Bump com.google.protobuf:protobuf-java from 3.21.1 to 3.25.5 #36
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) from 3.21.1 to 3.25.5. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](protocolbuffers/protobuf@v3.21.1...v3.25.5) --- updated-dependencies: - dependency-name: com.google.protobuf:protobuf-java dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
the
dependencies
phrocker
approved these changes
Mar 10, 2025
dependabot
bot
deleted the
dependabot/maven/com.google.protobuf-protobuf-java-3.25.5
branch
phrocker
added a commit
that referenced
this pull request
Nov 8, 2025
…ronization with protocol mapper support and UI-driven custom attribute mapping access control (#36) * Initial plan * Fully implement KeycloakAttributeSyncScheduler and user synchronization - Implemented full sync of all users from Keycloak with pagination support - Implemented sync of specific user from Keycloak - Added attribute filtering to exclude internal Keycloak attributes - Enhanced KeycloakService with methods for listing users, getting users, creating users, and updating attributes - Modified UserService to sync attributes from Keycloak when new users are created - Added method to create users in Keycloak when they are created in Sentrius - Added comprehensive tests for KeycloakAttributeSyncScheduler - Added comprehensive tests for KeycloakService - All tests passing Co-authored-by: phrocker <[email protected]> * update * Add password support for Keycloak user creation in UserApiController - Enhanced KeycloakService.createUser() with password parameter support - Added setUserPassword() method to set/reset user passwords in Keycloak - Updated UserApiController.addUser() to create users in Keycloak with passwords - Users created through UI now automatically get created in Keycloak with their password - Password is not temporary, allowing immediate login - Added 4 new tests for password functionality - All 17 tests passing in KeycloakServiceTest Co-authored-by: phrocker <[email protected]> * uipdate * Fix attribute handling for Keycloak 22+ user profile compatibility - Modified createUser() to set attributes AFTER user creation (Keycloak 22+ best practice) - Attributes are no longer set directly during UserRepresentation.create() - Instead, attributes are set via updateUserAttributes() after user creation - This ensures compatibility with Keycloak 22+ User Profile validation - Enhanced updateUserAttributes() with better error handling and logging - Updated test to reflect new attribute handling behavior - All 17 tests passing Co-authored-by: phrocker <[email protected]> * Remove attribute writing to Keycloak - attributes must be managed in User Profile - Removed automatic attribute setting during user creation - Added deprecation warning to updateUserAttributes() method - Clarified that custom attributes must be defined in Keycloak User Profile (Admin Console) - Attributes are READ-ONLY from Sentrius perspective - managed in Keycloak, synced to Sentrius - Enhanced documentation explaining Keycloak 22+ User Profile workflow - Updated test to verify attributes are NOT set during user creation - All 17 tests passing For Keycloak 22+ User Profile: 1. Define attributes in Keycloak Admin Console > Realm Settings > User Profile 2. Fill in attribute values for users through Keycloak UI 3. Sentrius sync scheduler reads attributes from Keycloak 4. Attributes are stored in Sentrius ABAC system for policy evaluation Co-authored-by: phrocker <[email protected]> * Enable bidirectional attribute sync with protocol mappers - Re-enabled attribute writing to Keycloak (reverted read-only approach) - Added protocol mappers for common ABAC attributes to realm template: - department, team_role, clearance_level, location, cost_center, project - Protocol mappers ensure attributes appear in OIDC tokens - Updated KeycloakService to set attributes after user creation - Added syncUserAttributesToKeycloak() method in AttributeManagementService - Attributes set in Sentrius can now be synced to Keycloak - Bidirectional sync: Sentrius ↔ Keycloak - Updated tests to match new behavior - All tests passing (17 KeycloakService tests, full test suite) Co-authored-by: phrocker <[email protected]> * Fix updates * update * Fix custom attribute check to pass endpoint parameter - Fixed checkCustomAttribute() call in AccessControlAspect to include endpoint parameter - This enables ABAC PolicyEvaluator to properly evaluate custom attributes from database - Custom attributes defined via ABAC page can now be evaluated within the aspect - All custom attribute checks now work correctly with both PolicyEvaluator and UserAttributeService Co-authored-by: phrocker <[email protected]> * Add database endpoint attribute checking to AccessControlAspect - Added AttributeAssignmentRepository injection to AccessControlAspect - Implemented checkDatabaseEndpointAttributes() method to check attributes from database - Retrieves attributes assigned to endpoints via ABAC page (TargetType.ENDPOINT) - Validates that users have required attribute values for the endpoint - Integrates with existing checkCustomAttribute() for consistency - Now checks BOTH annotation-defined AND database-defined custom attributes - Attributes defined via ABAC page are now properly evaluated for access control Co-authored-by: phrocker <[email protected]> * Fix database endpoint attribute checking to use ABAC policies - Replaced AttributeAssignment lookup with PolicyEvaluator - Now properly uses AccessPolicy and PolicyRule to determine endpoint requirements - PolicyEvaluator evaluates user attributes against policy rules - Supports complex policy logic (AND/OR combinations, various operators) - Correctly implements the ABAC workflow: 1. Attribute Definitions - define available attributes 2. User Assignments - assign attribute values to users 3. Access Mappings (Policies) - define rules for endpoint access - Removed AttributeAssignmentRepository injection (not needed) - Access Mappings from ABAC page now properly enforced Co-authored-by: phrocker <[email protected]> * Fix database endpoint attribute checking to use CustomAttributeMapping - Replaced PolicyEvaluator with CustomAttributeMappingService - Now properly queries custom_attribute_mappings table from UI - CustomAttributeMapping stores endpoint requirements (e.g., /api/v1/chat/** requires department=engineering) - Integrates with existing checkCustomAttribute() method for validation - Properly implements UI-driven access control workflow: 1. Admin creates mapping via CustomAttributeMappingController 2. Mapping stored in custom_attribute_mappings table 3. AccessControlAspect retrieves and enforces mappings - Custom mappings defined via ABAC UI are now properly enforced Co-authored-by: phrocker <[email protected]> * Fix custom attribute checking to verify user actually has required attributes - Fixed checkCustomAttribute() to properly check if user has the required attribute value - Previously was incorrectly adding the required value to user's context, making all checks pass - Now correctly: 1. Builds context which loads user's AttributeAssignments from database 2. Checks if user's attribute value matches the required value 3. Returns true only if user actually has the attribute with the required value - Fixed test file compilation errors (duplicate class definitions) - Addresses issue where mappings like "clearance_level=low" were found but not validated against user's actual attributes - All tests passing Co-authored-by: phrocker <[email protected]> * commit --------- Co-authored-by: copilot-swe-agent[bot] <[email protected]> Co-authored-by: phrocker <[email protected]> Co-authored-by: Marc Parisi <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps com.google.protobuf:protobuf-java from 3.21.1 to 3.25.5.
Commits
9d0ec0fUpdating version.json and repo version numbers to: 25.54a197e7Merge pull request #18387 from protocolbuffers/cp-lp-25b5a7cf7Remove RecursiveGroup test case which doesn't exist in 25.x pre-Editionsf000b7eFix merge conflict by adding optional label to proto2 unittest_lite.proto4728531Add recursion check when parsing unknown fields in Java.850fcceInternal changeb704498Internal changee673479Fix cord handling in DynamicMessage and oneofs. (#18375)8a60b65Merge pull request #17704 from protocolbuffers/cp-segv94a2663Fixed a SEGV when deep copying a non-reified sub-message.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.