Change Header
Change Type: Announcement
Product area: Application enablement & solutions
Component: Microservice SDK
Deployed at: eu.latest.cumulocity.com, apj.cumulocity.com, jp.cumulocity.com, cumulocity.com, us.cumulocity.com, emea.cumulocity.com
Technical details
Build artifact: cumulocity (10.20.140.0)
Internal ID: MTM-58822
Change Description
This is a follow-up on a recent announcement about migrating the Microservice SDK to Spring Boot 3.
As a second step of this process, starting from version 10.20.140.0, the Microservice SDK is now using Spring Security 5.8. This change enabled a migration preparing for Spring Security 6.0 to be performed in the Microservice SDK following this migration guide. We recommend all users of the Microservice SDK to also follow that guide when updating their applications using the updated version of the SDK.
Note that following the changes in the MethodSecurityExpressionHandler configuration described here, the methods provided by com.cumulocity.microservice.security.service.SecurityExpressionService that were previously configured using a custom SecurityExpressionRoot extension, are now available via an independent bean definition named c8yAuthz. This means that, for example, the expression isCurrentTenantManagement() will no longer resolve and needs to be prefixed by the bean name instead @c8yAuthz.isCurrentTenantManagement(). This allows customers to easily add their own security expression extensions, if needed.