Overview
This document highlights major changes in CUBA Platform version 7.2.
Warning
|
Please note that in order to work with CUBA 7.2, you need to install Studio 13 or newer. Older versions of Studio don’t have correct support for project creation, migration and hot deployment. |
Breaking Changes
-
Due to changes in the "remember me" login mechanism (see below) all application users will have to enter their credentials when logging in, as if their browser cookies were removed.
-
The
LoginScreen
class has been refactored to simplify creation of alternative login screen implementations. TheAuthInfo
inner class has been moved intoLoginScreenAuthDelegate
, so if you have extended login screen in your project and overridden methods with this class in the signature, make the proper import to fix compilation, for example:public class ExtLoginScreen extends LoginScreen { @Override protected void setAuthInfo(LoginScreenAuthDelegate.AuthInfo authInfo) { // ...
-
Due to changes in SideMenu component, the main screen using such menu should have
cssLayout
as a root container. If you have the main screen with non-responsive side menu in your project, Studio will replace the roothbox
withcssLayout
upon automatic migration. If something is wrong with your main screen layout, make sure the root container is correct, for example:<window xmlns="http://schemas.haulmont.com/cuba/screen/window.xsd" extends="/com/haulmont/cuba/web/app/main/main-screen.xml"> <layout> <cssLayout id="horizontalWrap"> <workArea id="workArea"> <!-- -->
-
Due to introducing security scopes, the
cuba.anonymousSessionId
application property has been removed. Now anonymous sessions for all scopes are created with random identifiers. -
The following changes have been made in the
UserSession
class:-
In the constructors, the collection of
Role
has been replaced with the collection ofRoleDefinition
. -
The
addPermission()
andremovePermission()
methods have been removed. The direct replacement for these methods is the manipulation with explicit permissions maps obtained fromUserSession
, for example:RoleDefinition joinedRole = userSession.getJoinedRole(); Map<String, Integer> screenExplicitPermissions = joinedRole.screenPermissions().getExplicitPermissions(); screenExplicitPermissions.put("demo_Customer.browse", 1);
Another option is to create a new
RoleDefinition
usingBasicRoleDefinition.builder()
and then join with existing roles usingRoleDefinitionsJoiner
:RoleDefinition joinedRole = RoleDefinitionsJoiner.join(userSession.getJoinedRole(), myRole); userSession.setJoinedRole(joinedRole);
-
The following methods have been removed:
getConstraints(entityName)
,hasConstraints()
,addConstraint()
,removeConstraint()
. To find a particular constraint, usegetConstraints().findConstraintsByEntity()
. To add or remove constraints, useAccessConstraintsBuilder
:ConstraintsContainer constraintsContainer = AccessConstraintsBuilder.create() .join(userSession.getConstraints()) .withJpql(MyEntity.class, "{E}.createdBy = :session$userLogin") .build(); userSession.setConstraints(constraintsContainer);
-
-
The HTML content of many UI components (such as
Label
value andTextField
caption) is now sanitized by default to prevent cross-site scripting (XSS). If you have any problems with displaying custom HTML, try to turn off the sanitization using the cuba.web.htmlSanitizerEnabled application property or in individual components using theirsetHtmlSanitizerEnabled()
method. -
When using Folders Panel, the Add to set action and button do not appear automatically in the tables linked to the generic filter. If you need this action, add it explicitly as described in the Record Sets section.
-
Amazon S3 file storage implementation has been moved to a separate add-on. See the add-on README for details.
-
JGroups has been updated to version 4.1.8.Final. If you use middleware cluster, make the following changes in your JGroups configuration files:
-
For UDP configuration, replace:
-
MERGE2
withMERGE3
-
pbcast.NAKACK
withpbcast.NAKACK2
and removeretransmit_timeout
property -
UNICAST
withUNICAST3
-
FC
withMFC
-
-
For TCP configuration, remove properties
timer_type, timer.min_threads, timer.max_threads, timer.keep_alive_time, timer.queue_max_size, thread_pool.queue_enabled, thread_pool.queue_max_size, thread_pool.rejection_policy, oob_thread_pool.min_threads, oob_thread_pool.max_threads, oob_thread_pool.keep_alive_time, oob_thread_pool.queue_enabled, oob_thread_pool.queue_max_size, oob_thread_pool.rejection_policy
and add propertythread_pool.enabled="true"
. See details in this article.
-
-
The
DataContext.evictAll()
has been renamed toevictModified()
, which is a more appropriate name for the method evicting only modified and removed instances. Use the newclear()
method to evict all instances including modified ones. -
The
Icons.Icon.name()
method has been renamed toiconName()
. -
Calendar
has been generified and requires specifying particular datatype to work with corresponding date API (previouslyjava.util.Date
used directly). -
In the REST API add-on, the
responseView
optional parameter can be used in create/update requests. Without it, only 3 attributes of the entity are returned in the response:{ "id": "<entityId>", "_entityName": "<entityName>", "_instanceName": "<intanceName>" }
To revert to the previous behavior for backward compatibility, set the
cuba.rest.responseViewEnabled
application property tofalse
.
Security Subsystem
-
The security subsystem permissions and roles have been reworked to provide "denied by default" model instead of the previous "allowed by default". Newly created with CUBA 7.2 projects will use the new model by default. If you migrate a project from the previous CUBA version, Studio will add the application properties explained in Legacy Roles and Permissions to keep your existing security configuration intact.
-
Now security roles and access groups together with permissions and constraints can be defined at design time using annotated Java classes. It makes the access control more robust and eliminates difficulties with transferring the configuration between application instances (e.g. from the development environment to production). Please note that design-time roles will work only in new projects created with CUBA 7.2. If you are migrating from a previous version and want to create roles at design time, you have to remove the properties explained in Legacy Roles and Permissions and reconfigure all your existing roles and permissions.
-
Security scopes have been introduced to allow you to define different sets of roles for users logging in through different clients. The motivation behind this feature is that REST API clients should normally have more restrictions than Generic UI, because Generic UI is more safe by its nature.
Deployment
-
Usage of Application Home has been standardized for development and deployment environment. When you start the application in Studio, the application home is created in
deploy/app_home
directory. It containsconf
,temp
andwork
directories for all application blocks, as well as the commonlogs
directory. The application home also contains the emptylocal.app.properties
file and the default logging configuration inlogback.xml
.WarningIn order to correctly work with the application home, development Tomcat must define
app.home
Java system property in itssetenv.*
scripts. So remove the olddeploy/tomcat
folder after upgrading to CUBA 7.2 and before running the application. The new Tomcat will be installed automatically.Setting
app.home
Java system property is recommended for all deployment variants, however sensible fallback is provided by the framework: it is either the working directory for UberJAR, or${catalina.base}/work/app_home
when running WAR on Tomcat, or just~/.app_home
otherwise. -
You can easily provide your own logging configuration for the development environment: just create
etc/logback.xml
file in the project, and when you start the application, the file will be copied todeploy/app_home
and recognized by the logging initialization procedure. -
Now you can configure connections to databases using application properties, see Connecting to Databases. This method simplifies the overall configuration, because
app.properties
files define all settings including the data source parameters. Also, it makes your WAR file completely independent of the application server environment.Getting data sources from JNDI is supported as before, so no migration is required for existing projects.
-
Spring profiles can be used to customize application in different environments.
-
OS environment variables can be used as a source of application properties values.
-
Redeployment of web applications without restarting the application server works more reliably as a result of using the Classloader Leak Prevention library.
Generic UI
-
SideMenu is now collapsible, which saves horizontal space. Also, the branding image and other components of the menu have been rearranged. See also the Breaking Changes section for possible issues on migration.
-
The "remember me" login mechanism has been completely reworked:
-
The new application property cuba.rememberMeExpirationTimeoutSec defines expiration timeout for "remember me" cookies and
RememberMeToken
entity instances. It is set to 30 days by default. -
If the user selects the Remember Me checkbox in the login screen, next time they log in automatically without showing the login screen.
-
If the user logs out explicitly, or the cookie is expired, next time the login screen is shown again.
-
-
Views used for loading data in screens can be defined right in the screen descriptors, see an example here. This feature reduces the need for creating shared views in the
views.xml
file. -
Standard actions now have parameters that can be configured in XML and Java. So you don’t have to rewrite the whole action behavior just to open an editor screen as a dialog, or to specify a different screen class. Use Component Inspector in Studio to find and assign action properties and handlers, or copy code snippets from the documentation.
-
ViewAction allows you to open entity edit screen in read-only mode. The optional
enableEditing
can be used to switch to the edit mode without reopening the screen. -
Introduced StandardOutcome and DialogOutcome enumerations that can be used instead of
CloseAction
constants when closing screens and testing how the screen or dialog was closed. -
Form now supports flexible positioning of fields, see the
colspan
androwspan
XML attributes and corresponding parameters of theadd()
method. -
In addition to the global layout template for the generic filter, a layout can be specified for each filter instance, see controlsLayoutTemplate property.
-
BulkEditor has the responsive layout, which you can control using the
columnsMode
attribute. -
In DateField, if the new
autofill
attribute is set to true, the current month and year is set automatically after entering a day. -
TimeField can work in 12h AM/PM format if you set its
timeMode
attribute toH_12
. -
In Table and DataGrid, you can set initial sorting order declaratively using the
sort
attribute of thecolumn
element. -
For DataGrid and TreeDataGrid, you can use the following predefined styles:
borderless
,no-horizontal-lines
,no-vertical-lines
,no-stripes
. -
PopupView supports setting its position using
popupPosition
,popupTop
,popupLeft
attributes. -
All tables and data grids now have Select all / Deselect all commands in the columns popup, which simplifies managing long lists of columns.
-
setOptionImageProvider method have been added to
LookupField
andLookupPickerField
. It allows you to display images for the field options (previously only icons could be used). Go to Handlers tab in Studio component inspector and double-click optionImageProvider field to generate handler code. -
Button has its own
shortcut
attribute, which allows you to assign keyboard shortcuts to buttons not linked to actions. -
The new Slider component has been implemented.
-
If you set the
autoLoad
attribute of RowsCount to true, the component will load the number of rows in background and show it automatically. -
Filter component can now work with KeyValueCollectionContainer loaders.
Miscellaneous
-
Kotlin is fully supported, which means that you can use it in all parts of the project: entities, beans, screen controllers, etc. Hot-deploy of screen controllers written in Kotlin also works.
-
Now you can provide database migration scripts for additional data stores in
/db/init_<datastore_name>
and/db/update_<datastore_name>
directories of thecore
module. The scripts will be executed by the createDb and updateDb Gradle tasks having thestoreName
parameter, as well as by the application server if the cuba.automaticDatabaseUpdate property is configured accordingly. -
Gradle 5.6.4 is used for migrated and new projects. Studio automatically sets the proper version in the
gradle/wrapper/gradle-wrapper.properties
file. Check it in case of any troubles with project building. -
JUnit 5 is used in new projects for tests. The documentation has been updated accordingly.
-
ViewBuilder simplifies creation of views in the business logic and tests.
-
DataManager's fluent interface allows you to specify JPQL queries in abbreviated format omitting parts of the query that can be inferred from the context.
-
Listeners of read-only transient properties are now notified when related properties change. It helps to update UI components displaying read-only attributes that depend on some other mutable attributes.
-
@PostConstruct methods can accept Spring beans available in the
global
module as parameters.
Updated Dependencies
Core framework:
com.fasterxml.jackson = 2.10.1 com.fasterxml.jackson-databind = 2.10.1 com.google.code.gson/gson = 2.8.6 com.google.guava/guava = 28.1-jre com.microsoft.sqlserver/mssql-jdbc = 7.2.2.jre8 com.sun.mail/javax.mail = 1.6.2 com.vaadin = 8.9.2-0-cuba commons-codec/commons-codec = 1.13 de.javakaffee/kryo-serializers = 0.45 mysql/mysql-connector-java = 8.0.17 org.apache.commons/commons-collections4 = 4.4 org.apache.commons/commons-compress = 1.19 org.apache.commons/commons-dbcp2 = 2.7.0 org.apache.commons/commons-pool2 = 2.7.0 org.apache.commons/commons-text = 1.8 org.apache.httpcomponents/httpclient = 4.5.10 org.apache.poi/poi = 4.1.1 org.aspectj/aspectjrt = 1.9.4 org.aspectj/aspectjweaver = 1.9.4 org.codehaus.groovy = 2.5.8 org.freemarker/freemarker = 2.3.29 org.hibernate.validator/hibernate-validator = 6.1.1.Fin`al org.hsqldb/hsqldb = 2.5.0 org.jgroups/jgroups = 4.1.8.Final org.jmockit/jmockit = 1.48 org.jsoup/jsoup = 1.12.1 org.postgresql/postgresql = 42.2.8 org.slf4j/log4j-over-slf4j = 1.7.29 org.slf4j/slf4j-api = 1.7.29 org.springframework = 5.2.1.RELEASE org.springframework.security = 5.2.1.RELEASE tomcat = 9.0.27
FTS add-on:
org.apache.lucene = 8.2.0 org.apache.tika/tika-parsers = 1.22
Reports add-on:
com.haulmont.yarg = 2.2.4 org.apache.poi/ooxml-schemas = 1.4 org.apache.xmlbeans/xmlbeans = 3.1.0