEVEL <= ${user.level}"
}
}
}security.manager now checks that user attributes only resolve to SQL literal values when they are replaced in query expressions.
If you have to accept user attribute values resolving to anything else than SQL literals, you must now explicitly mark them as insecure inside the query.
Otherwise user requests will fail with errors.
See section Accepted User Attributes for details.
1.7
Breaking change for queries used in feature restrictions and spatial restrictions (since 1.7.1)
Policies allow to define feature restrictions and spatial restrictions to limit access to features of a layer. Both types of restrictions require you to define a query that may contain references to attributes of the requesting user like this:
{
...
"restrictions": {
"user_level_only": {
"type": "feature",
"query": "LEVEL <= ${user.level}"
}
}
}security.manager now checks that user attributes only resolve to SQL literal values when they are replaced in query expressions.
If you have to accept user attribute values resolving to anything else than SQL literals, you must now explicitly mark them as insecure inside the query.
Otherwise user requests will fail with errors.
See section Accepted User Attributes for details.
Policy JSON Schema Update
If you edit policies in a JSON editor with the help of the policy JSON schema, and you want to make use of the new policy features, the schema needs to be updated.
To do so, please update the URL to https://raw.githubusercontent.com/conterra/policies-json/1.7.0/schema/policies.schema.json, or use the schema provided in folder [SECMAN_DIR]/resources/policies.schema.json of the security.manager NEXT distribution.
Policies should begin with
{
"$schema": "https://raw.githubusercontent.com/conterra/policies-json/1.7.0/schema/policies.schema.json",
...
}or
{
"$schema": "[SECMAN_DIR]/resources/policies.schema.json",
...
}Property fallbackPolicy deprecated
Please use the new fallbackPolicies array property to define fallback policies from now on.
The fallbackPolicy property has been marked as deprecated and will no longer be supported in one of the future versions of security.manager NEXT.
We therefore recommend that you convert existing fallback policies to the new syntax as described below:
Old
{
"fallbackPolicy": {
"layers": ["1"]
}
}New
{
"fallbackPolicies": [
{
"layers": ["1"]
}
]
}1.1
Renaming of SOE files
The shipped SOE files were renamed to support automatic SOI update workflow for the following releases. For this update, however, it is required to delete the old SOI files manually via the ArcGIS Server Manager before uploading the new version of the SOI.
|
When deleting the old SOE files, existing policies will get lost! The policies must be backed up and restored via the security.manager NEXT CLI as part of the upgrade. Please make sure, you have upgraded the CLI before upgrading the SOI. In Update of an existing installation you can find a step by step documentation how to perform the update without losing existing policies. |