Skip to main content

Release Notes

maven central

Should I update?

We highly recommend regularly updating to the latest SAP Cloud SDK version. It will help you:

  • Ensure access to the latest SAP Cloud SDK features
  • Keep up with the latest changes in SAP Cloud Platform
  • Update client libraries giving access to latest SAP services on SAP Cloud Platform and SAP S/4HANA
  • Protect yourself from bugs and breaking changes in the future

The SAP Cloud SDK v3 for Java is Deprecated

Update to the SAP Cloud SDK v4

Version 3.x of the SAP Cloud SDK for Java has reached its end of life. As a consequence, there won't be any updates to the SAP Cloud SDK version 3 - not even security fixes. To continue using the latest features outlined in the release notes below, please update to the SAP Cloud SDK v4.

3.78.0 - December 15, 2022

newFunctionality

  • Introduce new APIs to configure the destination cache in the ScpCfDestinationLoader.

    We strongly recommend using the following APIs before loading any destination, for example, during application startup only:

    • ScpCfDestinationLoader.Cache.setSizeLimit: Set the number of cache entries that will be cached.
    • ScpCfDestinationLoader.Cache.disableSizeLimit: Disable the cache size limit. The cache will store an infinite amount of entries - use with caution.
    • ScpCfDestinationLoader.Cache.setExpiration: Set the expiration duration and strategy for cache entries.
    • ScpCfDestinationLoader.Cache.disableExpiration: Disable the cache entry expiration. The cache will store entries until it is full, which will lead to the deletion of old entries. This might cause destinations to be cached forever - use with caution.
    • ScpCfDestinationLoader.Cache.disable: Disable the entire cache. All destination will always be retrieved from the Destination Service. This will result in performance degradations - use with caution.

  • The destination loaders now allow for customizing the timeout that is applied to destination retrievals.

    • By default, a 6-second timeout is applied when retrieving a destination.
    • The timeout can be overridden by using the builder: 
      final Try<Destination> loadedDestination = ScpCfDestinationLoader.builder()
              .withTimeLimiterConfiguration(ResilienceConfiguration.TimeLimiterConfiguration.of(Duration.ofSeconds(10)))
              .build()
              .tryGetDestination(destinationName, destinationOptions);
    • Alternatively, the timeout behaviour can be disabled via: 
      final Try<Destination> loadedDestination = ScpCfDestinationLoader.builder()
              .withTimeLimiterConfiguration(ResilienceConfiguration.TimeLimiterConfiguration.disabled())
              .build()
              .tryGetDestination(destinationName, destinationOptions);

improvements

  • Improvements to accessing destinations in a resilient manner:
    • The default timeout of 6 seconds for fetching one or all destinations using tryGetDestination( destinationName,options ) or tryGetAllDestinations(options ) or tryGetAllDestinations( ) is now applied individually for token retrieval and destination service calls.
    • The experimental method ScpCfDestinationLoader#tryGetDestination(String,String,String,ScpCfDestinationServiceResponseProvider) now also performs requests in a resilient manner with automatic timeout configured for 6 seconds.
    • The default timeout value can be overridden or disabled by constructing a ScpCfDestinationLoader with a custom time limiter configuration. See the note on new functionality above.
  • Dependency Updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Tomcat JDBC (org.apache.tomcat:tomcat-jdbc) and Tomcat Annotations API (org.apache.tomcat:tomcat-annotations-api) from 8.5.81 to 8.5.83
        • Update okhttp (com.squareup.okhttp3:okhttp) from 4.9.3 to 4.10.0

fixedIssues

  • Retrieving any OAuth2 destination using the DestinationAccessor in DwC has been improved to always return a destination with a valid, non-expired Auth token.

3.77.0 - November 17, 2022

Maven Central | Javadoc

Improvements

  • Dependency Updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Woodstox Core(com.fasterxml.woodstox:woodstox-core) from 6.3.0 to 6.4.0
        • Update Spring Security(org.springframework.security:spring-security-bom) from 5.7.3 to 5.7.5

3.76.0 - October 31, 2022

Maven Central | Javadoc

Improvements

  • The naming of the destination retrieval strategy (SUBSCRIBER_THEN_PROVIDER) both in the ScpCfDestinationLoader as well as in the ScpNeoDestinationLoader did not behave as the name implied, as it was taking the current tenant, which might, due to misconfiguration, also be the Provider Tenant for the first destination retrieval attempt. This is now fixed by the following steps:
    • Deprecation of the unclear SUBSCRIBER_THEN_PROVIDER strategy
    • Adding a new strategy CURRENT_TENANT_THEN_PROVIDER, which will not perform a second retrieval attempt in case the current tenant is already the provider
  • The naming of the ScpNeoDestinationRetrievalStrategy (ALWAYS_SUBSCRIBER) in the ScpNeoDestinationLoader did not behave as the name implied, as it was taking the current tenant, which might, due to misconfiguration, also be the Provider Tenant. This is now fixed by the following steps:
    • Deprecation of the unclear ALWAYS_SUBSCRIBER strategy
    • Alternative strategy keeping the same behavior: CURRENT_TENANT
    • Adding a new strategy ONLY_SUBSCRIBER which actively enforces that the current tenant is not the provider tenant
  • Dependency Updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Jackson BOM (com.fasterxml.jackson:jackson-bom) from 2.13.3 to 2.13.4
        • Update Jackson Databind (com.fasterxml.jackson.core:jackson-databind) from 2.13.3 to 2.13.4.2
        • Update Commons Text (org.apache.commons:commons-text) from 1.9.0 to 1.10.0
        • Update Fabric SDK Java (org.hyperledger.fabric-sdk-java:fabric-sdk-java) from 2.2.10 to 2.2.18
        • Update Snake YAML (org.yaml:snakeyaml) from 1.31 to 1.33
        • Update Protobuf Java (com.google.protobuf:protobuf-java) from 3.21.2 to 3.21.7

Fixed Issues

  • Fix an issue with OData request payloads containing incomplete entity type indicators.
  • Fix an issue with JWT payload parsing from incoming requests: aud claim can be an atomic string or an array of strings.

3.75.0 - September 21, 2022

Maven Central | Javadoc

Compatibility Notes

  • The RequestAccessor API (along all the related classes - e.g. the RequestThreadContextListener and RequestFacade) is deprecated. For a replacement, please refer to the RequestHeaderAccessor.

New Functionality

  • Add public method getAllDestinations() to EnvVarDestinationLoader to resolve all destinations from the configured system environment variable (default: destinations).

Improvements

  • Dependency Updates:
    • SAP dependency updates:
      • Update XSUAA Library from 2.12.2 to 2.12.3
    • Other dependency updates:
      • Minor version updates:
        • Update Spring from 5.3.21 to 5.3.22
        • Update Spring Security from 5.7.2 to 5.7.3

Fixed Issues

  • Fix an issue with OData request payloads containing incomplete entity type indicators.
  • Fix an issue with JWT payload parsing from incoming requests: aud claim can be an atomic string or an array of strings.

3.74.0 - August 11, 2022

Maven Central | Javadoc

Compatibility Notes

  • Following modules have been marked as deprecated and will be removed with the upcoming release of SAP Cloud SDK 4.0:
    • OData Query Listener and related classes in other modules
    • Remote Function Query Listener and related classes in other modules
    • HTTP Client Listener and related classes in other modules
    • The remaining Quality - Parent POM and submodules

New Functionality

3.73.0 - July 28, 2022

Maven Central | Javadoc

Compatibility Notes

  • Following modules have been deprecated and will be removed with the upcoming release of the SAP Cloud SDK version 4:
    • API Metering (com.sap.cloud.sdk.cloudplatform:metering)
    • API Metering SAP CP Neo (com.sap.cloud.sdk.cloudplatform:metering-scp-neo)

Improvements

  • Dependency Updates:
    • SAP dependency updates:
      • Update XSUAA Library from 2.12.2 to 2.12.3
      • Update SAP AuditLog from 2.0.16 to 2.0.17
      • Update SAP Passport from 1.5.0 to 1.6.0
      • Update NEO SDK from 1.127.12 to 1.128.10
      • Update NEO Web API from 4.29.8 to 4.32.0
    • Other dependency updates:
      • Minor version updates:
        • Update Spring from 5.3.20 to 5.3.21
        • Update Spring Security from 5.7.1 to 5.7.2
        • Update org.scyscreamer:jsonassert from 1.5.0 to 1.5.1
        • Update org.liquibase:liquibase-core from 4.12.0 to 4.13.0

Fixed Issues

  • Fix an issue where the Rate Limiter pattern wasn't correctly applied when using one of the ResilienceDecorator.execute... methods

3.72.0 - July 14, 2022

Maven Central | Javadoc

Improvements

  • Dependency Updates:
    • SAP Dependency Updates:
    • Other Dependency Updates:
      • Minor Dependency Updates:
        • Update Spring Boot (org.springframework.boot:spring-boot) from 2.6.7 to 2.7.0
        • Update Spring Security (org.springframework.security:spring-security-bom) from 5.6.4 to 5.7.1
        • Update Protobuf Java (com.google.protobuf:protobuf-java) from 3.21.1 to 3.21.2
        • Update Spotbugs Annotations (com.github.spotbugs:spotbugs-annotations) from 4.7.0 to 4.7.1
        • Update Woodstox Core (com.fasterxml.woodstox:woodstox-core) from 6.2.8 to 6.3.0

Fixed Issues

  • Fix an issue where generation of OData v4 client failed with a NullPointerException when Actions and Functions list Entites that are not associated with an EntitySet as parameters. The generator skips generating these actions and functions now.

3.71.0 - June 30, 2022

Maven Central | Javadoc

Improvements

  • Dependency Updates:
    • Other dependency updates:
      • Minor version updates:
        • Update AssertJ Guava (org.assertj:assertj-guava) from 3.4.0 to 3.5.0
        • Update Liquibase Core (org.liquibase:liquibase-core) from 4.11.0 to 4.12.0
        • Update Reactor Core (io.projectreactor:reactor-core) from 3.4.18 to 3.4.19
        • Update Tomcat JDBC (org.apache.tomcat:tomcat-jdbc) and Tomcat Annotations API (org.apache.tomcat:tomcat-annotations-api) from 8.5.77 to 8.5.81
        • Update AMQP Client (com.rabbitmq:amqp-client) from 5.14.2 to 5.15.0
        • Update Error Prone Annotations (com.google.errorprone:error_prone_annotations) from 2.13.1 to 2.14.0
        • Update Netty Bom (io.netty:netty-bom) from 4.1.77 to 4.1.78.Final

3.70.0 - June 16, 2022

Maven Central | Javadoc

New Functionality

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Liquibase Core (org.liquibase:liquibase-core) from 4.10.0 to 4.11.0
        • Update Togglz Core (org.togglz:togglz-core) from 3.1.2 to 3.2.1
        • Update Plexus Utils (org.codehaus.plexus:plexus-utils) from 3.4.1 to 3.4.2
        • Update Protobuf (com.google.protobuf:protobuf-java) from 3.20.1 to 3.21.1
        • Update Reactor Core (io.projectreactor:reactor-core) from 3.4.17 to 3.4.18
        • Update Rest Assured (io.rest-assured:rest-assured) from 5.0.1 to 5.1.0

3.69.0 - June 03, 2022

Maven Central | Javadoc

Compatibility Notes

  • Deprecate the testutil-* (com.sap.cloud.sdk.testutil:testutil-parent, com.sap.cloud.sdk.testutil:testutil-core, and com.sap.cloud.sdk.testutil:testutil-resources) modules. These will be removed from our public deliveries with the next upcoming major release of the SAP Cloud SDK.

    If you are relying on (one of) these modules for your testing scenarios, please let us know by reacting on this GitHub issue.

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Spring BOM (org.springframework:spring-framework-bom) from 5.3.19 to 5.3.20
        • Update Spring Security (org.springframework:spring-security-bom) from 5.6.3 to 5.6.4
        • Update Jackson Bom (com.fasterxml.jackson:jackson-bom) from 2.13.2 to 2.13.3
        • Update Jackson Databind (com.fasterxml.jackson.core:jackson-databind) from 2.13.2.2 to 2.13.2.3

Fixed Issues

  • Fix an issue with OData Batch request construction when the service path contains special characters.

3.68.0 - May 19, 2022

Maven Central | Javadoc

Compatibility Notes

  • To fix the high vulnerability CVE-2022-22968 in Spring, we had to update Spring BOM to 5.3.19 and to maintain compatibility had to also update XSUAA Client Library to 2.11.16. Please note that if you are using SAP JAVA buildpack for your deployments use a static buildpack version sap_java_buildpack_1_52 to avoid dependency conflicts and class loading issues.
  • SAP Business Rules OpenAPI client library received breaking change to the field List<TextPredefinedResults> predefinedResults which is renamed to List<TextPredefined> predefined after updating to the latest version of the SAP Business Rules service
  • Deprecate non-productive com.sap.cloud.sdk.s4hana.datamodel.odata.adapter.ODataCalendarAdapter and child classes ODataDateTimeAdapter, ODataDateTimeOffsetAdapter, and ODataTimeAdapter. It is planned to remove those classes with SAP Cloud SDK v4.
  • Switch from using com.google.code.findbugs:annotations to com.github.spotbugs:spotbugs-annotations in modules cloudplatform-core-dwc-cf and recast-ai. No code changes are required if you are consuming these modules. However, if you are planning on consuming these dependencies, remember to declare them directly in your POM as these are declared as optional dependencies.
  • The DefaultLocaleFacade does no longer consider the ServletRequest (accessed via the RequestAccessor) to determine the desired Locale. Instead, the facade uses the RequestHeaderAccessor to derive the Locale based on the Accept-Language header - this change was already introduced in version 3.61.0. As a fallback, in case the header cannot be found, the default Locale for the server will be returned as before. This change does not affect any productive scenarios. However, there might be changes in tests, where the RequestServlet#getLocales() is mocked to return an arbitrary value that is neither part of the Accept-Language header nor the default system Locale.
  • Deprecate modules:
    • Recast AI
    • Graph
    • Services - SAP BTP Machine Learning

Improvements

  • The SAP Business Rules OpenAPI client library was updated to the latest version of the Business Rules service. See also the related compatibility note.

  • Dependency Updates:

    • SAP dependency updates:
    • Other dependency updates:
      • Major version updates:
      • Minor version updates:
        • Update ASM (org.ow2.asm:asm) from 9.2 to 9.3
        • Update Java JWT (com.auth0:java-jwt) from 3.19.0 to 3.19.2
        • Update Liquibase Core (org.liquibase:liquibase-core) from 4.9.0 to 4.10.0
        • Update Lombok (org.projectlombok:lombok) from 1.18.22 to 1.18.24
        • Update Swagger Annotations (io.swagger:swagger-annotations) from 1.6.5 to 1.6.6
        • Update Error Prone Annotations (com.google.errorprone:error_prone_annotations) from 2.11.0 to 2.13.1
        • Update Json Unit AssertJ (net.javacrumbs.json-unit:json-unit-assertj) from 2.32.0 to 2.35.0
        • Update Netty Bom (io.netty:netty-bom) from 4.1.75 to 4.1.77
        • Update Protobuf Java (com.google.protobuf:protobuf-java) from 3.19.4 to 3.20.1
        • Update Reactor Core (io.projectreactor:reactor-core) from 3.4.16 to 3.4.17
        • Update Rest Assured (io.rest-assured:rest-assured) from 5.0.0 to 5.0.1
        • Update Wiremock (com.github.tomakehurst:wiremock-jre8-standalone) from 2.32.0 to 2.33.2
        • Update Spring BOM (org.springframework:spring-framework-bom) from 5.3.18 to 5.3.19
        • Update Spring Security (org.springframework:spring-security-bom) from 5.6.2 to 5.6.3
        • Update Jsonschema2Pojo Core (org.jsonschema2pojo:jsonschema2pojo-core) from 1.1.1 to 1.1.2
        • Update Togglz Core (org.togglz:togglz-core) from 3.1.1 to 3.1.2

Fixed Issues

  • Fix an issue with the OpenAPI client not being able to instantiate the class ApiClient when Jackson formats other than JSON are possible at runtime.
  • Fix an issue with some OData services unable to parse the syntax of batch request segments, that have special characters in entity key values.

3.67.0 - April 14, 2022

Maven Central | Javadoc

Compatibility Notes

  • To fix the critical CVE-2022-22965 vulnerability in Spring, we had to update Spring BOM to 5.3.18 and to maintain compatibility had to also update XSUAA Client Library to 2.11.15. Please note that if you are using SAP JAVA buildpack for your deployments use a static buildpack version sap_java_buildpack_1_49 to avoid dependency conflicts and class loading issues.
  • The module auditlog-scp-cf is considered deprecated. The audit logging API used to implement the integration is outdated and no longer adheres to product guidelines. In the future, the SAP Cloud SDK may provide an update leveraging the recommended API. Until then the users have an option to continue using the deprecated logic at their own risk, or directly consume the recommended audit logging API - without the SAP Cloud SDK convenience layer. Please, create an issue if you are interested in the consumption of auditlog-scp-cf via the SAP Cloud SDK. This deprecated module will be kept in the upcoming SAP Cloud SDK v4. The module targeting Neo in not deprecated and integration can be consumed as before.
  • The following modules have been marked as deprecated and will be removed with the next major release version (v4):
    • com.sap.cloud.sdk.services.currencyconversion.core
    • com.sap.cloud.sdk.services.currencyconversion.adapter.integrationobjects
    • com.sap.cloud.sdk.services.currencyconversion.datamodel.model
    • com.sap.cloud.sdk.services.currencyconversion.datamodel.adapter
    • com.sap.cloud.sdk.plugins:usage-analytics
    • com.sap.cloud.sdk.plugins:usage-analytics-maven-plugin

New Functionality

  • Add Rate Limiter to Resilience Capabilities

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Major version updates:
        • Update Rest Assured (io.rest-assured:rest-assured) from 4.5.1 to 5.0.0
      • Minor version updates:
        • Update Json (org.json:json) from 20211205 to 20220320
        • Update Java JWT (com.auth0:java-jwt) from 3.18.3 to 3.19.0
        • Update liquibase-core (org.liquiebase:liquibase-core) from 4.8.0 to 4.9.0
        • Update Fabric Gateway Java (org.hyperledger.fabric:fabric-gateway-java) from 2.2.3 to 2.2.4
        • Update Jackson Databind (com.fasterxml.jackson.core:jackson-databind) from 2.13.2 to 2.13.2.2
        • Update Joda Time (joda-time:joda-time) from 2.10.13 to 2.10.14
        • Update Reactor Core (io.projectreactor:reactor-core) from 3.4.15 to 3.4.16
        • Update Tomcat JDBC (org.apache.tomcat:tomcat-jdbc) and Tomcat Annotations API (org.apache.tomcat:tomcat-annotations-api) from 8.5.75 to 8.5.77
        • Update Swagger Core V3 (io.swagger.core.v3:swagger-core) and Swagger Core V3 models (io.swagger.core.v3:swagger-models)from 2.1.7 to 2.1.13
        • Update Swagger Core (io.swagger:swagger-core) from 1.6.2 to 1.6.5
        • Update Spring BOM (org.springframework:spring-framework-bom) from 5.3.15 to 5.3.18
        • Update Spring Boot (org.springframework.boot:spring-boot-starter-reactor-netty) from 2.6.3 to 2.6.6
        • Update Spring Security (org.springframework:spring-security-bom) from 5.6.1 to 5.6.2

Fixed Issues

  • Getters and Setters of OpenApi POJOs are no longer considered when using the ApiClient (without passing a RestTemplate) to serialize/deserialize data

  • Fixed an issue which caused incorrect encoding of Pipes (|) in OData queries

  • Fixed an issue where compilation errors occurred on @Nullable properties when using the OpenAPI generator

3.66.0 - March 24, 2022

Maven Central | Javadoc

Compatibility Notes

  • We upgraded the major version of the org.liquibase:liquibase-core dependency to fix the known vulnerability CVE-2022-0839. Please be aware that this change might impact the compatibility of the deprecated com.sap.cloud.sdk.frameworks:liquibase module.

Improvements

  • Improved the exculdingFields and includingFields options for OData V2 update requests. It now also allows for excluding complex and navigation properties.

  • Dependency Updates:

    • SAP dependency updates:
    • Other dependency updates:
      • Major version updates:
        • Update liquibase-core (org.liquiebase:liquibase-core) from 3.10.3 to 4.8.0
      • Minor version updates:
        • Update Guava (com.google.guava:guava) from 31.0.1 to 31.1.0
        • Update Jackson Bom (com.fasterxml.jackson:jackson-bom) from 2.13.1 to 2.13.2
        • Update Logback Classic (ch.qos.logback:logback-classic) from 1.2.10 to 1.2.11
        • Update Mockito Core (org.mockito:mockito-core) from 4.3.1 to 4.4.0
        • Update Mojo Executor (org.twdata.maven:mojo-executor) from 2.3.3 to 2.4.0
        • Update Netty Bom (io.netty:netty-bom) from 4.1.74 to 4.1.75
        • Update OpenAPI Generator (org.openapitools:openapi-generator) from 5.0.0-beta3 to 5.4.0

Fixed Issues

  • Fix an issue with destinations that have key-stores referencing more than one alias.
  • Fix an issue with certificate-based authentication for SAP BTP services, e.g. Destination Service.

3.65.0 - March 10, 2022

Maven Central | Javadoc

Compatibility Notes

  • The following modules have been marked as deprecated and will be removed with the next major release:

    • com.sap.cloud.sdk.frameworks.cxf
    • com.sap.cloud.sdk.frameworks.eclipselink
    • com.sap.cloud.sdk.frameworks.eclipselink-javaee
    • com.sap.cloud.sdk.frameworks.javaee
    • com.sap.cloud.sdk.frameworks.jaxrs
    • com.sap.cloud.sdk.frameworks.jaxrs-gson
    • com.sap.cloud.sdk.frameworks.liquibase
    • com.sap.cloud.sdk.frameworks.liquibase-javaee
    • com.sap.cloud.sdk.frameworks.spring-boot-multitenancy-scp-cf
    • com.sap.cloud.sdk.frameworks.spring-web
    • com.sap.cloud.sdk.frameworks.togglz

  • For Media Entities in the OData V2 VDM the method fetchAsStream() is deprecated in favour of fetchMediaStream().

New Functionality

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Json Unit AssertJ (net.javacrumbs.json-unit:json-unit-assertj) from 2.31.0 to 2.32.0
        • Update Caffeine JCache (com.github.ben-manes.caffeine:jcache) from 2.9.2 to 2.9.3
        • Update Reactor Core (io.projectreactor:reactor-core) from 3.4.14 to 3.4.15
        • Update Tomcat JDBC (org.apache.tomcat:tomcat-jdbc) and Tomcat Annotations API (org.apache.tomcat:tomcat-annotations-api) from 8.5.72 to 8.5.75
        • Update Json Smart (net.minidev:json-smart) from 2.4.7 to 2.4.8

3.64.0 - February 24, 2022

Maven Central | Javadoc

New Functionality

  • Extend the implementation for using the SAP BTP Destination & Connectivity services to now also support the x509 authentication type.

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Gson (com.google.code.gson:gson) from 2.8.9 to 2.9.0
        • Update Json Path (com.jayway.jsonpath:json-path) from 2.6.0 to 2.7.0
        • Update Slf4j (org.slf4j:slf4j-api) from 1.7.35 to 1.7.36
        • Update Spring BOM (org.springframework:spring-framework-bom) from 5.3.14 to 5.3.15
        • Update Swagger Annotations (io.swagger:swagger-annotations) from 1.6.4 to 1.6.5
        • Update Togglz (org.togglz:togglz-testing) from 3.1.0 to 3.1.1
        • Update AMQP Client (com.rabbitmq:amqp-client) from 5.14.1 to 5.14.2
        • Update Jakarta Activation API (jakarta.activation:jakarta.activation) from 2.0.1 to 2.1.0
        • Update Json Unit AssertJ (net.javacrumbs.json-unit:json-unit-assertj) from 2.28.0 to 2.31.0
        • Update Mojo Executor (org.twdata.maven:mojo-executor) from 2.3.2 to 2.3.3
        • Update Netty BOM (io.netty:netty-bom) from 4.1.73 to 4.1.74
        • Update PMD Core (net.sourceforge.pmd:pmd-core) from 6.41.0 to 6.42.0
        • Update Protobuf Java (com.google.protobuf:protobuf-java) from 3.19.3 to 3.19.4
        • Update Rest Assured (io.rest-assured:rest-assured) from 4.5.0 to 4.5.1
        • Update Spring Boot (org.springframework.boot:spring-boot-starter-reactor-netty) from 2.6.2 to 2.6.3

Fixed Issues

  • Fix an issue that caused PrincipalAccessor#getCurrentPrincipal() to throw a PrincipalAccessException in K8s based environments

3.63.0 - February 10, 2022

Maven Central | Javadoc

New Functionality

  • Update the OData VDM to the newest release 2202 of SAP S/4HANA Cloud. This includes completely new services available as usual in packages:
  • com.sap.cloud.sdk.s4hana.datamodel.odata.services
  • com.sap.cloud.sdk.s4hana.datamodel.odatav4.services You will also find new operations in previously existing services, and new entity types. The SAP Cloud SDK supports all OData services listed in the SAP Business Accelerator Hub for SAP S/4HANA Cloud.
  • Add a new method (excludingFields(...)) to exclude specific fields from OData V2 and V4 PUT requests (i.e. replacingEntity()). This method can be used to exclude read-only fields, as well as dependent properties that are not tied to key properties from your PUT request payload.

Improvements

  • Dependency Updates:
    • SAP dependency updates:
      • Update CF Logging Support (com.sap.hcp.cf.logging:cf-java-logging-support-logback) from 3.5.6 to 3.5.7
    • Other dependency updates:
      • Minor version updates:
        • Update Caffeine (com.github.ben-manes.caffeine:caffeine) from 2.9.2 to 2.9.3
        • Update Eclipse Link (org.eclipse.persistence:eclipselink) from 2.7.9 to 2.7.10
        • Update Slf4j (org.slf4j:slf4j-api) from 1.7.33 to 1.7.35
        • Update Slf4j (org.togglz:togglz-core) from 3.0.0 to 3.1.0
        • Update Mockito (org.mockito:mockito-core) from 4.2.0 to 4.3.1

Fixed Issues

  • Fix an issue with Destination initialization, where the "Authorization" header value is constructed with improper scheme capitalization. Instead of "bearer [...]" it will now correctly use "Bearer [...]" as a header value for outgoing HTTP requests.

3.62.0 - January 28, 2022

Maven Central | Javadoc

New Functionality

  • The experimental Generic OData Client allows for customization of the number deserialization strategy from JSON to Java:

    ODataRequestResultGeneric result;

    // Default: Number to Double
    result.withNumberDeserializationStrategy(NumberDeserializationStrategy.DOUBLE)

    // Custom: Number to BigDecimal
    result.withNumberDeserializationStrategy(NumberDeserializationStrategy.BIG_DECIMAL)

    This feature requires Gson dependency version 2.8.9 or higher.

Improvements

  • The OData generators no longer throw an exception and log an error in case the provided EDMX file does not match the respective OData version schema. Instead, the file(s) that do not qualify for Java code generation will be skipped and debug messages are logged.

  • Dependency Updates:

    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Spring Framework (org.springframework:spring-framework-bom) from 5.3.13 to 5.3.14
        • Update Spring Security (org.springframework:spring-security-bom) from 5.6.0 to 5.6.1
        • Update Fabric Gateway Java (org.hyperledger.fabric:fabric-gateway-java) from 2.2.2 to 2.2.3
        • Update Java JWT (com.auth0:java-jwt) from 3.18.2 to 3.18.3
        • Update Slf4j (org.slf4j:slf4j-api) from 1.7.32 to 1.7.33
        • Update AMQP Client (com.rabbitmq:amqp-client) from 5.14.0 to 5.14.1
        • Update Netty BOM (io-netty:netty-bom) from 4.1.72 to 4.1.73
        • Update Protobuf Java (com.google.protobuf:protobuf-java) from 3.19.1 to 3.19.3
        • Update Reactor Core (io.projectreactor:reactor-core) from 3.4.13 to 3.4.14

Fixed Issues

  • Fix an issue where service bindings would not be loaded in some Kubernetes environments.
  • Fix an issue where log message with WARN level would be written regularly with every incoming request.

3.61.0 - January 13, 2022

Maven Central | Javadoc

New Functionality

  • The SAP Cloud SDK now supports a new ProxyType named PrivateLink. This proxy type is used when your destination represents a tunnel created via Private Link Service.
  • The SAP Cloud SDK now provides a new accessor for HTTP headers of the incoming request. The new RequestHeaderAccessor located in the cloudplatform-core module can be used to conveniently access HTTP headers of the currently processed incoming request. Furthermore, it can be used to also propagate specific headers to nested ThreadContexts, much like the other accessors of the SAP Cloud SDK. By default, all present headers are automatically "inherited" when creating a new ThreadContext so that even asynchronous operations are able to access the initial headers.

Fixed Issues

  • Fix a regression in version 3.51.0 that caused SOAP transaction commits to not be applied to the same session as the requests being committed.
  • Fix an issue that could sometimes lead to a ConcurrentModificationException when using the Destination or Connectivity service functionality.
  • Fix an issue that could sometimes lead to CacheException Cache already exists when using the Destination / Connectivity service or resilience functionality.
  • Fix an issue where service bindings were not loaded from the file system in case the working directory of the Java process was not the root directory.
  • Fix an issue where custom service-path information is not propagated from OData V2 service classes to batch classes. Previously this led to a runtime exception: ODataRequestException: Batch request contains requests to different service paths [...]. To enable the fix, please use the latest OData V2 VDM and/or re-generate your own OData V2 classes.
  • Fix CVE-2021-33813 by upgrading jdom2 to version 2.0.6.1

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Spring Framework (org.springframework:spring-framework-bom) from 5.3.10 to 5.3.13
        • Update Spring Security (org.springframework:spring-security-bom) from 5.5.2 to 5.6.0
        • Update JDom2 (org.jdom:jdom2) from 2.0.6 to 2.0.6.1
        • Update Fabric SDK Java (org.hyperledger.fabric-sdk-java:fabric-sdk-java) from 2.2.8 to 2.2.10
        • Update HttpCore (org.apache.httpcomponents:httpcore) from 4.4.14 to 4.4.15
        • Update Json (org.json:json) from 20210307 to 20211205
        • Update Logback Classic (ch.qos.logback:logback-classic) from 1.2.7 to 1.2.10
        • Update Mockito (org.mockito:mockito-core) from 4.1.0 to 4.2.0
        • Update Swagger Annotations (io.swagger:swagger-annotations) from 1.6.3 to 1.6.4
        • Update Hibernate Core (org.hibernate:hibernate-core) from 5.6.1.Final to 5.6.3.Final
        • Update Json (org.json:json) from 20210307 to 20211205
        • Update Netty (io.netty:netty-bom) from 4.1.70.Final to 4.1.72.Final
        • Update Plexus Component Annotations (org.codehaus.plexus:plexus-component-annotations) from 2.1.0 to 2.1.1
        • Update Reactor Core (io.projectreactor:reactor-core) from 3.4.12 to 3.4.13
        • Update System Lambda (com.github.stefanbirkner:system-lambda) from 1.2.0 to 1.2.1
        • Update Wiremock (com.github.tomakehurst:wiremock-jre8-standalone) from 2.31.0 to 2.32.0

3.60.0 - December 16, 2021

Maven Central | Javadoc

Compatibility Notes

  • Add deprecation notice to public methods of service classes in s4hana-api-odata-onpremise-2020 and s4hana-api-odata-v4-onpremise-2020. The deprecated API remains functional. We recommend using the latest OData API of your SAP S/4HANA On-Premise release, which can be used with the new dependencies s4hana-api-odata-onpremise and s4hana-api-odata-v4-onpremise respectively.

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update JUnit Jupiter (org.junit.jupiter:junit-jupiter-engine) and JUnit Vintage (org.junit.vintage:junit-vintage-engine) from 5.8.1 to 5.8.2
        • Update Bouncycastle (org.bouncycastle:bcpkix-jdk15on, bcprov-jdk15on) from 1.69 to 1.70

Fixed Issues

  • Remove the superfluous WARN log message that appeared whenever a new mTLS HTTP client was built.

3.59.0 - December 02, 2021

Maven Central | Javadoc

Compatibility Notes

  • Removed unnecessary dependency netty-bom from the Bill of Material (BOM).
  • Replaced the experimental API HttpSecuritySettings getHttpSecuritySettings() with SSLContext getSslContext() on CloudPlatform. Removed the experimental interface HttpSecuritySettings

New Functionality

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Logback Classic (ch.qos.logback:logback-classic) from 1.2.6 to 1.2.7.
        • Update Mockito (org.mockito:mockito-core) from 4.0.0 to 4.1.0

Fixed issues

  • We fixed a race-condition issue when serializing OData V2 VDM entity objects concurrently in multiple threads. This addresses errors reported as "Could not serialize property 'FooBar'. Returning null instead."

3.58.0 - November 18, 2021

Maven Central | Javadoc

Compatibility Notes

  • The OpenAPI generator now fails with a helpful message during generation if the input specification contains any of these keywords oneOf or anyOf in either:
    • The paths part of the specification
    • As an additional property or nested inside a property under a Schema listed in the specification.

Please, remove these properties from your specification and generation will succeed. It will allow you to use the remaining endpoints via the type-safe client by the SAP Cloud SDK. Support for oneOf, anyOf might be added in the future but the timeline for that is unknown.

New Functionality

  • Update the OData VDM to the newest release 2111 of SAP S/4HANA Cloud. This includes completely new services (available as usual in packages com.sap.cloud.sdk.s4hana.datamodel.odata.services and com.sap.cloud.sdk.s4hana.datamodel.odatav4.services), new operations in previously existing services, and new entity types. The SAP Cloud SDK supports all OData services listed in the SAP Business Accelerator Hub for SAP S/4HANA Cloud with the exception of the following services:
    • (OData V2) Maintenance Item - API_MAINTENANCEITEM
    • (OData V2) Enterprise Project V2 - API_ENTERPRISE_PROJECT_SRV_0002
    • (OData V2) Service Order Template - OP_API_SERVICE_ORDER_TEMPLATE_SRV_0001
    • (OData V4) Contract Accounting Business Transaction - CABUSINESSPARTNER_0001
    • (OData V4) Handling Unit - HANDLINGUNIT_0001
    • (OData V4) Maintenance Task List - MAINTENANCETASKLIST_0001
    • (OData V4) Measuring Point - MEASURINGPOINT_0001
    • (OData V4) Planned Order - PLANNEDORDER_0001
    • (OData V4) Process Warehouse Task - WAREHOUSEORDER_0001
    • (OData V4) Product Exclusion - PRODUCTEXCLUSION_0001
    • (OData V4) Product Substitution - PRODUCTSUBSTITUTION_0001
    • (OData V4) Supplier Item - SUPPLIERITEM_0001
    • (OData V4) Warehouse Resource - WAREHOUSERESOURCE_0001

Improvements

  • Limit beans scanning to service classes only in dependencies s4hana-api-odata, s4hana-api-odata-onpremise-2020 ands4hana-api-odata-v4-onpremise-2020. This significantly reduces startup times and memory consumption for TomEE applications that are missing their own beans.xml configuration. For consistency the beans scanning of s4hana-api-odata-v4 is enabled now but also limited to service classes.

  • The ALWAYS_SUBSCRIBER strategy of the default ScpCfDestinationRetrievalStrategy in the ScpCfDestinationLoader did not behave as its name implied. It was taking the current tenant, which might also be a Provider Tenant due to misconfiguration. We fixed it by:

    • Renaming ALWAYS_SUBSCRIBER to CURRENT_TENANT and making it a new default strategy.
    • Deprecation the confusingly named ALWAYS_SUBSCRIBER strategy
    • Adding a new ONLY_SUBSCRIBER strategy that actively enforces that a current tenant is not a provider tenant

  • Dependency Updates:

    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Gson (com.google.code.gson:gson) from 2.8.8 to 2.8.9

3.57.0 - November 4, 2021

Maven Central | Javadoc

Improvements

  • Dependency Updates:
    • SAP dependency updates:
      • Update Neo JavaEE7 WP API (com.sap.cloud:neo-javaee7-wp-api) from 1.107.5 to 1.108.5
      • Update Neo Java Web API (com.sap.cloud:neo-java-web-api) from 4.11.4 to 4.12.2
      • Update CDS4J Maven Plugin (com.sap.cds:cds4j-maven-plugin) from 1.16.0 to 1.23.0
      • Update JPaaS Security Utils (com.sap.core.jpaas.security:com.sap.core.jpaas.security.utils) from 1.4.90 to 1.4.91
    • Other dependency updates:
      • Major version updates:
        • Update Guava (com.google.guava:guava, guava-testlib) from 30.1.1-jre to 31.0.1-jre
      • Minor version updates:
        • Update Hibernate Core (org.hibernate:hibernate-core) from 5.5.7.Final to 5.6.0.Final
        • Update JUnit Jupiter (org.junit.jupiter:junit-jupiter-engine) and JUnit Vintage (org.junit.vintage:junit-vintage-engine) from 5.7.2 to 5.8.1
        • Update Netty (io.netty:netty-bom) from 4.1.67.Final to 4.1.69.Final
        • Update Protobuf (com.google.protobuf:protobuf-java) from 3.18.1 to 3.19.0
        • Update Reactor Core (io.projectreactor:reactor-core) from 3.4.10 to 3.4.11

Fixed issues

  • We fixed the vulnerability CVE-2021-37137 that affects Netty with versions < 4.1.68.Final by updating to version 4.1.69.Final.
  • We fixed an issue where some OData exception messages were not encoded correctly.

3.56.0 - October 21, 2021

Maven Central | Javadoc

New Functionality

  • We added support for the newly introduced SecretRootKey service binding layout as defined by the SAP BTP Service Operator for K8s. We recommend all consumers to use this binding layout as it solves the problem of incorrectly parsed array properties. Please refer to our K8s Guide for more detailed instructions on how to create service bindings using the SAP BTP Service Operator.

Improvements

  • We improved API generalization to accept custom implementations of interface OAuth2Service instead of dedicated class XsuaaService.

  • To increase compatibility, the OData V2 count() operation on our OData V2 typed client (VDM) now ignores query options other than $filter and user-defined query options which are not relevant for the count operation.

  • Dependency Updates:

    • SAP dependency updates:
      • Update com.sap.cloud:neo-java-web-api from 4.9.4 to 4.11.4
      • Update com.sap.cloud:neo-javaee7-wp-api from 1.105.7 to 1.107.5
    • Other dependency updates:
      • Major version updates:
        • Update org.mockito:mockito-core from 3.12.4 to 4.0.0
      • Minor version updates:
        • Update org.projectlombok:lombok from 1.8.20 to 1.8.22
        • Update com.fasterxml.jackson:jackson-bom from 2.12.5 to 2.13.0
        • Update io.swagger:swagger-annotations from 1.6.2 to 1.6.3
        • Update joda-time:joda-time from 2.10.10 to 2.10.12
        • Update net.sourceforge.pmd:pmd-core, pmd-java, pmd-test from 6.38.0 to 6.39.0
        • Update com.squareup.okhttp3:okhttp, mockwebserver and from 4.9.1 to 4.9.2
        • Update org.apache.tomcat:tomcat-annotations-api, tomcat-jdbc from 8.5.71 to 8.5.72
        • Update com.google.protobuf:protobuf-java from 3.18.0 to 3.18.1

Fixed issues

  • We fixed an issue where the appendDestinationLoader and prependDestinationLoader on the DestinationLoader were not behaving as expected on a given DestinationLoaderChain.The DestinationLoaderChains are now correctly added to an existing DestinationLoaderChain.

  • We fixed an issue with the OData V4 generator not considering actions and functions when one of their arguments references a complex- or entity-type that is not transitively exposed through entity sets.

  • We fixed the issue where HttpClients were not cached correctly on SAP BTP Neo. With this fix the caching should now behave as expected, minimizing the number of concurrent HttpClient instances in use.

3.55.1 - October 7, 2021

Maven Central | Javadoc

New Functionality

  • We introduced a new abstraction to load service bindings from various locations in an environment agnostic manner: The ServiceBindingLoader interface.

    This utility interface consists of just a single method (load), which returns all service bindings for the current application. We also provide the following implementations:

    • The EnvironmentVariableServiceBindingLoader is capable of parsing environment variables (such as the VCAP_SERVICES) on SAP BTP Cloud Foundry
    • The FileSystemServiceBindingLoader is capable of parsing service bindings, which are mounted to the file system (for example, when running in a K8s environment).
    • The ServiceBindingMerger is capable of combining the results of an arbitrary amount of other ServiceBindingLoader instances based on a configurable service binding property (e.g. the name of the bindings).

    During the design of this new feature, we paid special attention to the reconfigurability and extensibility of the API to enable consumers to support any runtime with as few changes as possible.

  • We changed the way ScpCfCloudPlatform class is loading service bindings to use the newly introduced ServiceBindingLoader API. It allows to seamlessly load service bindings from a file system in K8s-based environments like SAP Gardener.

    We search and load the Service bindings with the following priority, highest to lowest:

    • From the file system, as provided by the SAP Service Operator K8s service with the SecretKey layout
    • From the file system, as provided by the SAP Service Operator K8s service with the Data (default) layout
    • From the VCAP_SERVICES environment variable

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Major version updates:
        • Update org.togglz:togglz-core from 2.9.9 to 3.0.0
      • Minor version updates:
        • Update ch.qos.logback:logback-classic from 1.2.5 to 1.2.6
        • Update com.auth0:java-jwt from 3.18.1 to 3.18.2
        • Update org.springframework:spring-framework-bom from 5.3.9 to 5.3.10
        • Update org.jooq:jooq from 3.14.12 to 3.14.15
        • Update io.projectreactor:reactor-core from 3.4.9 to 3.4.10
        • Update org.apache.tomcat:tomcat-annotations-api,tomcat-jdbc from 8.5.69 to 8.5.71
        • Update com.google.protobuf:protobuf-java from 3.17.3 to 3.18.0

Fixed issues

  • Fix SapPassportAccessor.getPassportForNextRequest() to no longer throw an exception if either the current ThreadContext is unavailable or the incoming HTTP request is missing the SAP passport header.
    • Instead, we generate a new passport on behalf of the base passport template.
    • If the base passport template is not defined, a new template will be instantiated at runtime via SapPassportFactory.

3.54.0 - September 23, 2021

Maven Central | Javadoc

Known Issues

  • We are aware of the vulnerability CVE-2021-37137 that affects Netty in version 4.1.67.Final. Unfortunately, we are not yet able to resolve that vulnerability due to an issue with the 4.1.68.Final release of Netty, which prevents projects from compiling. We will update the related dependencies once the build issue has been resolved. The vulnerability affects only deprecated modules that are not recommended to use which significantly mitigates the risks for the SAP Cloud SDK's customers.

New Functionality

  • Applications that use an IAS binding instead of XSUAA are now supported out of the box.
    • Incoming JWTs issued by IAS are validated and decoded
    • In case no JWT is provided the SAP Cloud SDK defaults to the zone ID of the provider tenant
    • Destination & Connectivity service can be accessed on behalf of the IAS tenant via zone ID
    • Not supported: JWTs issued by IAS can not yet be used for Principal Propagation and User Token Exchange
    • Under the hood, the SAP Cloud SDK now uses zone IDs to pass tenant information to both IAS and XSUAA. See the note under "Improvements"

Improvements

  • Internally the SAP Cloud SDK now passes the tenant information via zone ID (instead of subdomain) to the OAuth2 services XSUAA and IAS

  • Resolving the provider tenant no longer requires an internal HTTP request. Instead, the VCAP_SERVICES environment variable will be parsed at runtime for the necessary information.

  • Dependency Updates:

    • SAP dependency updates:
      • Update com.sap.hcp.cf.logging:cf-java-logging-support-logback from 3.5.1 to 3.5.2
      • Update com.sap.cloud:neo-javaee7-wp-api from 1.103.10 to 1.105.7
      • Update com.sap.cloud:neo-java-web-api from 4.7.9 to 4.9.4
    • Other dependency updates:
      • Minor version updates:
        • Update org.hyperledger.fabric-sdk-java:fabric-sdk-java from 2.2.7 to 2.2.8
        • Update com.fasterxml.jackson:jackson-bom from 2.12.4 to 2.12.5
        • Update org.mockito:mockito-core from 3.12.3 to 3.12.4
        • Update net.sourceforge.pmd:pmd-core from 6.37.0 to 6.38.0
        • Update org.twdata.maven:mojo-executor from 2.3.1 to 2.3.2
        • Update org.xerial:sqlite-jdbc from 3.36.0.1 to 3.36.0.3
        • Update com.rabbitmq:aqmp-client from 5.13.0 to 5.13.1
        • Update org.hibernate:hibernate-core from 5.5.6 to 5.5.7.Final
        • Update org.codehaus.plexus:plexus-utils from 3.4.0 to 3.4.1
        • Update io.netty:netty-bom from 4.1.66.Final to 4.1.67.Final
        • Update jakarta.activation:jakarta.activation-api from 2.0.0 to 2.0.1
        • Update com.github.tomakehurst:wiremock-jre8-standalone from 2.30.1 to 2.31.0

3.53.0 - September, 13, 2021

Maven Central | Javadoc

Compatibility Notes

  • The Java HTML parser jsoup is no longer part of our implicit dependency management. If your application relies on the version provided by the SAP Cloud SDK, please consider declaring the dependency version yourself. The latest version can be found in Maven Central.

New Functionality

  • We added convenience methods for null comparison in our OData API to avoid unnecessary null-casting:

    • Entity.FIELD_NAME.equalToNull() - OData V4 VDM / Generic OData Client
    • Entity.FIELD_NAME.notEqualToNull() - OData V4 VDM / Generic OData Client
    • Entity.FIELD_NAME.eqNull() - OData V2 VDM
    • Entity.FIELD_NAME.neNull() - OData V2 VDM

  • We now support function import calls in OData V2 using the HTTP GET method inside batch requests. Within the batch request, the function import call can be added to the addReadOperations() method. You can execute a batch request containing a function import call as follows:

singleValueReturnFunction = service.callSomeFunction();
service.batch()
  .addReadOperations(singleValueReturnFunction)
  .executeRequest(destination);

You can read the response of the function by:

functionResult = batchResponse.getReadResult(singleValueReturnFunction);

You can also add functions that return a collection inside batch requests and parse the results yourself in a similar manner. Please refer to our documentation for more details.

  • [Beta] Reading destinations from environment variables now allows you to configure authorization token forwarding to the target system. You can activate this feature in the following ways

    1. Setting the authentication property directly:

      [
        {
          "type": "HTTP",
          "name": "destinationName",
          "url": "https://URL",
          "authentication": "TokenForwarding"
        }
      ]

    2. Adding the property forwardAuthToken=true, as already known from the approuter: [ { "type": "HTTP", "name": "destinationName", "url": "https://URL", "forwardAuthToken": true } ] Both of those settings will cause the destination to take the value of the Authorization HTTP header contained in the current HTTP request for every request to the specified target system.

    Note: The settings above will override a token set with AuthTokenAccessor.executeWith(...). Moreover, authentication tokens set via AuthTokenAccessor.executeWith(...) will not be forwarded to the target system.

  • You can now add headers to a destination using the property method so that they will always be included when calling the target system. Here's an example of the property method call: .property("URL.headers.foo1", "bar1"). Find more details on setting properties here.

  • You can now add query parameters to a destination using properties. They will always be included in the query string when calling the target system. The query values should be provided without encoding. They will be encoded in the query string by the SAP Cloud SDK. Example of adding a query parameter using property method: .property("URL.queries.airport", "Köln Bonn"). The rendered query string will look like: airport=K%C3%B6ln%20Bonn. Find more details on adding query parameters here.

Improvements

  • HttpClientFactory is now a @FunctionalInterface. This let's you conveniently construct an instance of the HttpClientFactory using a simple lambda expression: HttpClientFactory factory = destination -> HttpClients.createDefault();.

  • We removed unnecessary warning messages when generated when an XSUAA or IAS service is not bound to an application.

  • Dependency Updates:

    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Spring from 5.3.8 to 5.3.9
        • Update GSON from 2.8.7 to 2.8.8
        • Update Togglz from 2.9.8 to 2.9.9
        • Update Mockito from 3.11.2 to 3.12.3
        • Update Spring Security from 5.5.1 to 5.5.2

Fixed Issues

  • We fixed the issue where HTTP header keys of an OData response were not handled case-insensitive, causing problems with processing those responses. This is fixed now and should handle headers the same way, regardless of capitalization.

3.52.0 - August 26, 2021

Maven Central | Javadoc

Known Issues

  • The Java HTML parser jsoup is used in a version which contains the vulnerability CVE-2021-37714. We plan to remove this dependency in future versions of the SAP Cloud SDK.

New Functionality

  • We enabled support for certificate-based authentication for services on Cloud Foundry which allows services to use Mutual Transport Layer Security or mTLS instead of providing client credentials. In the future, this will become the default authentication method on the SAP BTP Cloud Foundry.

    • If the service binding has a property credentials: { credential-type: x509 } then this is an indicator for the new authentication method.
    • Please note: you might see WARN messages in the logs. These are produced by the Java Security Library that we use as a dependency. We verified the logic with the library publisher and it's safe to use. The false log message is soon to be removed.

  • We enabled the use of a certificate-based authentication without password protection for the Destination Service on the SAP BTP Cloud Foundry.

  • We updated the remaining OData VDM services to the newest release 2108 of SAP S/4HANA Cloud. Operations and data types of the following services may have faced backward-incompatible changes, that can be explored in the SAP Business Accelerator Hub for SAP S/4HANA Cloud:

    • (OData V2) Maintenance Item - API_MAINTENANCEITEM
    • (OData V2) Maintenance Plan - API_MAINTENANCEPLAN
    • (OData V2) Bills of Material - API_BILL_OF_MATERIAL_SRV_0002
    • (OData V2) Service Order - API_SERVICE_ORDER_SRV
    • (OData V4) Supplier Item - SUPPLIERITEM_0001

Improvements

  • Dependency updates:
    • Update BTP Neo Tomcat 8 SDK from 4.5.3 to 4.6.5
    • Update XSUAA Token Client and Token Flow API from 2.10.2 to 2.10.3
    • Update Neo JavaEE 7 SDK from 1.101.4 to 1.102.5
    • Update Error Prone from 2.8.0 to 2.8.1
    • Update PMD from 6.36.0 to 6.37.0
    • Update Wiremock from 2.29.1 to 2.30.0
    • Update ASM from 9.0 to 9.2
    • Update Spring from 5.3.8 to 5.3.9
    • Update Spring Boot from 2.5.0 to 2.5.3
    • Update Commons CSV from 1.8 to 1.9.0
    • Update Hibernate Core from 5.5.4.Final to 5.5.6
    • Update Logback from 1.2.3 to 1.2.5

3.51.0 - August 12, 2021

Maven Central | Javadoc

Compatibility Notes

  • While updating the OData client libraries (VDM) to match the latest SAP S/4HANA Cloud 2108 release we identified the following breaking changes:
    • Affected service ID: HANDLINGUNIT_0001. In the OData V4 service Handling Unit Item the Create operation was removed. No existing functionality is affected because this operation has never been supported by SAP S/4HANA.
    • SAP__Message class was updated in a breaking manner. Its numericSeverity property was changed from Short to Integer. This affects multiple OData V4 services. Note: This change is likely to be reverted in the future. We'll separately communicate about this in the release notes.

New Functionality

  • The SAP Cloud SDK now provides out-of-the-box support for the Identity Authentication Service (IAS). Here's the list of accessors that are currently able to handle JWTs authored by the IAS service:

    • AuthTokenAccessor
    • TenantAccessor
    • PrincipalAccessor

  • We updated the pregenerated OData V2 and V4 type-safe clients libraries for the latest 2108 release of SAP S/4HANA Cloud. After updating your dependencies you'll find the latest version of SAP S/4HANA Cloud services, operations, and entities in

  • com.sap.cloud.sdk.s4hana.datamodel.odata.services

  • com.sap.cloud.sdk.s4hana.datamodel.odatav4.services Find details of OData services supported by the SAP Cloud SDK in the SAP Business Accelerator Hub for SAP S/4HANA Cloud. We excluded the following services from the latest release because of identified breaking changes:

    • (OData V2) Maintenance Item - API_MAINTENANCEITEM
    • (OData V2) Maintenance Plan - API_MAINTENANCEPLAN
    • (OData V2) Bills of Material - API_BILL_OF_MATERIAL_SRV_0002
    • (OData V2) Service Order - API_SERVICE_ORDER_SRV
    • (OData V4) Supplier Item - SUPPLIERITEM_0001 We are working with the SAP S/4HANA team to make sure the changes are intended and plan to add these services in the following releases. We'll communicate it explicitly in the release notes. Let us know via support if you have any deadlines related to the consumption of those services.

Improvements

  • The Workflow API client library in module scp-workflow-cf was updated to support the latest version of the Workflow Service on the SAP BTP Cloud Foundry.

  • Dependency Updates:

    • Update Neo JavaEE 7 SDK from 1.100.7 to 1.101.4
    • Update BTP Neo Tomcat 8 SDK from 4.2.4 to 4.5.3
    • Update BTP CF Logging from 3.5.0 to 3.5.1
    • Update SLF4J from 1.7.31 to 1.7.32
    • Update AssertJ Vavr from 0.4.1 to 0.4.2
    • Update Commons IO from 2.10.0 to 2.11.0
    • Update Vavr from 0.10.3 to 0.10.4

3.50.0 - July 29, 2021

Maven Central | Javadoc

Known issues

  • The vulnerability CVE-2021-2629 refers to the non-encrypted access to Maven repositories which eases man-in-the-middle attacks where an attacker manipulates a repository. Maven 3.8.1 changed the default behaviour to no longer follow non-encrypted repository URLs. The SAP Cloud SDK uses Maven libraries in the version 3.6.0, mainly since we release Maven plugins. An update to the latest Maven version is planned to mitigate this issue. Internal analysis revealed that there is no direct harm for SAP BTP applications using the SAP Cloud SDK for Java. To minimize the attack vector, we recommend to developers to use Maven 3.8.1 or later on their development machines.

Compatibility Notes

  • Mitigate CVE-2021-35515 by update to secure version of org.apache.commons:commons-compress in the SAP Cloud SDK module blockchain-client-fabric.

New Functionality

  • We introduced a new API to give you precise control over discarding cache entries by passing a CacheFilter instance to your resilience configuration like this ResilienceDecorator.clearCache(ResilienceConfiguration, CacheFilter). You can combine multiple cache filters to a disjunction or conjunction by calling CacheFilter.or(firstFilter, secondFilter) or CacheFilter.and(firstFilter, secondFilter) respectively. Check more examples on how to leverageCacheFilter in the detailed feature documentation.
  • The OData V4 generator now supports the generation of actions with non-primitive value types, i.e. Entity, Complex type, Enum, and collection-based types.

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Java JWT from 3.17.0 to 3.18.1
        • Update Jackson from 2.12.3 to 2.12.4
        • Update Spring from 5.3.7 to 5.3.8

3.49.0 - July 15, 2021

Maven Central | Javadoc

Known issues

  • The module com.sap.cloud.sdk.frameworks:cxf uses the Apache CXF dependencies of version 3.3.10 which is affected by vulnerabilities CVE-2021-30468. Currently, this module is not consumed in other SAP Cloud SDK modules. Use of the SAP Cloud SDK doesn't compromise your application runtime unless you consume this module in your code directly.

New Functionality

  • We added a new SimpleNamingStrategy, which, in contrast to our S4HanaNamingStrategy, does not apply any unnecessary modifications to the generated names.
  • We added the option to specify additional properties for the OpenAPI generator. The Maven plugin and CLI now accept a list of additional properties as described here.

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Major version updates:
        • Update transitive asm dependency from 7.0 to 9.0
      • Minor version updates:
        • Update Slf4j from 1.7.30 to 1.7.31
        • Update Caffeine from 2.9.1 to 2.9.2
        • Update Java JWT from 3.16.0 to 3.17.0
        • Update Resilience4j from 1.7.0 to 1.7.1
        • Update Mockito from 3.11.1 to 3.11.2
        • Update Fabric SDK from 2.2.6 to 2.2.7
        • Update Spring from 5.3.5 to 5.3.7
        • Update Spring Boot from 2.4.4 to 2.5.0
        • Update Spring security from 5.4.5 to 5.5.1
        • Update Eclipse Link from 2.7.8 to 2.7.9

Fixed issues

  • We fixed an issue where OData batch requests could not be build in case the service bath did not start with a leading forward slash.

3.48.0 - July 1, 2021

Maven Central

Known issues

  • The module usage-analytics uses the dependency org.jdom:jdom:2.0.6 which is affected by the vulnerability CVE-2021-33813. There was no fixed dependency version available at the release date. We'll update this dependency once a secure version is available. The dependency is used in a Maven plugin and hence there is no harm during the runtime of any SAP BTP application.

Compatibility Notes

  • We refactored the way Java names (e.g., for classes, methods, fields, etc.) are being generated in both the OData V2 and the OData V4 VDM generator. This refactoring aims to grant more power over what names are to be used in the VDM to implementations of the NamingStrategy interface.

    Hereby, we changed the following interfaces and classes in an incompatible way:

    • The NamingStrategy interface has been redesigned entirely, leading to compilation errors for existing implementations.
    • The DefaultNamingStrategy has been renamed to S4HanaNamingStrategy. It stays the default value for the generator, though.
    • The DefaultNamingStrategy.NameSource enumeration has been moved to the package rather than being nested inside a class.

    Additionally, the entire logic, which consists of the items listed below, has been moved to the com.sap.cloud.sdk.datamodel.odata.utility package:

    • NameSource
    • NamingStrategy
    • AbstractNamingStrategy
    • S4HanaNamingStrategy

    Users of the Maven Plugin or the CLI variant of the generators are (most likely) not affected by any incompatible changes.

  • We fixed a typo in the com.sap.cloud.sdk.datamodel.odata.utility (previously utililty) package name. The only class affected by this change is the LegacyClassScanner, which is meant for internal usage only.

New Functionality

  • We added the ScpCfDestinationTokenExchangeStrategy, which can be used to change the user token exchange behavior when retrieving destinations on SAP BTP Cloud Foundry.

    By default, the ScpCfDestinationLoader always performs an initial "look up" request against the destination service. This is needed to get the authentication type configured in the destination, which might then require a user token exchange to authenticate at the target system.

    The newly added ScpCfDestinationTokenExchangeStrategy allows users to skip either the initial "look up" to increase performance, or the user token exchange:

    // configure the ScpCfDestinationLoader to perform the user token exchange immediately
    DestinationOptions options =
      DestinationOptions
          .builder()
          .augmentBuilder(
              ScpCfDestinationOptionsAugmenter.augmenter().tokenExchangeStrategy(
                  ScpCfDestinationTokenExchangeStrategy.EXCHANGE_ONLY))
          .build();

    Try<Destination> destination = DestinationAccessor.getLoader().tryGetDestination("MyDestination", options);

  • The OData V4 Generator now supports parameter reordering also on bound operations (both functions and actions). The generator will now maintain the parameter order of a previously generated VDM, even if the parameter ordering in the EDMX changes.

Improvements

  • Dependency Updates:
    • SAP dependency updates:
      • Update Neo JavaEE 7 SDK from 1.97.11 to 1.98.8
    • Other dependency updates:
      • Minor version updates:
        • Update Caffeine from 2.9.0 to 2.9.1
        • Update Commons IO from 2.9.0 to 2.10.0
        • Update Eclipse Link from 2.7.7 to 2.7.8
        • Update Mockito from 3.10.0 to 3.11.1
        • Update Protobuf from 3.17.1 to 3.17.3
        • Update Bouncycastle from 1.68 to 1.69
        • Update Wiremock from 2.28.0 to 2.28.1

Fixed issues

  • We fixed an issue with the OData V4 VDM where bound operations on entity sets would target an incorrect URL.
  • We fixed an issue in both the OData V2 and V4 VDM generators where certain OpenAPI fields on a path item led to a generator warning and caused the generation to fail if the flag fail-on-warning was activated.

3.47.0 - June 17, 2021

Maven Central | Javadoc

New Functionality

  • We introduced the new API Principal#getAuthorizationsByAudience which returns the authorizations (scopes) of the principal grouped by their audience.

Improvements

  • Dependency Updates:
    • SAP dependency updates:
    • Other dependency updates:
      • Update Protobuf Java from 3.17.0 to 3.17.1
      • Update Netty from 4.1.64.Final to 4.1.65.Final
      • Update PMD from 6.34.0 to 6.35.0
      • Update Commons IO from 2.8.0 to 2.9.0
      • Update Gson from 2.8.6 to 2.8.7
      • Update Mockito from 3.9.0 to 3.10.0
      • Update jsonschema2pojo from 1.1.0 to 1.1.1
      • Update Hibernate Core from 5.4.31.Final to 5.4.32.Final
      • Update Jetty from 9.4.39.v20210325 to 9.4.41.v20210516
      • Update Spring from 5.3.4 to 5.3.5
      • Update Spring Boot from 2.4.3 to 2.4.4
      • Update Json Path from 2.5.0 to 2.6.0

Fixed issues

  • We fixed an issue in the Javadoc generation for the OData V4 type-safe client (VDM), which caused the content of the Core.Description annotation to be ignored.
  • We improved an exception message in both the OData V2 and V4 generator where an empty class name was subject to generation. This happens, for instance, if an entity type is named Type.

3.46.0 - June 3, 2021

Maven Central | Javadoc

Compatibility Notes

  • We updated the (OData V2) Trial Balance - Read (C_TRIALBALANCE_CDS) VDM to the newest release 2105 of SAP S/4HANA Cloud

    Caution: The service introduced some intended breaking changes with the latest update which are now, in consequence, also present in the type-safe client (VDM) by the SAP Cloud SDK.

New Functionality

  • The type-safe client (VDM) for OData V4 now gives access to bound functions and actions. Entities will now expose all operations bound to their type on their class.

    For example assume there is a function IsHappy defined for an entity Person, then you can use:

    service.forEntity(person)
          .applyFunction(Person.isHappy());

    In case the function is bound to a collection use e.g.:

    service.applyFunction(Person.AreAllHappy());

    Furthermore, if a function is marked by the service as composable you can also apply an operation to the result of a function directly:

    service.forEntity(person)
          .withFunction(Person.getBestFriend())
          .navigateTo(Person.FRIENDS)
          .getAll();

    The creation of the new operation types is enabled in the OData V4 generator as well. Check out the full documentation of the feature for more information.

  • We updated the OData type-safe client also known as the VDM to the newest release FPS2 of SAP S/4HANA On-Premise 2020. This also includes completely new services added (available as usual in packages com.sap.cloud.sdk.s4hana.onpremise.v2020.datamodel.odata.services and com.sap.cloud.sdk.s4hana.onpremise.v2020.datamodel.odatav4.services), new operations in previously existing services, and new entity types.

Improvements

  • We increased the default application memory setting for archetypes scp-cf-tomee and scp-cf-spring from 1024M to 1500M. This mitigates potential deployment errors due to the latest extensions in the VDM modules.

  • Dependency Updates:

    • Update Fabric SDK Java from 2.2.5 to 2.2.6
    • Update JUnit Jupiter from 5.7.1 to 5.7.2
    • Update Netty from 4.1.63.Final to 4.1.64.Final
    • Update Json Sanitizer from 1.2.2 to 1.2.3
    • Update PMD from 6.33.0 to 6.34.0
    • Update jOOR from 0.9.13 to 0.9.14
    • Update Java JWT from 3.15.0 to 3.16.0
    • Update Error Prone from 2.6.0 to 2.7.1
    • Update AMQP Client from 5.11.0 to 5.12.0
    • Update Reactor from 3.4.5 to 3.4.6
    • Update Wiremock from 2.27.2 to 2.28.0
    • Update Protobuf from 3.15.8 to 3.17.0

    3.45.0 - May 20, 2021

Maven Central | Javadoc

New Functionality

  • Function import calls in OData V2 using the HTTP POST method can now be embedded in batch requests. Within the batch request, the function import call is wrapped inside a change set since function imports can also alter business data. You can execute a batch request containing a function import call as follows:

    service.batch()
      .beginChangeSet()
      .addFunctionImport(service.callSomeFunction())
      .endChangeSet()
      .executeRequest(destination);

  • For the Generic OData Client filterable values and fields can now use the in operator in expressions.

    StructuredQuery query;

    // Age in (40,41,42)
    query.filter(FieldReference.of("Age").in( 40,41,42 ));

    // BestFriend in Friends
    query.filter(FieldReference.of("BestFriend").in( FieldReference.of("Friends").asCollection()) );

    // 'Green' in Colors
    query.filter(ValueString.literal("Green").in( FieldReference.of("Colors").asCollection()) );

  • For the OData V4 Typed Client filterable fields can now use the in operator in expressions.

    GetAllRequestBuilder<Person> request;

    // Age in (40,41,42)
    request.filter(Person.AGE.in(40,41,42));

    // BestFriend in Friends
    query.filter(Person.TO_BEST_FRIEND.in( Person.TO_FRIENDS ) );

  • Add new module btp-business-rules for out-of-the-box support of

    // requires dependency com.sap.cloud.sdk.services:btp-business-rules
    HttpDestination authoringDestination =
      ScpCfServiceDestinationLoader
          .getDestinationForService(
              ScpCfServiceDestinationLoader.CfServices.BUSINESS_RULES_AUTHORING,
              "my-business-rules");

    ProjectsApi projectsApi = new ProjectsApi(authoringDestination);
    List<ProjectVersionObject> allProjects = projectsApi.readProjects();
    // requires dependency com.sap.cloud.sdk.services:btp-business-rules
    HttpDestination executionDestination =
      ScpCfServiceDestinationLoader
          .getDestinationForService(
              ScpCfServiceDestinationLoader.CfServices.BUSINESS_RULES_EXECUTION,
              "my-business-rules");

    DeployUndeployRuleServiceApi deployService = new DeployUndeployRuleServiceApi(executionDestination);
    List<WorkingsetRuleServiceDefinitionResult> deployedWorkingSets = deployService.readWorkingsetRuleServices();

  • We updated the OData type-safe client also known as a VDM to the newest release 2105 of SAP S/4HANA Cloud. This includes completely new services (available as usual in packages com.sap.cloud.sdk.s4hana.datamodel.odata.services and com.sap.cloud.sdk.s4hana.datamodel.odatav4.services), new operations in previously existing services, and new entity types. The following two services were however not updated:

    • (OData V2) Trial Balance - Read - C_TRIALBALANCE_CDS
    • (OData V4) Bank - BANK_0001

Improvements

  • Using a Swagger file to generate OData V4 entity classes will now mark entities accessible on service root path as VdmEntitySet. This enables the experimental API to query the OData service over navigation properties directly. This feature was originally enabled for entities generated by EDMX metadata files in version 3.20.0.

  • Dependency Updates:

    • SAP dependency updates:
      • Update BTP Neo Tomcat 8 SDK from 3.124.9.2 to 3.127.13.3
      • Update Neo JavaEE 7 SDK from 1.95.7 to 1.96.13.1
      • Update BTP CF Logging from 3.3.0 to 3.4.0
    • Other dependency updates:
      • Minor version updates:
        • Update JSON Smart from 2.4.2 to 2.4.7
        • Update Togglz from 2.9.6 to 2.9.8
        • Update Fabric Gateway Java from 2.2.1 to 2.2.2
        • Update jOOQ from 3.14.8 to 3.14.9
        • Update Hibernate Core from 5.4.39.Final to 5.4.40.Final

Fixed issues

  • Using null in OData v2 filter expressions does no longer lead to a NullPointerException when executing the request.
  • Fix an edge case where some BigDecimal values where not serialized correctly in OData V2 requests.

3.44.1 - May 6, 2021

Maven Central | Javadoc

Compatibility Notes

  • The OpenAPI Generator no longer adds the prefix src/main/java to the output directory. Thus, you need to explicitly add this part to the output directory if you need it.

New Functionality

  • We enhanced the SAP BTP Workflow API client library to reflect the latest state of this SAP BTP service.
  • We introduced a new CLI wrapper for the OpenAPI generator that can be used without having to set up a Maven project.

Improvements

  • Dependency Updates:
    • Minor version updates:
      • Update Reactor from 3.4.4 to 3.4.5
      • Update Protobuf Java from 3.15.7 to 3.15.8
      • Update PMD from 6.32.0 to 6.33.0
      • Update JPaaS Security Utils for Neo from 1.4.89 to 1.4.90
      • Update Jackson from 2.12.2 to 2.12.3

Fixed issues

  • The OpenAPI Generator no longer adds the prefix src/main/java unexpectedly to the output directory.
  • The OpenAPI Generator generates the equals method for model classes now with an argument annotated as @Nullable.
  • We fixed an issue where the user JWT token was not sent to destinations that use the SAMLAssertion authentication method.
  • For HTTP destinations with the authentication type OAuth SAML Bearer Assertion Flow the destination key store is no longer used for the TLS handshake.

3.43.0 - April 22, 2021

Maven Central | Javadoc

New Functionality

  • We added a new API for creating OData v2 Changesets in Batch requests that mimics the existing OData V4 API. As a natural outcome, this new API also supports custom headers on a per-request basis.

    Example usage:

    // define modification requests including custom headers per request
    MyEntityCreate createRequest = new MyEntityCreate(myNewEntityInstance).withHeader("custom-header", "value");
    MyEntityUpdate updateRequest = new MyEntityUpdate(myUpdatedEntityInstance).withHeader("another-custom-header", "another value");

    // assemble batch request by adding both modifications into a single changeset
    MyEntityBatch batchRequest = new MyEntityBatch().addChangeSet(createRequest, updateRequest);

    // execute the batch request
    BatchResponse response = batchRequest.executeRequest(myDestination);

Improvements

  • Dependency Updates:
    • Minor version updates:
      • Update Netty from 4.1.60.Final to 4.1.63.Final
      • Update Lombok from 1.18.18 to 1.18.20
      • Update Jetty from 9.4.38.v20210224 to 9.4.39.v20210325
      • Update Bouncycastle from 1.64 to 1.68
      • Update Error Prone from 2.5.1 to 2.6.0
      • Update Java JWT from 3.14.0 to 3.15.0
      • Update Protobuf from 3.15.6 to 3.15.7
      • Update Apache CXF from 3.3.8 to 3.3.10
      • Update Mockito from 3.8.0 to 3.9.0

3.42.0 - April 8, 2021

Maven Central | Javadoc

New Functionality

  • We improved OData v4 update requests that use the PATCH HTTP method. Now they allow adding complex properties without the need to use setters for each value inside the complex property. You can use the builder pattern or the constructor to propagate the property values.

    Before:

    Entity entity;
    ComplexProperty property = new ComplexProperty();
    property.setValue("Foo");
    entity.setComplexProperty(property);

    Now:

    Entity entity;
    entity.setComplexProperty(new ComplexProperty("Foo"));

    Transitive changes inside a complex property will automatically be detected.

  • The OData v2 generator is able to maintain argument order in function imports and get-by-key fluent helpers over successive generations, even when the originating specification changes parameter order. This is now a default behavior. It can be disabled by adding the flag to the plugin configuration: <keepExistingSignatures>false</keepExistingSignatures>

  • We updated the OData v2 type-safe client (VDM) for the services that couldn't be generated because of the parameters re-ordering issue mentioned above. Now you can use them as any other service. Find the list below:

    • Purchase Requisition - API_PURCHASEREQ_PROCESS_SRV
    • Production Order Confirmation - API_PROD_ORDER_CONFIRMATION_2_SRV
    • Process Order Confirmation - API_PROC_ORDER_CONFIRMATION_2_SRV
    • Attachments - API_CV_ATTACHMENT_SRV

The collection of released SAP S/4HANA Cloud client libraries from the SAP Cloud SDK is now consistent with the set of OData services that you can find in the SAP Business Accelerator Hub for SAP S/4HANA Cloud.

Improvements

  • We enabled the OpenAPI generator to consider the vendor extension field x-sap-cloud-sdk-api-name in an OpenAPI specification on the operation, path, or on the root level.

  • We enabled the OpenAPI generator to remove the suffix api (regardless of the case) from the extension field value of x-sap-cloud-sdk-api-name, if present.

  • Dependency Updates:

    • SAP dependency updates:
      • Update SCP Neo Java TomEE7 API from 1.93.10.2 to 1.94.8
    • Other dependency updates:
      • Minor version updates:
        • Update Reactor from 3.4.3 to 3.4.4
        • Update Protobuf from 3.15.1 to 3.15.6
        • Update JooQ from 3.14.7 to 3.14.8
        • Update PMD from 6.31.0 to 6.32.0
        • Update Hibernate Core from 5.4.28.Final to 5.4.30.Final
        • Update Guava from 30.1-jre to 30.1.1-jre
        • Update Togglz from 2.8.0 to 2.9.6

3.41.0 - March 25, 2021

Maven Central | Javadoc

New Functionality

  • We added a convenience method to configure the proxy authorizations when building a custom DefaultHttpDestination. The .proxyAuthorization("value") will send value within the Proxy-Authorization header, unless that header is already set.

  • The OpenAPI generator now supports the vendor extension field x-sap-cloud-sdk-api-name in an OpenAPI specification. By default, the OpenAPI generator uses the tag of an operation to determine the Java service class name. In case you're not happy with the name generated from the tag field, and changing it is not possible, you can add x-sap-cloud-sdk-api-name vendor extension to the operation section of the specification. This vendor extension will be used by the generator to derive the Java service class name.

  • Enable OData requests to skip the CSRF token retrieval if the server does not require it. Use the method withoutCsrfToken() to disable the CSRF token retrieval.

  • We provided experimental support for OData v2 read requests as items in a Batch request. The API is unified and similar to the OData v4 Batch request:

    BusinessPartnerService service = new DefaultBusinessPartnerService();

    BusinessPartnerFluentHelper readOperationAll = service.getAllBusinessPartner().top(10);
    BusinessPartnerByKeyFluentHelper readOperationByKey = service.getBusinessPartnerByKey("bupa9000");

    BatchResponse response = service.batch()
        .addReadOperations(readOperationAll)
        .addReadOperations(readOperationByKey)
        .executeRequest(destination);

    List<BusinessPartner> entities = response.getReadResult(readOperationAll);
    BusinessPartner entity = response.getReadResult(readOperationByKey);

Improvements

  • Dependency Updates:
    • SAP dependency updates:
      • Update SCP Neo Java Tomcat API from 3.123.6.2 to 3.124.9.2
      • Update SCP Neo Java TomEE7 API from 1.92.6.2 to 1.93.10.2
      • Update SAP CP Spring XSUAA Security Library from 2.8.4to 2.8.7
    • Other dependency updates:
      • Minor version updates:
        • Update Spring from 5.3.3 to 5.3.4
        • Update Spring Security from 5.4.2 to 5.4.5
        • Update Jetty BOM from 9.4.36.v20210114 to 9.4.38.v20210224
        • Update Woodstox Core from 5.0.3 to 5.3.0
        • Update Netty from 4.1.59.Final to 4.1.60.Final
        • Update Java JWT from 3.13.0 to 3.14.0
        • Update Jackson from 2.12.1 to 2.12.2
        • Update Apache Commons Lang from version 3.11 to 3.12.0
        • Update JSON from version 20201115 to 20210307
        • Update Jackson from version 2.12.1 to 2.12.2
  • The OData type-safe client (VDM) for OData V4 services of newest release 2102 of SAP S/4HANA Cloud and FPS1 of SAP S/4HANA On-Premise 2020 now also supports static fields for accessible properties on VdmComplex types.

Fixed issues

  • We fixed an issue with OData V2 read requests where an error message was incorrectly written to the log when using filters. The error messages are no longer logged unless it is applicable:

    Registered custom filter expression cannot be used when performing the OData V2 request with toRequest() or executeRequest().

    Registered custom filter expression cannot be used when performing the OData V2 request with execute().

  • Fix an issue with OData response handling where deserialization of one-to-many properties failed for primitive and complex data types.

3.40.0 - March 18, 2021

Maven Central | Javadoc

Known issues

  • Update requests via PATCH in OData V4 will not contain any changes to complex properties of an entity. This is a feature gap we plan to solve in the upcoming release.

Compatibility Notes

  • The general availability of the OpenAPI generator brings the following renamings:
    • The following dependencies in the Maven Group ID com.sap.cloud.sdk.datamodel have been renamed:
      • Rename dependency rest-core to openapi-core
      • Rename dependency rest-generator to openapi-generator
      • Rename dependency rest-generator-maven-plugin to openapi-generator-maven-plugin
    • The Maven Plugin has been renamed from rest-generator-maven-plugin to openapi-generator-maven-plugin

New Functionality

  • The OData v4 type-safe client (VDM) generator now generates static fields for accessible properties on VdmComplex types, which can be used exactly like their counterparts on VdmEntity when building OData queries.

  • You can clear the cache for remote functions with the new experimental APIs RemoteFunctionCache.clearCache(Destination) and RemoteFunctionCache.clearCache(Destination, functionName).

    • Example usages:
    final Destination destination = DestinationAccessor.getDestination(destinationName);
    try {
      RemoteFunctionCache.clearCache(destination);
    }
    catch( final RemoteFunctionException e ) {
      //deal with exception
    }
    final Destination destination = DestinationAccessor.getDestination(destinationName);
    try {
       RemoteFunctionCache.clearCache(destination, "BAPI_GET_COSTCENTER");
    }
    catch( final RemoteFunctionException e ) {
       //deal with exception
    }

Improvements

  • Dependency Updates:
    • SAP dependency updates:
      • Update SCP Neo Java Tomcat API from 3.121.8.1 to 3.123.6.2
      • Update SCP Neo Java TomEE7 API from 1.90.9.1 to 1.92.6.2
      • Update JPaaS Security Utils for Neo from 1.4.87 to 1.4.89
      • Update SAP CP Spring XSUAA Security Library from 2.8.3to 2.8.4
    • Other dependency updates:
      • Minor version updates:
        • Update Mockito from 3.7.7 to 3.8.0
        • Update Spring from 5.3.2 to 5.3.3
        • Update Spring Boot from 2.4.1 to 2.4.2
        • Update AQMP Client from 5.10.0 to 5.11.0
        • Update Protobuf java from 3.14.0 to 3.15.1

3.39.0 - February 25, 2021

Maven Central | Javadoc

Compatibility Notes

As part of the update of the pregenerated type-safe client for SAP S/4HANA On-premise, we encountered the following changes:

  • The following methods of the OData v4 service ContractAccountingBusinessPartnerPaymentService have been renamed:

    • getAllBusPartPaymentParameters has been renamed to getAllBusPartPayment
    • countBusPartPaymentParameters has been renamed to countBusPartPayment
    • getBusPartPaymentParametersByKey has been renamed to getBusPartPaymentByKey
    • getAllBusPartPaymentItemParameters has been renamed to getAllBusPartPaymentItem
    • countBusPartPaymentItemParameters has been renamed to countBusPartPaymentItem
    • getBusPartPaymentItemParametersByKey has been renamed to getBusPartPaymentItemByKey

  • The following classes of the OData v4 VDM have been renamed:

    • ProtocolQueryReadSingle has been renamed to ProtocolQueryRead
    • StructuredPropertyCollection has been renamed to NavigationPropertyCollection
    • StructuredPropertyCollectionQuery has been renamed to NavigationPropertyCollectionQuery
    • StructuredPropertySingleQuery has been renamed to NavigationPropertySingleQuery
    • StructuredPropertySingle has been replaced by either the NavigationProperty<Single/Collection>Query or the newly introduced ComplexPropertyQuery

  • The type-safe client (VDM) classes for TimeDependentStockLevelService have been removed as the SAP S/4HANA On-Premise OData service does not exist in releases 2020 FPS0 or FPS1.

  • With SAP S/4HANA On-Premise release 2020 FPS1, in the type-safe client (VDM) class for VehicleManagementSystemForVehicleService the getVMSVehicleIncomingInvoiceByKey method now takes only two parameters ( vMSVehicleUUID and vMSVehicleActionDateTime) as input as opposed to three before ( vMSVehicleUUID,vMSVehicleActionDateTime and vMSVehicleActionDocType ).

New Functionality

  • The type-safe OData client (VDM) is updated to the latest release (FPS1) of SAP S/4HANA On-Premise 2020. This also includes completely new services added to the pre-existing com.sap.cloud.sdk.s4hana.onpremise.v2020.datamodel.odata.services and com.sap.cloud.sdk.s4hana.onpremise.v2020.datamodel.odatav4.services packages.

  • In the OData v2 and v4 type-safe client (VDM) generators we now support generating service methods for multiple entity sets belonging to the same entity type. Formerly only the first entity set of an entity type was regarded.


    To ensure backward compatibility this feature is turned off by default.
    To activate the new functionality, supply the feature flag explicitly.

    Generator Maven Plugin Configuration:
    `<serviceMethodsPerEntitySet>true</serviceMethodsPerEntitySet>`

    Generator CLI Flag:
    `--service-methods-per-entity-set`

  • The OpenAPI Generator now allows for customizing the method names on generated API classes. Use the vendor extension x-sap-cloud-sdk-operation-name to specify a name on an operation:

    /operation/path:
      get:
        summary: My Operation.
        x-sap-cloud-sdk-operation-name: performMyOperation
        operationId: myOperation

    This field is optional and the generator will fall back to using the operationId if vendor extensions are not present.

  • The OpenAPI Generator now allows for setting a custom copyright header. Use the option <copyrightHeader> to set a custom header, or set the flag <sapCopyrightHeader> to have an SAP copyright header added. By default, no header is generated.

Improvements

  • The OData v2 type-safe client (VDM) classes and generator now support null as parameter values for function import methods when applicable. For visibility the respective annotations on arguments are provided, i.e. @Nullable and @Nonnull.

  • The OData v4 VDM now better reflect which operations are allowed on complex properties. Operations that are not applicable to complex properties like top(int) and skip(int) are no longer available. This causes some existing classes to be renamed/removed (see Compatibility Notes)

  • Dependency Updates:

    • Update JUnit Jupiter from 5.7.0 to 5.7.1
    • Update Joda-Time from 2.10.9 to 2.10.10
    • Update Netty from 4.1.58 to 4.1.59.Final to overcome security vulnerability CVE-2021-21290
    • Update Hibernate Core from 5.4.27.Final to 5.4.28.Final
    • Update jOOQ from 3.4.16 to 3.4.17
    • Update Reactor from 3.4.2 to 3.4.3
    • Update OkHttp from 4.9.0 to 4.9.1
    • Update Java JWT from 3.12.1 to 3.13.0
    • Update JUnit from 4.13.1 to 4.13.2
    • Update Caffeine from 2.8.8 to 2.9.0

Fixed issues

  • We fixed an issue where selecting complex properties in the OData V4 VDM would lead to an incorrect HTTP query.
  • We fixed an issue where very long RFC function names (>= 30 characters) would lead to an incorrect SOAPAction header.

3.38.0 - February 11, 2021

Maven Central | Javadoc

Compatibility Notes

  • The method getHeaders(DestinationProperties) of extension API DestinationHeaderProvider is deprecated but still functional. Please implement getHeaders(DestinationRequestContext) instead. The new argument allows accessing the request specific URI as well as the original DestinationProperties.

  • The method ResilienceDecorator#invalidateCache is deprecated but still functional. Please use ResilienceDecorator#clearCache for tenant aware cache invalidation or ResilienceDecorator#clearAllCacheEntries to clear all entries for all tenants and principals.

  • As part of the update of the OData VDM to SAP S/4HANA Cloud 2102 a few operations were removed. The operations were never supported by the SAP S/4HANA system (like CRUD support for some entities), so no existing functionality is affected. The following services are affected:

    • Nota Fiscal – Create, Update - API_LOGBR_NOTAFISCAL_SRV

    • Purchase Contracts - API_PURCHASECONTRACT_PROCESS_SRV

    • Outbound Delivery (A2X) - API_OUTBOUND_DELIVERY_SRV_0002

New Functionality

  • We introduced a new API on table parameters of BapiRequest. When a table uses a domain-type as row-type there are no field names to refer to. But such a table can be treated as a one-dimensional vector of primitive values, e.g.:

    new BapiRequest("BAPI_DEMO", true)
      .withExportingTable("DEMO_TABLE", "BAPI_DEMO_TAB01")
        .asVector()
        .row("CC01")
        .row("CC02")
        .row("CC03")
        .end();

  • We now support the SAMLAssertion authentication type on Cloud Foundry. Refer to the help page for more detail on the SAMLAssertion authentication type.

  • We introduced a new API to build a Destination for connecting to services on Cloud Foundry. The information will be read from the VCAP_SERVICES environment variable at runtime. For certain authentication types i.e. NoAuthentication and OAuth2ClientCredentials this API eliminates the need to manually create a destination in the CF account for connecting to services.

    Example:

    final Map<String, String> mapping =
          ScpCfServiceDestinationLoader.buildClientCredentialsMapping(
            "credentials.endpoints.service_rest_url",
            "credentials.uaa.clientid",
            "credentials.uaa.clientsecret",
            "credentials.endpoints.token_url");

    ScpCfServiceDestinationLoader.buildClientCredentialsMapping creates a mapping for loading a destination and provides JSON paths for all required destination properties.

    final HttpDestination destination =
          ScpCfServiceDestinationLoader.getDestinationForService(
            "label",
            "serviceBindingName",
            AuthenticationType.OAUTH2_CLIENT_CREDENTIALS,
            mapping);

    For certain services (only workflow for now), we provide further convenience that skips the need to provide the mapping explicitly. Example:

    final HttpDestination destination =
          ScpCfServiceDestinationLoader.getDestinationForService(
            ScpCfServiceDestinationLoader.CfServices.WORKFLOW,
            "my-workflow");

  • We introduced a new API to construct a ScpCfDestinationLoader that allows overriding the default timeout for the Time Limiter resilience pattern. If not specified, requests will automatically timeout after 6 seconds.

  • We added support for recursive tables and structures in parameters of BapiRequest API for both protocols: JCo and SOAP. Example:

    final BapiRequest bapiReqauest = new BapiRequest("DEMO_BAPI")
        .withExportingTable("TABLE_PARAMETER1","ABC_T_PARAM1" )
        .row()
        .field("ROW_UUID","STRING","foobar")
        //Start nested table
    +   .table("TABLE_NESTED1","ABC_T_NESTED1")
    +       .row()
    +       .field("NESTED_FIELD1","STRING","john")
    +       .field("NESTED_FIELD2","STRING","doe")
    +       .end() // End nested table
         // START nested structure
         .fields("NESTED_STRUCTURE", "NESTED_STRUCTURE_TYPE")
             .field("latitude", "Axis", "52")
             .field("longitude", "Axis", "13")
             .end() // End nested structure
         .end();

  • We updated the OData type-safe client also known as a VDM to the newest release 2102 of SAP S/4HANA Cloud. This includes completely new services (available as usual in packages com.sap.cloud.sdk.s4hana.datamodel.odata.services and com.sap.cloud.sdk.s4hana.datamodel.odatav4.services), new operations in previously existing services, and new entity types. The SAP Cloud SDK supports all OData services listed in the SAP Business Accelerator Hub for SAP S/4HANA Cloud with the exception of the following services:

    • (OData V2) Purchase Requisition - API_PURCHASEREQ_PROCESS_SRV
    • (OData V2) Production Order Confirmation - API_PROD_ORDER_CONFIRMATION_2_SRV
    • (OData V2) Process Order Confirmation - API_PROC_ORDER_CONFIRMATION_2_SRV
    • (OData V2) Attachments - API_CV_ATTACHMENT_SRV
    • (OData V4) Contract Accounting: Invoices of Business Partner - API_CABUSPARTINVOICE_0001

Improvements

  • ResilienceDecorator.clearCache(ResilienceConfiguration) does now also respect parameters defined in the ResilienceConfiguration.CacheConfiguration when selecting cache entries to clear.

  • Dependency Updates:

    • SAP dependency updates:
    • Other dependency updates:
      • Minor version updates:
        • Update Spring from 5.2.10.RELEASE to 5.3.2
        • Update Spring Security from 5.3.5.RELEASE to 5.4.2
        • Update Mockito from 3.7.0 to 3.7.7
        • Update AssertJ from 3.18.1 to 3.19.0
        • Update Fabric SDK for Java from 2.2.4 to 2.2.5
        • Update Resilience4J from 1.6.1 to 1.7.0
        • Update Java JWT Java from 3.12.0 to 3.12.1
        • Update PMD from 6.30.0 to 6.31.0
        • Update Lombok from 1.18.16 to 1.18.18
        • Update Jetty from 9.4.35.v20201120 to 9.4.36.v20210114

Fixed Issues

  • We fixed an issue with OData V4 update requests where the serialization of primitives with types like Integer, Boolean, and Double leads to null values.
  • We fixed an issue with the JCo serialization of BAPI requests, where adding field parameter values of type ErpType led to an exception.

3.37.0 - January 28, 2021

Maven Central | Javadoc

Compatibility Notes

  • We deprecated the constructor UncheckedFilterExpression(FilterExpression). It can still be used for OData V2 type-safe client (VDM) read requests that are executed with the deprecated execute(...) method. However, we strongly encourage you to migrate to executeRequest(...). Unchecked filter expressions can be instantiated with recommended constructor UncheckedFilterExpression(ValueBoolean).
  • We deprecated the class com.sap.cloud.sdk.s4hana.connectivity.RequestBody as it has no usage.
  • For SAP BTP Cloud Foundry, instances of DestinationHeaderProvider will be called for every HTTP request as of now. Earlier versions invoked the API only once during destination construction.

New Functionality

  • OData V2 helper class UncheckedFilterExpression can be instantiated for generic instances of ValueBoolean. Example:

    BusinessPartnerService service;
    HttpDestination destination;

    ValueBoolean customExpression = FieldReference.of("ShoeSize").equalTo(42);

    List<BusinessPartner> items = service
        .getAllBusinessPartner()
        .filter( new UncheckedFilterExpression<>(customExpression) )
        .executeRequest(destination);

  • The DefaultHttpDestination now allows for registering a DestinationHeaderProvider to enrich outgoing HTTP requests with headers. It can be used as follows:

     DefaultHttpDestination
            .builder(uri)
            .headerProviders(new CustomHeaderProvider(), new AnotherCustomHeaderProvider())
            .build();

Improvements

  • OData requests are now allowed to contain null values within entity keys and function parameters as per the OData specification. Previously an exception would be thrown in these cases.

  • Removed Swagger annotations ApiModel and ApiModelProperty from classes generated by the OpenAPI client generator

    • Swagger annotations dependency (io.swagger.swagger-annotations) can now safely be removed from the project's pom.xml

  • The Workflow API client library in module scp-workflow-cf got enhanced to reflect the latest Workflow API features.

  • Dependency Updates:

    • SAP dependency updates:
      • Update SCP CF Java Logging Support from 3.2.1 to 3.3.0
      • Update SCP Neo Java Tomcat API from 3.119.9 to 3.121.8.1
      • Update SCP Neo Java TomEE7 API from 1.88.6 to 1.90.9.1
      • Update JPaaS Security Utils for Neo from 1.4.86 to 1.4.87
    • Other dependency updates:
      • Major version updates: -
      • Minor version updates:
        • Update Error Prone Annotations from 2.4.0 to 2.5.0
        • Update Liquibase from 3.8.6 to 3.10.3
        • Update OWASP Json Sanitizer from 1.2.1 to 1.2.2
        • Update JsonPath from 2.4.0 to 2.5.0
        • Update Reactor Core from 3.4.1 to 3.4.2
        • Update Mockito from 3.6.28 to 3.7.0
        • Update Jackson from 2.12.0 to 2.12.1
        • Update Netty BOM from 4.1.56.Final to 4.1.58.Final
        • Update Hyperledger Fabric SDK from 2.2.3 to 2.2.4
        • Update Hibernate from 5.4.26.Final to 5.4.27.Final
        • Update Joda time library from 2.10.8 to 2.10.9
        • Update Apache Olingo OData V4 from 4.7.1 to 4.8.0

3.36.0 - January 14, 2021

Maven Central | Javadoc

Compatibility Notes

  • We removed the following dependencies from the SAP Cloud SDK Bill-of-Material (BOM):

    • Netty
    • Protobuf
    • Spring Security OAuth
    • Hibernate Validator

New Functionality

  • We introduced support for the String-based filter functions endsWith, startsWith and substringOf in the OData V2 type-safe client (VDM).
  • Check out our new Feature Matrix. We're actively extending it. Let's us know what you'd like to see there by creating a GitHub issue.

Improvements

  • We replaced the deprecated constant org.apache.commons.codec.Charsets.UTF_8 in the HelloWorldControllerTest class of the Spring archetype by its recommended successor java.nio.charset.StandardCharsets.UTF_8. This resolves a compiler warning.

  • We added Maven module s4hana-api-odata-v4 into s4hana-all to enable type-safe OData v4 client library (VDM) for SAP S/4HANA Cloud Edition.

  • Dependency Updates:

    • SAP dependency updates:
    • Other dependency updates:
      • Major version updates:
      • Minor version updates:
        • Downgrade Spring dependencies to resolve conflicts with SAP CP Spring XSUAA Security Library
          • Change Spring Framework BOM from 5.3.1 to 5.2.10.RELEASE
          • Change Spring Security BOM from 5.4.2 to 5.3.5.RELEASE
        • Update PMD from 6.29.0 to 6.30.0
        • Update Caffeine from 2.8.6 to 2.8.8
        • Update Jackson from 2.11.3 to 2.12.0
        • Update Reactor from 3.4.0 to 3.4.1
        • Update Guava from 30.0-jre to 30.1-jre
        • Update Hibernate Core from 5.4.25.Final to 5.4.26.Final
        • Update Netty BOM from 4.1.49.Final to 4.1.56.Final
        • Update Java JWT from 3.11.0 to 3.12.0

Fixed issues

  • We fixed incorrect serialization of date values for OData V2 requests using the PATCH request method.
  • We fixed an issue where OData Batch requests were sending an invalid Accept header.
  • We fixed an issue where the API for OData Batch responses did not conveniently throw or wrap an exception for failing HTTP response code health checks. Affected methods:
    • OData v4 VDM: getReadResult of BatchResult
    • OData v2 VDM: get of BatchResponse
    • OData Client: getResult of ODataRequestResultMultipartGeneric
  • We removed a log message that incorrectly indicated an error when receiving an OData response without payload.

3.35.0 - December 17, 2020

Maven Central | Javadoc

Known issues

  • OData Batch response API is known to not conveniently throw or wrap an exception for failing HTTP response code health checks. This affects the type-safe batch request builders for both v2 and v4 protocol. We're working to fix this in the next release.

Compatibility Notes

  • We removed a dependency reference for JUnit Pioneer. The last used version was 1.0.0

Improvements

  • Dependency Updates:
    • SAP dependency updates:
      • Update SAP Cloud Security Client from 2.7.6 to 2.8.0
      • Update API of Java EE 7 Web Profile TomEE 7 from 1.87.4 to 1.88.6
      • Update API of Java Web Tomcat 8 from 3.118.5 to 3.119.9
    • Other dependency updates:
      • Minor version updates:
        • Update Mockito from 3.6.0 to 3.6.28
        • Update Apache HttpComponents Core from 4.4.13 to 4.4.14
        • Update Spring Security from 5.4.1 to 5.4.2
        • Update Jetty from 9.4.34.v20201102 to 9.4.35.v20201120

Fixed issues

  • We fixed an issue where OData errors originating in OData batch change sets requests could not be parsed correctly.

3.34.1 - December 9, 2020

Maven Central

Compatibility Notes

  • To use the experimental version of OpenAPI type-safe client generator you longer need to add the org.springframework:spring-context dependency in a project.
  • Requests to fetch CSRF token that are done for OData v2 function imports now contain all explicitly specified HTTP headers. Before they contained only implicitly set HTTP headers and neglect headers provided via .withHeaders() method of RequestBuilder class.

New Functionality

  • We improved @ODataResponseException to contain an HTTP status code returned from the server to improve debugging experience.
  • Caught instances of ODataResponseException allow accessing @Nonnull Option<String> getHttpBody to simplify investigation while debugging and at runtime.
  • OData function imports now allow accessing the built-in OData request object via the toRequest method.

Improvements

  • Add support for alternative OData v4 metadata field notations @type, @context, and other introduced with OData Version 4.0.1. The SAP Cloud SDK is now able to parse this notation. However, outgoing requests will always use the notation that is compatible with Version 4.0.0 of the standard for now to ensure server compatibility.

  • The Workflow API client library in module scp-workflow-cf was enhanced with the latest Workflow API features.

  • The CSRF token retrieval of OData v2 type-safe function imports has been improved:

    • Function imports using the HTTP method GET no longer issue the unnecessary CSRF token request
    • Function imports using the HTTP method POST can be processed even if the CSRF token retrieval fails (for example, if the server does not support CSRF tokens)

  • Dependency Updates:

    • SAP dependency updates:
      • Downgrade SAP security related libraries from 2.7.8 to 2.7.6

Fixed issues

  • ClassCastException fix an issue with accessing navigational properties directly in OData V4 requests. Read and count operations performed on nested collections directly via, for example, service.naviagteTo(Entity.COLLECTION_PROPERTY).getAll() would cause a ClassCastException when parsing the result. This is now done correctly.
  • Fix an issue where dependency conflicts between the SAP Cloud SDK and the SAP Java Buildpack lead to runtime issues on the SCP Cloud Foundry.
  • Fix an issue where operations with empty payload in OData Batch request changesets on SAP S/4HANA OData services failed with Bad Request responses.

3.34.0 - December 3, 2020

Maven Central

Compatibility Notes

  • The Maven artifact rest-core moved from the group id com.sap.cloud.sdk.services to com.sap.cloud.sdk.datamodel.
  • We introduced new implementations of ThreadContextListener and ThreadContextDecorator. We adapted the internal priority of listeners and decorators accordingly.
  • Archetypes generated by the SAP Cloud SDK for Java were migrated to the general purpose pipeline of project "Piper". Before they were using the SAP Cloud SDK for Continuous Delivery pipeline that is now deprecated. For existing projects we also recommend migrating to this pipeline.

New Functionality

  • We released experimental type-safe client generator for OpenAPI 3.0 specification and maven plugin to run it. We do not yet recommend using it in production.
  • We released experimental support for OData server-driven paging
    • The read request builders for OData v2 and v4 have a new feature that enables lazy iteration through result-set pages.
    • You can use memory-efficient or latency-reduced data processing depending on your use-case.

Example:

// Let's assume these are your requests for OData v2 and v4 to fetch entities.
FluentHelperRead<?, EntityT, ?> request = service.getEntities(); // for v2
GetAllRequestBuilder<EntityT> request = service.getEntities(); // for v4

// Before you had only this method which would fetch all the data eagerly by
// travesing through pages and providing the final result set for you.
List<EntityT> defaultEager = request.execute( destination );

// Now you have an option to handle paginated results yourself using one of the
// methods below depending on your use-case.
Iterable<EntityT> lazyIterable = request.iteratingEntities().execute( destination );
Stream<EntityT> lazyStream = request.streamingEntities().execute( destination );
Iterable<List<EntityT>> lazyPages = request.iteratingPages().execute( destination );
note
  • For OData v2 the execute method is called executeRequest
  • The default behavior for OData v2 and v4 is now to return accumulated results from all pages. Before only the first page of results was returned.

Improvements

  • Dependency Updates:
    • SAP dependency updates:
      • Update API of Java EE 7 Web Profile TomEE 7 from 1.86.9 to 1.87.4
      • Update API of Java Web Tomcat 8 from 3.117.9 to 3.118.5
      • Update Cf Java Logging Support Logback from 3.2.0 to 3.2.1
    • Other dependency updates:
      • Minor version updates:
        • Update Apache CXF from 3.3.7 to 3.3.8
        • Update EclipseLink from 2.7.6 to 2.7.7
        • Update Hibernate validator from 6.1.5.Final to 6.1.6.Final
        • Update Jetty from 9.4.33.v20201020 to 9.4.34.v20201102
        • Update Json from 20200518 to 20201115
        • Update Protobuf java from 3.12.2 to 3.14.0
        • Update Swagger annotation from 1.5.22 to 1.6.2
        • Update Vavr from 0.10.2 to 0.10.3
        • Update hibernate-core from 5.4.3 to 5.4.24 to overcome security vulnerability CVE-2020-25638

Fixed Issues

  • RFC calls executed via the resilience decorator now use subscriber tenant instead of provider tenant which is correct behavior for multi-tenant applications.
  • non-Latin characters in the query and path part of OData URLs are now correctly encoded.

3.33.0 - November 20, 2020

Javadoc | Release blog | Maven Central

Compatibility Notes

  • The client library for SAP S/4HANA Enterprise Messaging is deprecated. This affects all classes in the following modules: s4hana-api-messaging, messaging-core, messaging-jms

  • Blockchain Business Services Visibility: The members of the class MerkleProof are now immutable, forbidding any external modification of a proof

New Functionality

  • Destinations can be conveniently added into the DestinationAccessor logic at runtime. It exposes two new methods appendDestinationLoader() and prependDestinationLoader() which add destination loaders with high or low priority to the accessor logic. Leverage a new default implementation for the DestinationLoader interface to load destinations created at runtime:

    DestinationLoader loader = new DefaultDestinationLoader().registerDestination(myHttpDestination);
    DestinationAccessor.appendDestinationLoader(loader);

    This new API is experimental.

Improvements

  • The SCP Workflow API client library in module scp-workflow-cf is now generally available and released for productive usage.

  • All OData V2 and V4 request builder classes now expose an experimental method toRequest() that returns a low-level, generic request object. It provides more convenience for debugging and flexibility to work around a non-standard service behavior.

  • The method withHeader() of OData V4 request builders is no longer experimental.

  • Improve the class hierarchy of ODataException:

  • Dependency Updates:

    • API of Java EE 7 Web Profile TomEE 7 from 1.85.7.2 to 1.86.9
    • API of Java Web Tomcat 8 from 3.116.7.2 to 3.117.9
    • Support for Logback for SCP CF from 3.0.1 to 3.2.0
    • Tomcat from 8.5.50 to 8.5.59 to overcome the security vulnerability CVE-2020-13943
    • Jetty from version 9.4.31.v20200723 to 9.4.33.v20201020 to overcome the security vulnerability CVE-2020-27216
    • Netty BOM from 4.1.53.Final to 4.1.54.Final
    • Spring Boot from 2.3.4.RELEASE to 2.3.5.RELEASE
    • Spring from 5.2.9.RELEASE to 5.3.1
    • AssertJ from 3.17.2 to 3.18.1
    • AssertJ Vavr from 0.2.0 to 0.3.0
    • Fabric SDK for Java from 2.2.2 to 2.2.3
    • Fabric Gateway for Java from 2.2.0 to 2.2.1
    • Mockito from 3.5.15 to 3.6.0
    • Joda Time from 2.10.6 to 2.10.8
    • io.projectreactor:reactor-core from 3.3.10.RELEASE to 3.4.0
    • Okio from 2.7.0 to 2.9.0
    • OkHttp from 4.5.0 to 4.9.0

Fixed Issues

  • Blockchain Business Services Visibility: Fixed an issue where validating a structurally invalid proof could result in a stack overflow.
  • Fixed missing request header If-Match on batch request for Update or Delete Operation.
  • Fixed missing custom headers and parameters on OData V2 count requests.

3.32.0 - November 5, 2020

Javadoc | Release blog | Maven Central

Compatibility Notes

  • OData requests do no longer send the query parameter $format=json by default. Instead the Accept header is set to application/json by default.

The following changes apply to experimental functionality of the SAP Cloud SDK:

  • The SCP service Hyperledger Fabric on SAP Cloud Platform is deprecated, the corresponding Maven dependency com.sap.cloud.sdk.services:scp-blockchain gets deprecated too. Use the dependency com.sap.cloud.sdk.serices:blockchain-client-fabric instead.
  • The method setResponseFormat() in the class ODataRequestGeneric is no longer available. You can still configure the Accept header via the method addHeaderIfAbsent(). Example: request.addHeaderIfAbsent(HttpHeaders.ACCEPT, "application/xml").
  • The enum com.sap.cloud.sdk.datamodel.odata.client.request.ODataFormat is no longer public.

New Functionality

  • Update the OData client library to the newest release 2011 of SAP S/4HANA Cloud. This includes completely new services (available as usual in packages com.sap.cloud.sdk.s4hana.datamodel.odata.services and com.sap.cloud.sdk.s4hana.datamodel.odatav4.services), new operations in previously existing services, and new entity types. The SAP Cloud SDK supports all OData services listed in the SAP Business Accelerator Hub for SAP S/4HANA Cloud.
  • Released new pregenerated type-safe client libraries for the OData v4 services in the latest RTC release 2020 of SAP S/4HANA On-premise
  • The untyped, generic OData client and OData V4 client now support Edm.Binary as value type for Entity properties. In Java, this type is conveniently represented as byte[]. The OData V4 generator will now generate affected services without raising a warning. Generated entities that have binary properties now have static accessors to the respective fields, similar to the other entity properties. OData filter expressions for binary properties can be created.
  • Add generated service DocumentComplianceElectronicDocumentFileService for API ELECTRONICDOCFILE_0001

Improvements

  • OData requests contain the Accept header with value application/json by default.

  • Dependency Updates:

    • SAP Cloud Security Client from 2.7.7 to 2.7.8
    • SAP Cloud Application Programming Model from version 1.40.6 to 1.40.11
    • Guava from 29.0-jre to 30.0-jre
    • Lombok from 1.18.14 to 1.18.16
    • Caffeine from 2.8.5 to 2.8.6
    • Resilience4j from 1.6.0 to 1.6.1
    • Mockito from 3.5.13 to 3.5.15
    • Fabric SDK for Java from 2.2.1 to 2.2.2
    • Netty from 4.1.52.Final to 4.1.53.Final

3.31.0 - October 22, 2020

Javadoc | Release blog | Maven Central

New Functionality

Improvements

  • The Workflow API client library in module scp-workflow-cf got enhanced to reflect the latest Workflow API features.

  • Update Dependencies

    • Spring dependency for the SAP Cloud Platform multitenancy implementation module to version 4.3.29.RELEASE to overcome the security vulnerability CVE-2020-5421.
    • Apache HttpComponents from version 4.5.12 to 4.5.13
    • Jackson from 2.11.2 to 2.11.3
    • Java JWT from 3.10.3 to 3.11.0
    • JUnit Pioneer from version 0.9.0 to 1.0.0
    • Lombok from version 1.18.12 to 1.18.14
    • Mockito from version 3.5.11 to 3.5.13
    • Resilience4J from version 1.5.0 to 1.6.0
    • Spring Security from 5.4.0 to 5.4.1
    • io.projectreactor:reactor-core from 3.3.9.RELEASE to 3.3.10.RELEASE
    • JUnit from version 4.13 to 4.13.1
    • Tomcat from 9.0.37 to 9.0.39, fixing the vulnerability CVE-2020-13943

Fixed Issues

  • Fix an issue where responses of OData batch requests could not be evaluated if the batch request contained semantically identical request objects (e.g. creating two similar entities).
  • Fix an issue where an OData VDM generated with the OData V4 generator would not compile when a complex type contained a list of properties.
  • Fix an issue where error responses of OData V2 requests could not be parsed correctly.

3.30.0 - October 8, 2020

Javadoc | Release blog | Maven Central

Compatibility Notes

To unify OData V2 client to OData V4 client APIs, the API of custom header configuration has been simplified and partially deprecated on OData V2 side:

    requestV2
        .withHeader("Authorization", "Basic user:secret")
        .onRequestAndImplicitRequests() // deprecated
        .withHeader("User-Agent", "Robot")
        .onRequestOnly() // deprecated
        .execute(httpDestination);

    // ... still works, but should be migrated to:

    requestV2
        .withHeader("Authorization", "Basic user:secret")
        .withHeader("User-Agent", "Robot")
        .executeRequest(httpDestination);

The deprecated code is still usable. No breaking changes in code or behavior are introduced.

The internal fluent helper class FluentHelperCustomHttpHeader is changed to a deprecated interface. The related methods getHeadersForRequestAndImplicitRequests and getHeadersForRequestOnly are deprecated. The former modifier will be used by default in the future. Please use the existing withHeader and withHeaders methods without the stating a deprecated modifier.

The internal protected methods getHeadersForRequestOnly and getHeadersForRequestAndImplicitRequests from abstract base class FluentHelperBasic are deprecated. Please use protected getHeaders() instead.

The internal interface CsrfTokenRetriever defines another retrieveCsrfToken method with additional headers parameter to be passed in the HTTP request.

New Functionality

Blockchain Business Services update:

  • It is now possible to send, receive, and validate notarizations. Sending a document will automatically also send its notarizations if the visibility configuration is set to include notarizations.

Improvements

  • In case a DefaultErpHttpDestination decorates an On-Premise HttpDestination and the destination configuration lacks a sap-client property, an information message is logged to raise awareness for potential authentication issues.

  • Dependency Updates:

    • Update Spring Boot from 2.3.3.RELEASE to 2.3.4.RELEASE
    • Update JUnit Jupiter from 5.6.2 to 5.7.0
    • Update Spring from 5.2.8.RELEASE to 5.2.9.RELEASE
    • Update Spring Security from 5.3.4.RELEASE to 5.4.0
    • Update Mockito from 3.5.10 to 3.5.11

  • Maven Plugin Updates in Archetypes:

    • Update Maven Surefire Plugin from 3.0.0-M4 to 3.0.0-M5
    • Update Maven Jacoco Plugin from 0.8.5 to 0.8.6

3.29.1 - September 24, 2020

Javadoc | Release blog | Maven Central

Compatibility Notes

  • To leverage the new OData v2 client, you need to adjust existing code. Refer to documentation on how to switch for detailed instructions.
  • We start deprecating APIs of the outdated OData v2 client. In this release we deprecated:
    • Methods: execute, toQuery, withErrorHandler, cachingMetadata, withoutCachingMetadata, ignoringVersionIdentifier and ignoreVersionIdentifier.
    • Error handler: ODataVdmErrorResultHandler.
    • Exception classes VersionIdentifierMissingException and VersionIdentifierExpiredException.
    • You'll find instructions how to adjust the code to use the new OData v2 client in the Javadoc of deprecated method or class.

New Functionality

  • The improved OData v2 type-safe client is now Generally Available. From now on we recommend it for OData API consumption. Refer to the documentation on how to switch for more details on the new OData 2 client.

    • The methods executeRequest are no longer marked as Beta and ready for use in production code.
    • The new methods matchAnyVersionIdentifier() and disableVersionIdentifier() allow for better control over ETag handling.

  • The DefaultHttpDestination and DefaulErptHttpDestination can use a java.security.KeyStore and a key store password for HTTP communication. This is especially useful when utilizing mutual TLS (mTLS) for the communication with a remote system. Use the respective builder methods to set these values as in the following code snippet:

final DefaultHttpDestination defaultHttpDestination =
            DefaultHttpDestination.builder(uri).
            keyStore(keyStore).
            keyStorePassword(keyStorePassword).
            build();
  • We updated the Workflow API client library that is shipped as scp-workflow-cf module. It now supports the latest Workflow API service features.

Improvements

  • Handle requesting a CSRF token for OData V4 batch operations and actions

  • Improve the log output and error handling of CSRF token requests

  • In case a DefaultErpHttpDestination decorates an On-Premise HttpDestination and the destination configuration lacks an sap-client property, a notification appears in app logs to raise awareness of potential authentication issues.

  • Update and Delete requests in OData v4 type-safe client no longer send a * in the IF_MATCH header if no version identifier (ETag) has been retrieved from the server previously. This ensures consistent behavior of Update and Delete requests and protects you from unintended data loss and integrity problems.

  • Dependency Updates:

    • Update SAP Cloud Security Client from 2.7.6 to 2.7.7
    • Upgrade Fabric SDK for Java from 2.1.0 to 2.2.1
    • Upgrade Fabric Gateway for Java from 2.1.0 to 2.2.0
    • Upgrade Commons Codec from 1.14 to 1.15
    • Upgrade Commons IO from 2.7.0 to 2.8.0
    • Upgrade AssertJ from 3.17.0 to 3.17.2
    • Upgrade Mockito from 3.5.7 to 3.5.10
    • Upgrade Wiremock from 2.27.1 to 2.27.2
    • Upgrade Netty from 4.1.51.Final to 4.1.52.Final

Fixed Issues

  • Fix an issue where invalid service metadata files would cause the odata-generator to fail. The generator now skips such services with a warning and only fails if the failOnWarning flag is set.
  • Fix special characters escaping and double encoding issues. The following characters are encoded now:
    • %, # ,' ', ? , \ and " in the service and entity path
    • %, # ,' ', ? , \ , " , $ and & in system query options
    • %, # ,' ', ? , \ , " , $ , & and / in string parameters being passed in functions and GetByKey requests

3.28.1 - September 10, 2020

Javadoc | Release blog | Maven Central

Compatibility Notes

  • Blockchain Business Services: The constructors of classes Me and Partner are no longer public. New instances can be constructed using a builder, by calling Me.builder() and Partner.builder() respectively.
  • Blockchain Business Services: IdentityClient.deletePartner now only requires the Partner's ID instead of a full object.

New Functionality

  • The Currency Conversion library has been added. You can use this library to facilitate currency exchange rate conversions within your Cloud application.
    • Note that no exchange rates are provided by the library. It is assumed that you have your own data providers for getting the exchange rates.
    • The library supports bulk conversions, direct one-to-one conversions from a source value to a target value, and indirect conversions based on inverse rates or a reference currency.
    • You can perform currency conversions based on a fixed currency exchange rate, or a non-fixed rate (if you want the library to select the most appropriate rate based on a list of data from various data providers).
    • To use the library, add the currency-conversion-core and currency-conversion-datamodel Maven dependencies in your pom.xml.

Improvements

  • Update dependencies:
    • Update SAP Cloud Security Client from 2.7.5 to 2.7.6
    • Update AssertJ Core from 3.16.1 to 3.17.0
    • Update Caffeine from 2.8.4 to 2.8.5
    • Update Apache Commons Lang from version 3.10 to 3.11
    • Update Apache Commons Text from version 1.8 to 1.9
    • Update Apache CXF from 3.3.6 to 3.3.7
    • Update Mockito from 3.3.3 to 3.5.7
    • Update Jackson from 2.11.0 to 2.11.2
    • Update Junit Pioneer from 0.6.0 to 0.9.0
    • Update Netty from 4.1.50.Final to 4.1.51.Final
    • Update Jetty from 9.4.27.v20200227 to 9.4.31.v20200723
    • Update Protocol Buffers Java from 3.12.1 to3.12.2
    • Update Resilience4J from 1.4.0 to 1.5.0
    • Update Spring from version 5.2.6.RELEASE to 5.2.8.RELEASE
    • Update Spring Security from 5.3.2.RELEASE to 5.3.4.RELEASE
    • Update Wiremock from 2.26.3 to 2.27.1
    • Update Togglz from 2.6.1.Final to 2.8.0
    • Update SQLite JDBC Driver from 3.28.0 to 3.32.3.2
    • Update JavaPoet from 1.12.1 to 1.13.0
    • Update Spring Boot from 2.3.0.RELEASE to 2.3.2.RELEASE
    • Update JSON Unit AssertJ from 2.17.0 to 2.18.1
    • Update io.projectreactor:reactor-core from 3.3.5.RELEASE to 3.3.9.RELEASE
    • Update CDS4 from 1.11.0 to 1.12.1
    • Update com.squareup.okio:okio from 2.6.0 to 2.7.0

Fixed Issues

  • Fix an issue where numbers where not serialised correctly in OData V2 requests using executeRequest. Fractional and long numbers are now correctly serialised as JSON strings.
  • Fix an org.springframework.beans.BeanInstantiationException with a nested java.lang.NoSuchMethodException when adding the Maven dependency scp-workflow-cf to a Spring Boot project

3.27.0 - August 27, 2020

New functionality

  • The implicit properties of DefaultHttpClientFactory can now be customized.
    • With HttpClientAccessor.setHttpClientFactory( HttpClientFactory ) it is possible to change the logic that manages creation and configuration of HttpClient instances. These clients are used to handle the connection between platform services and integration endpoints internally. The DefaultHttpClientFactory class has been updated to allow for conveniently changing properties like time-out duration and maximum number of connections. Since the implementation can easily be extended, a custom logic would not need to start from scratch.
    • To change the properties, either create a new class that inherits from DefaultHttpClientFactory and override the accessor methods with scope protected. Or explore the flexible builder pattern for a similar result: DefaultHttpClientFactory.builder().
    • For more information, please find the related documentation.

Improvements

  • Improve log message quality of OData V2 errors that may occur within executeRequest method.

  • Update dependencies in maven archetypes:

    • Archetype scp-cf-tomee:
      • Update tomee-maven-plugin from 8.0.3 to 8.0.4
    • Archetype scp-cf-spring:
      • Update spring-boot from 2.3.0.RELEASE to 2.3.2.RELEASE
    • Archetype scp-neo-javaee7:
      • Update scp.sdkVersion from 1.74.10 to 1.79.14

3.26.0 - August 13, 2020

New functionality

OData and type-safe client libraries

  • We released a Beta version of improved type-safe client library implementation for OData v2 protocol which now shares a code base with OData v4 protocol. It brings significant advantages like:
    • Boosting performance by avoiding unnecessary metadata calls
    • The same code base for both OData protocol versions speeds up the innovation cycle and unlocks the developing of advanced features for both OData versions.
  • The results of create and update operations in OData v4 type-safe client now offer getModifiedEntity() method which returns a new Entity object including any changes to payload or metadata the service may have responded with.
  • We released a regular update for pregenerated type-safe client libraries (also known as VDM) for the latest RTC release 2008 of SAP S/4HANA Cloud.
    • The update covers all the changes to existing services and introduces new ones. You'll find them in com.sap.cloud.sdk.s4hana.datamodel.odata.services and com.sap.cloud.sdk.s4hana.datamodel.odatav4.services. Below is the quick reference on difference and compatibility between 2005 and current 2008 of SAP S/4HANA Cloud releases:
    • These deprecated OData services are no longer allowed:
    • These OData service methods have a changed argument order:
      • In service SalesDocumentWithCreditBlocksService the methods rejectCreditBlock and releaseCreditBlock are updated.
      • In service CustomerReturnsDeliveryV2Service the methods setPutawayQuantityWithBaseQuantity, putawayOneItemWithBaseQuantity and putawayOneItemWithSalesQuantity are updated.
    • These OData service methods have been removed:
      • In service ProductionOrderConfirmationV2Service the method createProdnOrdConfMatlDocItm has been removed.
      • In service ProcessOrderConfirmationV2Service the method createProcOrdConfMatlDocItm has been removed.
      • In service SupplierInvoiceIntegrationService the methods createSuplrInvcItemAcctAssgmt and createSuplrInvcItemPurOrdRef have been removed.
    • For reference on what OData services are included in current release, check out SAP Business Accelerator Hub for SAP S/4HANA Cloud

REST

  • The experimental REST SCP Workflow client library got enhanced with a new API class constructor that expects an ApiClient, which allows for easier integration with e.g., the Spring RestTemplate.

    final String basePath = "https://my-api.org";
    final RestTemplate restTemplate  = obtainRestTemplate();

    final ApiClient apiClient = new ApiClient(restTemplate).setBasePath(basePath);

    new WorkflowDefinitionsApi(apiClient).queryDefinitions();

SAP Cloud Platform - Clound Foundry

  • We added support for new authentication types recently introduced on SAP Cloud Platform - Cloud Foundry. It further improves handling of Destinations and keeps the SAP Cloud SDK up to date with SCP features:
    • SAP_ASSERTION_SSO
    • OAuth2JWTBearer
    • OAuth2Password

Known issues

  • The module testutil-core references the dependency org.eclipse.jetty:jetty-server:jar:9.4.27.v20200227 transitively which is subject to vulnerability CVE-2019-17638. As we look into updating to the newest version of jetty-server, one can mitigate the risk by assuming that testutil-core is used for testing only and hence not used in production environments.

Compatibility notes

  • Client library for ELECTRONICDOCFILE_0001 service is missing from SAP S/4HANA 2008 release. We're working to fix this as fast as possible and will communicate it in release notes.

Fixed Issues

  • Fix an issue where calling a remote-enabled function module that returns a table of type raw (byte sequence) returned the hash code of the byte sequence. It returns the String representation of the byte sequence instead now.
  • Fix a NullPointerException when invoking a function module in SAP S/4HANA which is not remote-enabled or does not exist.
  • Fix an issue where calling a remote-enabled function module with a byte sequence as an exporting parameter was not supported before. It is now possible to pass byte sequences as exporting parameters.

3.25.0 - July 30, 2020

New Functionality

  • OData 4.0: Extract version identifiers from the ETag header in case of create and update operations. Now result entities obtained via ModificationRespnse#getResponseEntity() will contain a version identifier. It will be sent as IF-MATCH header in subsequent update and delete operations.

  • New experimental method ScpCfDestinationLoader#tryGetDestination. It allows for custom request handling to resources on SAP Cloud Platform Destination Service. With the handler acting as functional interface, you can conveniently manage your own HTTP interaction. E.g.

    String destinationName;
    String basePath;
    String relativePath;

    Try<ScpCfDestination> destination = new ScpCfDestinationLoader()
      .tryGetDestination(
        destinationName, basePath, relativePath,
        (uri) -> restTemplate.getForObject(uri, ScpCfDestinationServiceV1Response.class));

Improvements

  • Update dependencies:

  • Update Maven plugins in Maven archetypes:

    • Archetype scp-cf-tomee:
      • Update tomee-maven-plugin from 8.0.1 to 8.0.3
    • Archetype scp-cf-tomee and neo-javaee7:
      • Update maven-war-plugin from 3.2.3 to 3.3.1

  • Add public enum SoapNamespace to rfc module, with experimental support to customize expected XML tag namespace from SOAP response messages. This can be useful if target SOAP service is not working with ABAP code.

  • The principal id can be extracted from authorization tokens of grant type urn:ietf:params:oauth:grant-type:jwt-bearer.

Fixed Issues

  • Fix an issue on SCP Neo with anonymous HTTP requests being blocked, when optional module concurrency-scp-neo was added as application dependency.
  • Fix an issue with SOAP wrapped RFC and BAPI calls that sends pure exporting parameters as empty tags in SOAP serialised requests. Exporting parameters are no longer sent in SOAP serialised requests.
  • Fix an issue with SOAP wrapped RFC and BAPI calls where de-serialisation failed when the exporting parameter is a list and is empty.
  • Fixed an issue with listeners where FileWritingODataQueryListener was inadvertently called for OData CRUD operations.

3.24.0

Release date: July 16, 2020

Improvements

3.23.0

Compatibility Notes

  • Method and parameter names for the SCP Workflow client library were adjusted

Improvements

  • Improved the error messages shown when JWT validation fails.

  • Improved the AuthTokenBuilder so that public keys used for verification of authorization tokens created by it are now being cached.

  • Client Library for SCP Workflow:

    • Method names improved to better reflect the Workflow domain
    • Methods return strong return types, the previous version had generic return types
    • Parameter names improved to better reflect their semantics

  • Update dependencies:

    • Update com.mikesamuel:json-sanitizer from 1.2.0 to 1.2.1
    • Update org.json:json from 20190722 to 20200518
    • Update commons-io:commons-io from 2.6 to 2.7
    • Update org.springframework.security.oauth:spring-security-oauth2 from 2.4.1.RELEASE to 2.5.0.RELEASE
    • Update com.github.ben-manes.caffeine:caffeine from 2.8.1 to 2.8.4
    • Update com.google.errorprone:error_prone_annotations from 2.3.4 to 2.4.0
    • Update io.projectreactor:reactor-core from 3.3.4.RELEASE to 3.3.5.RELEASE
    • Update Spring Boot from 2.2.7.RELEASE to 2.3.0.RELEASE
    • Update com.squareup.okio:okio from 2.4.3 to 2.6.0
    • Update OK HTTP from 4.4.1 to 4.5.0
    • Update SAP Cloud Security Client from 2.6.2 to 2.7.2

Fixed Issues

3.22.0

Compatibility Notes

  • Deprecated the constructor SoapRequest(Class<ServiceT>, Destination) in favor of SoapRequest(Class<ServiceT>, HttpDestination) because SOAP API invocation always uses the HTTP protocol.

New Functionality

  • A new, experimental API to run generic OData batch requests via ODataRequestBatch in version agnostic module odata-client. It allows for batching entity read and modification requests. Modifications are grouped within changesets and, depending on the service implementation, they are expected to rollback if one change in the set was unsuccessful. Multiple changesets and read requests can be attached. The class supports entity request handling for create, read, update and delete, as well as service specific functions and actions.

    • Notes

      • The API is not considered final yet. The class is @Beta annotated. Please refrain from using it in productive application code.

      • There are no helper methods on the result object yet to conveniently parse the multipart response. However the HttpResponse object can be accessed already.

      • The order of method invocations matters. It defines how the individual requests are serialized, when constructing the multipart batch request.

      • Sample code:

        HttpClient httpClient;
        ODataRequestRead read1;
        ODataRequestCreate create2;
        ODataRequestUpdate update3;

        ODataRequestBatch batchRequest =
          new ODataRequestBatch( "service-path/", ODataProtocol.V4 )
            .addRead( read1 )
            .beginChangeset()
            .addCreate( create2 )
            .addUpdate( update3 )
            .endChangeset();

        batchRequest.execute( httpClient );

  • Add getAllDestinations(DestinationOptions options) in ScpCfDestinationLoader class to fetch all the cloud foundry destinations. The method prioritizes the destination at service instance level in case there exists a destination with the same name on service instance and on sub account level.

Fixed Issues

  • Fix an issue where subscriber tenant and principal information would not be available in asynchronous threads when running on SAP Cloud Platform Neo.

3.21.0

New Functionality

  • Enhance the interface CloudPlatform with the method setEnvironmentVariableReader(Function<String, String>) allowing adjusting the way how environment variables are read.
  • Add experimental filter expressions in OData client value types of package com.sap.cloud.sdk.datamodel.odata.client.expression to allow for custom requests having entity-independent, yet type-safe query filters.

Improvements

  • Update dependencies:
    • Update Java JWT from 3.10.2 to 3.10.3
    • Update Junit Pioneer from 0.5.6 to 0.6.0
    • Update AssertJ from 3.15.0 to 3.16.1
    • Update Spring from 5.2.5.RELEASE to 5.2.6.RELEASE
    • Update Spring Security from 5.3.1.RELEASE to 5.3.2.RELEASE
    • Update Hibernate Validator from 6.1.2.Final to 6.1.5.Final
    • Update Netty BOM from 4.1.49.Final to 4.1.50.Final
    • Update Stax2 api from 4.2to 4.2.1
    • Update Protocol Buffers Java from 3.11.4 to3.12.1
  • Update dependencies in maven archetypes:
    • Archetype scp-cf-spring:
      • Update spring-boot from 2.2.6.RELEASE to 2.3.0.RELEASE
    • Archetype scp-neo-javaee7:
      • Update scp.sdkVersion from 1.72.13 to 1.74.10

Fixed Issues

  • Fix an issue in the realm of HTTP destinations created through the SAP Cloud Platform Extension Factory where a DestinationAccessException occurs

3.20.0

New Functionality

  • New builder pattern for type Resilience4jDecorationStrategy to enable custom function decoration properties.

  • A new, experimental interface ServiceWithNavigableEntities for OData v4 VDM, to allow for recursive traversal of navigation properties in entity sets. This generic type offers type-safe methods to create a request along chained entities with their navigation properties. By delegating to the existing request builder classes, the interface supports all basic CRUD operations, plus count. You can use all existing request modifiers, e.g. filter or select statements in Read. The interface type is @Beta annotated to declare methods and sub-types are still open for changes in the future.

    • Example

      • Create a new Trip in Vacation (id 2020) of Person (username "John")

      • HTTP request: POST /ODataService/People('John')/Vacations(2020)/Trips

      • Sample code:

        Trip tripItem;

        CreateRequestBuilder<Trip> createRequest = service
          .forEntity( Person.builder().username("John").build() )
          .navigateTo( Person.VACATIONS )
          .forEntity( Vacation.builder().id(2020).build() )
          .navigateTo( Vacation.TRIPS )
          .create( tripItem );

        createRequest.execute( destination );

  • Add public methods String getApplicationUrl() and String getApplicationProcessId() to ScpCfCloudPlatform and expose them in CloudPlatform to partially match the existing public API of subtype ScpNeoCloudPlatform.

Improvements

  • Renamed module odata-v4-client to odata-client and packages contained from c.s.c.s.datamodel.odatav4.client to c.s.c.s.datamodel.odata.client. Only API that is declared unstable is affected so changes are only required if unstable parts of the API are being used explicitly.
  • The OData generator (so the odata-generator, odata-generator-cli, and odata-generator-maven-plugin modules) are now able to also parse swagger files according to the OpenAPI v3 spec (in addition to the already supported OpenAPI v2 spec).

3.19.1

Compatibility Notes

  • As part of the update of the OData VDM to SAP S/4HANA Cloud 2005, in the Inbound Delivery (A2X) - API_INBOUND_DELIVERY_SRV_0002 API, some previously published methods that were not actually supported by the SAP S/4HANA system (like CRUD support for entity MaintenanceItemObjList) were removed from the SAP Business Accelerator Hub and as a consequence, from the SAP Cloud SDK.

New Functionality

3.19.0

  • Release date: April 30, 2020

New Functionality

  • Introducing the client library for the Workflow API on SAP Cloud Platform, Cloud Foundry

    • Example usage:
    final HttpDestination httpDestination = DestinationAccessor.getDestination(destinationName).asHttp();

    final List<WorkflowDefinition> workflowDefinitions =
                    new WorkflowDefinitionsApi(httpDestination).getWorkflowDefinitions();
    • Maven dependency:
    <dependency>
        <groupId>com.sap.cloud.sdk.services</groupId>
        <artifactId>scp-workflow-cf</artifactId>
    </dependency>

  • New VDM request builder for OData v4 to fetch the count of entries in an entity collection endpoint. The result is a non-null Long, the number of matching entries according to optional filter and search expressions.

    • Example for the VDM usage:

      long numEntries = new DefaultEntityService()
        .countEntities()
        .filter(SomeEntity.FIELDNAME.contains("foo"))
        .search("bar")
        .execute(someDestination);

    • Example for the generic usage:

      long numEntries = new CountRequestBuilder<>("/odata/service/path/", SomeEntity.class)
        .filter(SomeEntity.FIELDNAME.contains("foo"))
        .search("bar")
        .execute(someDestination);

  • Provide support for unbound actions in OData v4. The OData v4 generator generates unbound actions at the service level. Etag handling in actions is still not supported.

    • Note: Regenerate the VDM to enable these features on your classes.

  • The VDM request builders for OData v4 to delete and update entities DeleteRequestBuilder and UpdateRequestBuilder allow to influence the submission of the version identifier (ETag) of the respective entity in the remote system.

    • The method disableVersionIdentifier allows to avoid that the request header If-Match is sent at all.
    • The method matchAnyVersionIdentifier allows to control that the request header If-Match is sent with the value *.
    • Note that if both methods are invoked on the same request builder, the latest invocation takes precedence.
    • Example for the VDM usage to delete an entity without sending a version identifier:
    new DefaultEntityService()
    .deleteEntity(entity)
    .disableVersionIdentifier()
    .execute(destination);

    • Example for the VDM usage to update an entity while sending the * value in the request header:

      new DefaultEntityService()
      .updateEntity(entity)
      .matchAnyVersionIdentifier()
      .execute(destination);

Improvements

  • Update dependencies:
    • Update Guava from 28.2-jre to 29.0-jre
    • Update Apache CXF from 3.3.5 to 3.3.6
    • SAP Cloud Security Client from 2.6.1 to 2.6.2
    • Update Jackson from 2.10.3 to 2.11.0
    • Update Resilience4J from 1.3.1 to 1.4.0
    • Update AssertJ Guava from 3.3.0 to 3.4.0
    • Update Spring Security OAuth from 2.4.0.RELEASE to 2.4.1.RELEASE
    • Update Fabric SDK from 2.0.0 to 2.1.0
    • Update Netty BOM from 4.1.48.Final to 4.1.49.Final
  • Update Maven plugins in Maven archetypes:
    • Archetype scp-cf-tomee:
      • Update tomee-maven-plugin from 7.0.5 to 8.0.1
    • Archetype scp-cf-spring:
      • Update spring-boot-maven-plugin from 2.2.5.RELEASE to 2.2.6.RELEASE
    • Archetype scp-neo-javaee7:
      • Update jacoco-maven-plugin from 0.8.2 to 0.8.5
      • Update maven-surefire-plugin from 3.0.0-M3 to 3.0.0-M4

3.18.0

Compatibility Notes

  • The custom pmd plugin (com.sap.cloud.sdk.quality:pmd-plugin) was removed. The ruleset (com.sap.cloud.sdk.quality:pmd-rules) from now on contains only the rules shipped with the SAP Cloud SDK. All other imported rules were removed. To still use the ruleset with standard pmd plugin, especially in the SAP Cloud SDK for Continuous Delivery, we recommend adding the following configuration to the root pom of your project:
<build>
    <pluginManagement>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-pmd-plugin</artifactId>
                <configuration>
                    <rulesets>
                        <ruleset>rulesets/cloud-sdk-qualities.xml</ruleset>
                        <ruleset>rulesets/java/maven-pmd-plugin-default.xml</ruleset>
                    </rulesets>
                </configuration>
                <dependencies>
                    <dependency>
                        <groupId>com.sap.cloud.sdk.quality</groupId>
                        <artifactId>pmd-rules</artifactId>
                        <version>3.18.0</version>
                    </dependency>
                </dependencies>
            </plugin>
        </plugins>
    </pluginManagement>
    ...
</build>

Improvements

  • Update Dependencies:
    • Spring Security from 5.3.0.RELEASE to 5.3.1.RELEASE
    • JUnit Pioneer from 0.5.5 to 0.5.6
    • Java JWT from 3.10.1 to 3.10.2
    • SAP Cloud Security Client from 2.5.3 to 2.6.0

3.17.2

  • Release date: Apr 15, 2020

Compatibility Notes

  • The beta annotated CustomOperationRequestBuilder class has been renamed as FunctionRequestBuilder

Fixed Issues

  • Fix an issue with access token validation in a provider/subscriber setup, when having multiple XSUAA service bindings, e.g. one with service plan broker and one with service plan application.

3.17.1

Improvements

  • The interface ResilienceDecorationStrategy now provides an additional, optional argument to pass a custom ExecutorService in methods decorateCallable and decorateSupplier. This way the thread pool and task execution can be adjusted upon decoration. If the time limiter is enabled, it will be running in a thread through the passed executor. If Callable or Supplier lambda is queued, then the asynchronous task will be run with the given ExecutorService as well.

  • For communication with XSUAA, the recommended JWT Bearer Token Grant is now preferred over (discouraged) combination of User Token Grant and Refresh Token. This saves one internal HTTP request and the "uaa.user" scope is not necessary any longer in the xs-security.json configuration of the XSUAA service instance.

Fixed Issues

  • Fix unnecessary second request to destination service, when using proxy type "OnPremise" and authentication type "Principal Propagation".

  • Fix a regression introduced in 3.16.1 where public keys for token validation are not cached.

3.17.0

  • Release date: April 2, 2020

New Functionality

  • New support for OData V4 - Deep Update.
    • Single and collection-based entity navigation properties can be used when updating a base entity. This way nested entities can be updated and created, while performing a single OData request.
    • Note: This feature can only be used with UpdateRequestBuilder#modifyingEntity() (default), and not with UpdateRequestBuilder#replacingEntity() (custom).
    • Note: Removing an existing element from a collection-based entity navigation property is not yet supported.

Improvements

  • The OData v4 VDM now allows for ordering by multiple fields through calling orderBy and passing fields to it with the corresponding order.

      getPersons().orderBy(Person.FIRST_NAME.asc(), Person.LAST_NAME.desc());

  • Update Dependencies

    • Update Java JWT from 3.10.0 to 3.10.1
    • Update Mockito from 3.3.0 to 3.3.1
    • Update Wiremock from 2.26.2 to 2.26.3
    • Update Spring Security from 5.2.2.RELEASE to 5.3.0.RELEASE
    • Update Netty BOM from 4.1.47.Final to 4.1.48.Final
    • Update Apache TomEE libraries from version 7.0.6 to 7.0.7
    • Update SAP Cloud Application Programming Model from version 1.38.0 to 1.39.0
    • Update SAP Cloud Security Client from 2.5.1 to 2.5.3
    • Update Apache Commons Lang from version 3.9 to 3.10
    • Update JUnit from version 5.6.0 to 5.6.1
    • Update JUnit Pioneer from version 0.5.4 to 0.5.5
    • Update Spring from version 5.2.4.RELEASE to 5.2.5.RELEASE

  • Dependencies and Maven plugin versions in the archetypes scp-cf-spring, scp-cf-tomee and scp-neo-javaee7 updated.

    • jacoco-maven-plugin updated to 0.8.5
    • maven-surefire-plugin updated to 3.0.0-M4
    • maven-enforcer-plugin updated to 3.0.0-M3
    • maven-war-plugin updated to 3.2.3
    • maven-dependency-plugin updated to 3.1.2
    • Spring Boot updated from 2.2.1.RELEASE to 2.2.5.RELEASE

Fixed Issues

  • Fix a bug in the odata-v4-generator that causes fields of type Edm.TimeOfDay to not be recognized and thus generated properly, leading to missing SimpleProperty fields on the generated entity.

3.16.1

Compatibility Notes

  • As the Olingo dependency was removed from the Virtual Data Model (VDM), Olingo types are now set as custom fields and can be accessed by method getCustomField("fieldName").

New Functionality

  • Introduce the module SCP Blockchain Client Fabric for easy interaction with a Hyperledger Fabric network using all necessary configuration and credentials from a standardized user-provided service in the Cloud Foundry environment.
  • JSON Web Tokens (JWT) are now validated using their issuer and jku properties. Public keys for signature verification are fetched from the URL specified by the jku property. This only works if the issuer domain matches the domain of the XSUAA service. In case this fails or if the properties are not set, the implementation falls back to the previous validation mechanisms (e.g. verification key of XSUAA service binding, XSUAA token endpoint provider).

Improvements

  • Update Dependencies
    • Update Slf4J from version 1.7.26 to 1.7.30
    • Update Jackson from version 2.10.2 to 2.10.3
    • Update Wiremock from version 2.26.1 to 2.26.2
    • Update Jetty from version 9.4.26.v20200117 to 9.4.27.v20200227
    • Update Spring from version 5.2.3.RELEASE to 5.2.4.RELEASE
    • Update Apache HttpComponents from version 4.5.11 to 4.5.12

Fixed Issues

  • Fix missing authorization header with Principal Propagation for On-Premise connectivitiy on CloudFoundry.
  • Fix several special characters escaping and encoding issues.
    • ? in the service path
    • # and & in filter and select expressions
    • ' in string literals and in string parameters being passed in functions and GetByKey requests
    • " and \ in search expressions

3.15.1

Compatibility Notes

  • Use the library XSUAA Token Client and Token Flow API for handling communication with XSUAA service instances.

    • If you mock XSUAA service requests in your tests, some assertions might need to be updated. When using the new library, XSUAA request parameters should be passed as HTTP body content instead of query arguments.
    • The internally used types SubdomainReplacer and DefaultSubdomainReplacer became obsolete and were removed. The usage of this classes was replaced by the new library.
    • The behavior of following methods in the utility class XsuaaService has been changed.
      • retrieveAccessTokenViaUserTokenGrant()
      • retrieveAccessTokenHeaderViaUserTokenGrant() The old behavior is implemented in following methods.
      • retrieveAccessTokenViaUserTokenExchange()
      • retrieveAccessTokenHeaderViaUserTokenExchange() The change was made in order to better reflect on the internal logic of these methods. In addition to "Token Grant", the "Token Exchange" flavored operation will perform an authorization request with "Refresh Token" flow, which is required for Principal Propagation when manually consuming the CloudFoundry Connectivity Service. Please update your code accordingly.

  • The module com.sap.cloud.sdk.services:blockchain has been renamed to com.sap.cloud.sdk.services:blockchain-client-multichain to better reflect its focus on the Multichain Service.

New Functionality

  • Stabilize OData v4 Virtual Data Model (VDM). Following parts are considered stable as of this release:
    • execute() on all request builders (e.g., `CreateRequestBuilder)
    • select(), filter(), top(), skip(), and search() on GetAllRequestBuilder
    • GetByKeyRequestBuilder.select()
    • of(), and(), or(), not() for defining a SearchExpression
    • includingFields(), replacingEntity(), modifyingEntity() on UpdateRequestBuilder
    • The generic exception class ODataException
    • The classes NavigationProperty, ComplexProperty and SimpleProperty
    • The OData v4 generator now generates ComplexProperty fields on entities that can be used to build queries. Single instances and collections of complex types are supported.
  • Provide support for unbound functions in OData v4. The OData v4 generator generates unbound functions at the service level.
  • The OData v4 generator now creates entity classes that are only referenced by navigation properties and functions (not part of an entity set).

Improvements

  • Introduce snakeyaml version 1.26 as direct dependency and exclude the one used by the jackson library to overcome the security vulnerability CVE-2017-18640.

  • Replace the SAP Cloud SDK implementation for handling authentication and authorization within the SAP Cloud Platform landscape by the library XSUAA Token Client and Token Flow API version 2.5.1. See the compatibility notes for details.

  • Update Dependencies

    • SAP Cloud Application Programming Model from version 1.37.1 to 1.38.0
    • Lombok from version 1.18.10 to 1.18.12
    • Caffeine from version 2.8.0 to 2.8.1
    • Commons CSV from version 1.7 to 1.8
    • Apache HTTP Components CSV from version 4.5.10 to 4.5.11
    • EclipseLink CSV from version 2.7.5 to 2.7.6
    • Liquibase CSV from version 3.6.3 to 3.8.6
    • Resilience4J CSV from version 1.2.0 to 1.3.1
    • JUnit CSV from version 5.5.2 to 5.6.0
    • JUnit Pioneer from version 0.5.1 to 0.5.4
    • Jetty from version 9.4.25.v20191220 to 9.4.26.v20200117
    • Spring Security from version 5.2.1.RELEASE to 5.2.2.RELEASE
    • Hibernate Validator from version 6.0.17.Final to 6.1.2.Final
    • Java JWT from version 3.9.0 to 3.10.0
    • AssertJ from version 3.14.0 to 3.15.0
    • Mockito from version 3.2.4 to 3.3.0
    • Wiremock from version 2.20.0 to 2.26.1
    • SAP Cloud Platform SDK For Neo Environment (Java EE 7 Web Profile TomEE 7) to version 1.69.18

Fixed Issues

  • Fix an issue where the OData v2 URL query generation was not escaping single-quotes ' in String literals correctly. This character can now be used as part of entity keys and filter expressions.
  • Fix an issue with Decimal OData values being formatted in unexpected scientific notation (e.g. 4.2e-7) instead of expected decimal form (e.g. 0.00000042). The solution is provided for serializing entity properties of Java type BigDecimal.

3.14.0

Compatibility Notes

  • Remove the public enum com.sap.cloud.sdk.cloudplatform.connectivity.DestinationRetrievalStrategy as it had no usage in the realm of the SAP Cloud SDK version 3.

New Functionality

  • OData VDM client: Add preview support for OData v4 services.
    • The new OData client implementation is capable of the basic Create, Read, Update, Delete (CRUD) operations on OData v4 services.
    • Include an updated, dedicated generator that is capable of creating virtual data models through a command line interface or Maven plugin. Reference the artifact id odata-v4-generator in your .pom file.
    • Advanced features like functions, actions or batch requests are not yet supported.
    • The implementation is initially in beta and thus does not guarantee a stable API.

Improvements

3.13.0

Compatibility Notes

New Functionality

Improvements

  • Update the Spring dependency for the SAP Cloud Platform multitenancy implementation module to version 4.3.26.RELEASE to overcome the security vulnerability CVE-2020-5397.

3.12.0

New Functionality

  • SCP Blockchain Module: Allow the usage of custom HTTP clients by adding support for a custom HTTP request factory for the rest template in MultichainRequest.
  • When creating a MultichainService instance using a SAP Cloud Platform destination, the destination's HTTP client will now be used as a pre-configured HttpClient instance with authentication, HTTP connection pooling, etc for each MultichainRequest.

Improvements

  • Update dependencies:
    • Jackson from version 2.10.1 to 2.10.2
    • Commons Codec from version 1.13 to 1.14
    • Apache HttpComponents Core from version 4.4.12 to 4.4.13.
    • Apache CXF from version 3.3.4 to 3.3.5
    • JUnit Pioneer from version 0.4.2 to 0.5.1
    • Spring from version 5.2.2.RELEASE to 5.2.3.RELEASE

Fixed Issues

  • OData Generator: Fix an issue where if only some of the declared EntitySets contained related service operations annotations in the .edmx file, the ones without such annotations got no operations resolved at all.
  • Fix an issue with BapiRequest where a NoSuchElementException was thrown in case a Destination without a name was used.
  • Fix an issue concerning the encoding of special characters such as #, &, etc in OData filter expressions.

3.11.0

Compatibility Notes

  • The existence of a principal as retrieved by the PrincipalAccessor is no longer an indicator for a JWT to be present. Due to the introduction of BasicAuthenticationAccessor a principal can also originate from the Basic Authentication header on the current request. As before verifying authentication and authorizations needs to be done explicitly by the application using the SAP Cloud SDK.

  • The behavior for principal propagation when accessing On-Premise systems has changed as explained below in the Improvements section.

New Functionality

  • Introduce a new BasicAuthenticationAccessor to read the username and password from the Basic Authentication header of the currently incoming request on Cloud Foundry.

    • Use it like the other *Accessor classes:

      Try<BasicCredentials> basicCredentials = BasicAuthenticationAccessor.tryGetCurrentBasicCredentials();

    • To handle the Try gracefully you can write something like the following:

      BasicCredentials basicCredentials  = BasicAuthenticationAccessor.tryGetCurrentBasicCredentials().getOrElseGet(this::useFallbackCredentials);

    • To provide custom logic into the accessor the default logic can be overwritten by using the setBasicAuthenticationFacade() method:

      BasicAuthenticationAccessor.setBasicAuthenticationFacade(new CustomBasicAuthenticationFacade());

  • Enable the PrincipalAccessor to also read the current principal from the newly introduced BasicAuthenticationAccessor, in addition to the already existing way to read it from the current JWT. This functionality applies to Cloud Foundry. A valid JWT takes precedence over a Basic Authentication header.

    The order of resolution is

    1. If a principal is given in the current context (e.g. via PrincipalAccessor.executeWithPrincipal()), this will we be used.
    2. Otherwise, if a JWT is given in the current context (e.g. via an incoming request or manually set via the AuthTokenAccessor.executeWithAuthToken() methods) the principal is read from there.
    3. Otherwise, If there is no JWT or the resolution fails the user retrieved via the BasicAuthenticationAccessor used (if existent).
    4. If no principal could be found with the steps above the Try returned by PrincipalAccessor.tryGetCurrentPrincipal() will contain an Exception.

  • Support self-signed certificates (file extensions .cer, .crt, and .der) as trust store locations for HTTPS destinations.

Improvements

  • The connectivity to On-Premise systems from SCP Cloud Foundry is updated, so that the authentication now follows the recommended protocol for principal propagation.

    • Instead of populating two headers SAP-Connectivity-Authentication and Proxy-Authorization for On-Premise requests, the SAP Cloud SDK now takes the recommended approach of just using Proxy-Authorization with a dynamically resolved User Exchange Access Token.
    • Introduce PrincipalPropagationStrategy for configuring that the previous behavior should be used.

    If for compatibility reasons the previous approach should be used, you can adjust strategy with the following code snippet:

    import com.sap.cloud.sdk.cloudplatform.connectivity.PrincipalPropagationStrategy;

    PrincipalPropagationStrategy.setDefaultStrategy(PrincipalPropagationStrategy.COMPATIBILITY);

  • Support reading the principal from an OAuth SAML Bearer token on Cloud Foundry.

  • Update dependencies:

Fixed Issues

  • Fix an issue with the cache of ResilienceDecorator invalidating itself upon calling, when using a JCache SPI different from JCache RI.
  • OData VDM client: Fix an issue concerning update requests with PATCH semantics where null values were being filtered out before the update. Explicitly set null values are being retained now.
  • Fix an issue with the deserialization of function import responses returning objects creatable by a single String parameter as reported here.
  • Fix a regression in the OData VDM Generator where anotations within EDMX metadata files were interpreted in an unexpected way leading to missing operations in the generated classes as reported here.

3.10.0

Compatibility Notes

Improvements

  • Update dependencies:
    • SAP Cloud Application Programming Model from version 1.35.2 to 1.36.1
    • Spring from version 5.1.2-RELEASE to 5.2.1-RELEASE
    • Spring Security OAuth from version 2.3.6-RELEASE to 2.4.0-RELEASE
    • Eclipse Link from version 2.7.4 to 2.7.5
    • Resilience4J from version 1.1.0 to 1.2.0
    • JUnit Pioneer from version 0.3.3 to 0.4.2
    • Mockito from version 2.22.0 to 3.2.0
    • Spring Boot from version 2.1.1-RELEASE to 2.2.1-RELEASE
  • Introduce more consistency in builders for destinations.

Fixed Issues

  • Fix an issue concerning HTTP destinations on Cloud Foundry where the default JDK trust store was mistakenly taken into account even if an own trust store is defined.
  • Fix OData query formatting for filter expressions with temporal values. This affects queries comparing entity properties based on Edm.Time, Edm.DateTime or Edm.DateTimeOffset.

3.9.0

Compatibility Notes

Improvements

  • SCP blockchain: Add support for Basic Authentication to MultichainRequest, allowing the request to be used with AWS and Azure Multichain nodes.

  • Resilience framework: Use new name format for threads spawned by asynchronous calls: cloudsdk-resilience-<number>

  • Add new method DestinationProperties.getPropertyNames() to retrieve the set of properties of a destination. This allows you to enumerate the names of all properties retrieved from the destination service and their values.

  • Update dependencies:

    • Jackson from version 2.10.0 to 2.10.1, fixing the vulnerabilities CVE-2019-17267 and CVE-2019-17531
    • SAP Cloud Application Programming Model from version 1.33.0 to 1.35.2
    • Joda Time from version 2.10.4 to 2.10.5
    • Vavr from version 0.9.3 to 0.10.2
    • Commons CSV from version 1.6 to 1.7
    • Java JSON from version 20180813 to 20190722
    • Apache CXF from version 3.3.2 to 3.3.4
    • AssertJ Core from version 3.13.2 to 3.14.0
    • AssertJ Guava from version 3.2.1 to 3.3.0
    • JUnit Pioneer from version 0.3.0 to 0.3.3

Fixed Issues

  • Fix an issue that caused the OData VDM generator to wrongly identify available operations on a service entity.
  • Fix an issue where special characters (e.g. /) were incorrectly escaped in OData requests made when dynamically fetching a navigation property of an entity whose key contains such characters.

3.8.0

Compatibility Notes

  • Create, update, and delete operations have been removed from some VDM services, as they are no longer available on the SAP Business Accelerator Hub.
  • The custom constructor parameters of Resilience4jDecorationStrategy have been changed to accept generic modular decorators for the following properties. The default behavior has not been changed. This should not affect existing code, but you may need to recompile your code.
    • Time limiter
    • Bulkhead
    • Circuit breaker
    • Retry
    • Caching

New Functionality

Fixed Issues

  • Fix an issue that caused unnecessary requests to the XSUAA service when accessing auth tokens in requests.

3.7.0

Known Issues

  • The SAP Cloud SDK version 3.7.0 references Jackson 2.10.0, which has two known security vulnerabilities, which were not yet fixed in time for version 3.7.0 of the SAP Cloud SDK. Note that the SAP Cloud SDK does not use the vulnerable functionality and is thus not vulnerable itself. If you use Jackson yourself, you should consider the relevant recommendations CVE-2019-17267 and CVE-2019-17531. For more details, also consider this article with more background.

Compatibility Notes

  • The resilience configuration API has been adjusted as follows:
  • The default buffer sizes for circuit breakers in CircuitBreakerConfiguration have been changed as follows:
    • From 100 to 10 for transitioning from CLOSED to OPEN state.
    • From 10 to 5 for transitioning from HALF-OPEN back to CLOSED state.

New Functionality

Improvements

3.6.0

Known Issues

  • The SAP Cloud SDK version 3.6.0 references Jackson 2.10.0 which has two known security vulnerabilities, which were not yet fixed in time for version 3.6.0 of the SAP Cloud SDK. For your reference, this concerned the following recommendations:

Compatibility Notes

  • The overridable method getJsonResponseObjectName() of base class FluentHelperFunction has been deprecated in favor of its successor refineJsonResponse. Both reside in protected scope and are therefore only used to customize the default behavior. The new method allows limitless modification of the response JSON element during the refinement step of the deserialization process for function import responses.

New Functionality

  • Offer retries as part of ResilienceConfiguration via a RetryConfiguration.
    • Retries allow for re-attempting a request in case it fails a limited number of times.
    • The feature offers to specify the maximum amount of attempts, a wait duration between attempts and a predicate that determines, whether or not a failure should be retried.

Improvements

  • OData VDM generator: Mark generated sources for compilation when using odata-generator-maven-plugin. For this feature just add the property <compileScope>...</compileScope> with the compilation phase to your configuration. Valid values are COMPILE, TEST_COMPILE, and NONE, representing the different compile phases or no automatic compilation at all. The default value (for backwards compatibility reasons) is NONE.

  • Update dependencies:

    • Jackson from version 2.9.10 to 2.10.0.
    • Lombok from version 1.18.8 to 1.18.10.
    • Guava from version 28.0-jre to 28.1-jre.
    • GSON from version 2.8.5 to 2.8.6.
    • Java JWT from version 3.8.1 to 3.8.3.
    • Commons-Text from version 1.7 to 1.8.
    • Http Core from version 4.4.11 to 4.4.12.
    • Http Components Client from version 4.5.9 to 4.5.10.
    • Resilience4J from version 0.17.0 to 1.1.0.

Fixed Issues

  • OData VDM: Fix an issue where the response of function imports was not correctly handled. The response is now parsed according to OData specification. The deviating behavior of OData services in some SAP solution is still supported as in previous versions, via a (modifiable) refinement step.
  • OData VDM generator: Parse allowed requests in a more careful manner when handling an EDMX file. The generator will no longer throw an exception for missing XML attributes.
  • Fix an issue regarding timeouts in the execution of resilient requests. The issue prevented threads from being terminated when a timeout occurs.

3.5.0

Compatibility Notes

  • Previous versions of the SAP Cloud SDK only recognized an access token in the authorization header if "Bearer" was spelled in title case. Now, corresponding methods do a case insensitive check for "bearer". That means, "bearer" and "Bearer" are now equally supported as correct authorization header.
  • OData VDM generator: The generator now identifies which CRUD operations an entity set supports by first consulting the annotations based on the OData specification. Only when these annotations are not declared, the custom SAP specifications are considered.

Improvements

  • No longer require a binding to an XSUAA service instance when consuming the destination or connectivity service via the SAP Cloud SDK.
  • Automatically read the principal ID from the user_name claim of the current JWT in ScpCfPrincipalFacade when the JWT has the user_token grant type.
  • Update dependencies on Jackson from 2.9.9/2.9.9.2 to 2.9.10.
  • Verify that the Maven artifactId does not contain an underscore character when creating a project using the scp-cf-spring and scp-cf-tomee archetypes. This is necessary as the artifact ID will also be used as Cloud Foundry application name and the deployment to Cloud Foundry will fail if the application name contains an underscore.

3.4.0

Compatibility Notes

  • In preparation for an upcoming change to the way how the XSUAA service supplies verification keys to applications, the SAP Cloud SDK from version 3.4.0 onwards retrieves the key from the XSUAA service instead of relying on a verification key present in the XSUAA service binding credentials.
  • Remove dependency rest-assured from the sdk-bom. Projects that depends on it must now declare a version explicitly. This also removes the need to explicitly declare a version of hamcrest-core and hamcrest-library since they were previously both introduced as transitive dependencies via jUnit and rest-assured but had conflicting versions.

Improvements

  • Validate user access tokens issued by XSUAA with the verification key retrieved from the XSUAA service, instead of relying on a verification key present in the XSUAA service binding credentials. The retrieved key is cached for 5 minutes (depending on feedback, the cache duration may change in the future).
  • Support SystemUser property in destinations with authentication type "OAuth2SAMLBearerAssertion". The system user will be used instead of the currently logged in principal to retrieve an access token to the destination. That is, no principal propagation takes place. As a consequence, no user JWT is required.

3.3.1

Compatibility Notes

  • The OData VDM Generator now constructs the service URL based on the service name from the namespace provided in the metadata file. The previously used filename is only considered as the service name in case the namespace does not not provide the information.

Improvements

  • OData VDM Generator: use the service name from the namespace provided in the metadata file to construct the service name part of the OData request URL. Fall back to the filename of the metadata file as the service name only if the namespace information is not available.
  • Update dependency to Java libraries of SAP Cloud Application Programming Model (com.sap.cloud.servicesdk.*) from version 1.32.5 to 1.33.0.
  • Remove listeners-all dependencies from projects generated via archetypes since the SAP Cloud SDK Pipeline will inject this dependency during a pipeline run.

3.2.0

Compatibility Notes

  • The following methods in the resilience module have been deprecated in favor of the new methods introduced for asynchronous resilient execution: decorateFutureSupplier and executeFutureSupplier in ResilienceDecorator, decorateFutureSupplier and executeFutureSupplier in ResilienceDecorationStrategy.
  • OData VDM: we have added deprecation information to service classes that represent SAP S/4HANA Cloud APIs which are deprecated on the SAP Business Accelerator Hub, such as ChangeMasterService, ProcessOrderConfirmationService, and ProductionOrderConfirmationService. Take a look at the corresponding Javadoc and use the appropriate successor service listed therein.

New Functionality

Improvements

  • OData VDM Generator: add deprecation information contained in the provided Swagger file of a service to generated service classes.

  • Update dependencies:

    • Java libraries of SAP Cloud Application Programming Model (com.sap.cloud.servicesdk.*) from version 1.32.0 to 1.32.5
    • Caffeine from 2.7.0 to 2.8.0
    • Commons Codec from 1.12.0 to 1.13.0
    • CXF from 3.2.6 to 3.3.2
    • Resilience4J from 0.16.0 to 0.17.0
    • JUnit from 5.5.0-M1 to 5.5.1
    • AssertJ Core from 3.12.2 to 3.13.2
    • Joda Time from 2.10.2 to 2.10.3

  • Reduce log verbosity of ThreadContextExecutor and the accessor classes that use it (e.g. execute... methods in TenantAccessor).

Fixed Issues

  • OData VDM: Fix an issue with function imports where special characters in query parameters, e.g. spaces, led to wrong URLs.
  • Fix an issue with XsuaaService where it always forcibly used the provider tenant when calling retrieveAccessToken... methods. Now the methods retrieve access tokens for the tenant that called the method.
  • Fix an issue with error handling in functions of MultichainService so that it appropriately throws instances of MultichainException.

3.1.0

Compatibility Notes

  • As part of the update of the OData VDM to SAP S/4HANA Cloud 1908, the OutboundDeliveryService has been removed from the SAP Business Accelerator Hub and, as a consequence, from the SAP Cloud SDK. Use OutboundDeliveryV2Service instead.
  • The destination expected as the second parameter of the attachToService() method of VdmEntity is now mandatory (@Nonnull), rather than nullable because attaching to a service does not work without a destination to designate the target system.

New Functionality

Improvements

  • Update dependency to Jackson Databind to version 2.9.9.2 (from 2.9.9.1) in order to fix reported security vulnerabilities.

Fixed Issues

  • Fix an issue where DefaultHttpDestination failed to load the authentication type, so that authentication was not correctly applied when loading destinations from an environment variable or instantiating DefaultHttpDestination manually.
  • Fix issues with HTTP destinations in the SAP Cloud Platform Neo environment when using EJBs to run code on server startup.

3.0.0

Known Issues

When defining destinations via the environment variable destinations, version 3.0.0 does not use basic authentication even if credentials are given. Either update to version 3.1.0 or manually add the following properties to the JSON defining a destination: "authentication": "BasicAuthentication", "authType": "BasicAuthentication".

Compatibility Notes

  • Update several implementations of destination classes to the new Destination API.

    • Change the Extension Factory destination loader class: Now ScpXfDestinationLoader extends from generic ScpVcapDestinationLoader.

  • Introduce separate enums by a platform for destination retrieval strategy.

    • ScpCfDestinationRetrievalStrategy and ScpNeoDestinationRetrievalStrategy
    • Removed the PLATFORM_DEFAULT value from all destination retrieval strategy enums.
      • Use null values instead, or do not set the parameter at all.

  • Removed the destination retrieval strategy configuration from the DestinationAccessor. It is no longer a global configuration by destination name.

    • Destination retrieval strategy configuration is now stored in instances of the new DestinationOptions class.

    • To set the destination retrieval strategy, use the ScpCfDestinationOptionsHelper or ScpNeoDestinationOptionsHelper with the builder of DestinationOptions.

    • e.g. on Cloud Foundry:

      final DestinationOptions destinationOptions = DestinationOptions.builder()
              .parameter("myParameter", myValue)
              .augmentBuilder(ScpCfDestinationOptionsHelper.augmenter()
                  .retrievalStrategy(ScpCfDestinationRetrievalStrategy.SUBSCRIBER_THEN_PROVIDER))
              .augmentBuilder((new MyDestinationOptionsAugmenter())
                  .myCustomParameter1(myCustomValue1)
                  // any number of custom parameters
                  .myCustomParameterN(myCustomValueN))
              // other parameters/augmenters you need
              .build();

  • Use the new ResilienceDecorator class to wrap logic instead of extending the Command class.

  • Configure resilience using the new ResilienceConfiguration class. ResilienceDecorator requires at least a unique identifier configured.

  • Configure caching within the ResilienceConfiguration class by providing an instance of CacheConfiguration class.

    • As a parameter, CacheConfiguration requires at least a value for a duration until the cache entry will be expired.
    • Additional items can be attached as part of the dynamic cache key. If these items are Serializable then the cache key itself automatically becomes serializable as well. This fulfills a requirement for some caching configurations.
    • The caching strategy only works, when a service provider for (JSR-107 / JCache) is registered at runtime.

  • Can provide fallback functions, which are executed when the wrapped code throws exceptions.

  • Ability to configure ResilienceDecorator with a custom function decoration strategy by implementing the ResilienceDecorationStrategy interface.

  • Removed the ODataRequestCommand since it's no longer needed by VDM fluent helpers.

  • Classes ODataServicesQueryCommand, SqlQueryCommand, BapiQueryCommand, RfcQueryCommand, HierarchyQueryCommand, and UserProfileQueryCommand have been removed. The execute() method of queries can be easily wrapped using ResilienceDecorator instead.

  • Removed the asResilientCommand() methods from all VDM fluent helpers. The execute() method of VDM fluent helpers can be easily wrapped using ResilienceDecorator instead.

  • Internal only: Removed the SigningServiceCommand class. Use instead the SigningServiceErpQuerySigner class.

  • Classes referred to with "query" are renamed to "request", in case their main purpose is to read result data.

  • s4hana / connectivity

    com.sap.cloud.sdk.s4hana.connectivity.AbstractQuerySerializer -> com.sap.cloud.sdk.s4hana.connectivity.AbstractRequestSerializer
    com.sap.cloud.sdk.s4hana.connectivity.QueryExecutor -> com.sap.cloud.sdk.s4hana.connectivity.RequestExecutor
    com.sap.cloud.sdk.s4hana.connectivity.QueryResult -> com.sap.cloud.sdk.s4hana.connectivity.RequestResult
    com.sap.cloud.sdk.s4hana.connectivity.QuerySerializer -> com.sap.cloud.sdk.s4hana.connectivity.RequestSerializer
    com.sap.cloud.sdk.s4hana.connectivity.Query -> com.sap.cloud.sdk.s4hana.connectivity.Request
    com.sap.cloud.sdk.s4hana.connectivity.QueryBody -> com.sap.cloud.sdk.s4hana.connectivity.RequestBody
    com.sap.cloud.sdk.s4hana.connectivity.QueryExecutionMeasurements -> com.sap.cloud.sdk.s4hana.connectivity.RequestExecutionMeasurements
    com.sap.cloud.sdk.s4hana.connectivity.SerializedQuery -> com.sap.cloud.sdk.s4hana.connectivity.SerializedRequest
    com.sap.cloud.sdk.s4hana.connectivity.SerializedQueryResult -> com.sap.cloud.sdk.s4hana.connectivity.SerializedRequestResult
    com.sap.cloud.sdk.s4hana.connectivity.exception.QueryExecutionException -> com.sap.cloud.sdk.s4hana.connectivity.exception.RequestExecutionException
    com.sap.cloud.sdk.s4hana.connectivity.exception.QuerySerializationException -> com.sap.cloud.sdk.s4hana.connectivity.exception.RequestSerializationException

  • s4hana / soap

    com.sap.cloud.sdk.s4hana.connectivity.soap.SoapQuery -> com.sap.cloud.sdk.s4hana.connectivity.soap.SoapRequest

  • s4hana / rfc

    com.sap.cloud.sdk.s4hana.connectivity.rfc.BapiQuery-> com.sap.cloud.sdk.s4hana.connectivity.rfc.BapiRequest
    com.sap.cloud.sdk.s4hana.connectivity.rfc.RemoteFunctionQueryErrorHandler-> com.sap.cloud.sdk.s4hana.connectivity.rfc.RemoteFunctionRequestErrorHandler
    com.sap.cloud.sdk.s4hana.connectivity.rfc.RemoteFunctionQueryExecutor -> com.sap.cloud.sdk.s4hana.connectivity.rfc.RemoteFunctionRequestExecutor
    com.sap.cloud.sdk.s4hana.connectivity.rfc.AbstractRemoteFunctionQuery -> com.sap.cloud.sdk.s4hana.connectivity.rfc.AbstractRemoteFunctionRequest
    com.sap.cloud.sdk.s4hana.connectivity.rfc.AbstractRemoteFunctionQueryResult -> com.sap.cloud.sdk.s4hana.connectivity.rfc.AbstractRemoteFunctionRequestResult
    com.sap.cloud.sdk.s4hana.connectivity.rfc.BapiQueryResult -> com.sap.cloud.sdk.s4hana.connectivity.rfc.BapiRequestResult
    com.sap.cloud.sdk.s4hana.connectivity.rfc.RemoteFunctionQueryListener -> com.sap.cloud.sdk.s4hana.connectivity.rfc.RemoteFunctionRequestListener
    com.sap.cloud.sdk.s4hana.connectivity.rfc.RfcQuery -> com.sap.cloud.sdk.s4hana.connectivity.rfc.RfmRequest
    com.sap.cloud.sdk.s4hana.connectivity.rfc.RfcQueryResult -> com.sap.cloud.sdk.s4hana.connectivity.rfc.RfmRequestResult
    com.sap.cloud.sdk.s4hana.connectivity.rfc.RfcTransactionFactory -> com.sap.cloud.sdk.s4hana.connectivity.rfc.RfmTransactionFactory
    com.sap.cloud.sdk.s4hana.connectivity.rfc.SoapRemoteFunctionQuerySerializer -> com.sap.cloud.sdk.s4hana.connectivity.rfc.SoapRemoteFunctionRequestSerializer

  • quality

    com.sap.cloud.s4hana.quality.FileWritingQueryListenerUtil -> com.sap.cloud.s4hana.quality.FileWritingRequestListenerUtil
    com.sap.cloud.s4hana.quality.FileWritingRemoteFunctionQueryListener -> com.sap.cloud.s4hana.quality.FileWritingRemoteFunctionRequestListener

  • cloudplatform / servlet

    com.sap.cloud.sdk.cloudplatform.servlet.response.QueryExecutionErrorResponse -> com.sap.cloud.sdk.cloudplatform.servlet.response.RequestExecutionErrorResponse

  • RequestContext is now ThreadContext

    • New concept of ThreadContextDecorator to allow decorating the callable which is wrapped in a ThreadContext. The difference to ThreadContextListener is that the listener is responsible for setting ThreadContext properties, while the decorator allows decorating the callable that is wrapped in the ThreadContext.
    • Now there is a RequestAccessor
    • Rename RequestContextServletFilter to RequestAccessorFilter
    • DestinationsRequestContextListener has been renamed to HttpClientsThreadContextListener to better reflect its purpose

  • Lenient behavior

  • USE_MOCKED_TENANT, USE_MOCKED_USER, and ALLOW_MOCKED_AUTH_HEADER are no longer available.

  • TenantNotAvailableException etc. were removed and replaced with Option.

  • Principal replaces User.

    • No Locale as part of principal anymore (only available on Neo, cast to ScpNeoPrincipal if needed)
    • No hasAuthorizations method, use authorizations with "contains" method of setting
    • CacheKey and CacheManager have been adjusted accordingly to reflecting naming: the user is now principal
    • AccessDeniedException also now uses "principal" instead of "user" (note, however, that the AccessDeniedResponse still exposes "user" to remain compatible on REST API level).

  • LocalScopePrefixProvider now uses Try instead of throwing exceptions that were previously not declared on the API.

  • Remove ErpEdition (also removed in the mocking of ErpSystem)

  • Accessors now use vavr in more places (offering methods returning Try).

  • TenantAccessor, PrincipalAccessor, AuthTokenAccessor, and RequestAccessor now support on-behalf execution, with-fallback execution, and a global fallback.

  • SapPassportBuilder now uses the following defaults:

    • "SAP_CLOUD_SDK_APPLICATION" instead of "S4SDK_APPLICATION"
    • "SAP_CLOUD_SDK_USER" instead of "S4SDK_USER"
    • "SAP_CLOUD_SDK_REQUEST" instead of "S4SDK_REQUEST"

  • Add a new module security-servlet containing servlet-based security filters. Note that this may require that you add the following dependency to your project if you rely on these web filters:

    <dependency>
        <groupId>com.sap.cloud.s4hana.cloudplatform</groupId>
        <artifactId>security-servlet</artifactId>
    </dependency>

  • Remove CloudLoggerFactory along with pipeline rule

  • MockUtil no longer mocks platform-specific classes, but only interface. Mock the facade manually, if you have to rely on the specific class.

  • MockUtil no longer offers methods for mocking destinations or servers with the default destination name "MyDestination". The destination name now is a mandatory parameter.

  • The following maven dependencies have been updated:

LibraryVersion used in SDK 2.XVersion used in SDK 3.X
bcpkix-jdk15on1.61.62
bcprov-jdk15on1.61.62
guava27.0.1-jre28.0-jre
plexus-utils3.1.03.2.0
lombok1.18.21.18.8
javax.ejb:javax.ejb-api3.23.2.2
javax.servlet:javax.servlet-api3.1.04.0.1
javax.ws.rs:javax.ws.rs-api2.02.1.1
org.eclipse.jetty:apache-jsp9.4.17.v201904189.4.17.v20190418
org.jboss.arquillian.config:arquillian-config-api1.4.0.Final1.4.1.Final
byte-buddynot used1.9.13
commons-codec1.111.12
commons-lang33.8.13.9
commons-text1.41.7
httpclient4.5.64.5.9
httpcore4.4.104.4.11
assertj-core3.12.03.12.2
hibernate-core5.0.12.Final5.4.3.Final
eclipselink2.7.3-RC12.7.4
java-jwt3.4.03.8.1
javax.persistence2.1.02.2.1
joda-time2.102.10.2
jooq3.6.23.11.11
jsoup1.11.31.12.1
liquibase-core3.6.23.6.3
spring-security-oauth2.3.4.RELEASE2.3.6.RELEASE
tomcat-annotations-api8.5.408.5.42
tomcat-jdbc8.5.408.5.42
io.rest-assured:json-path3.2.04.0.0
javax:javaee-api7.08.0.1
javax.validation:validation-api1.1.0.Final2.0.1.Final
org.assertj:assertj-guava3.2.03.2.1
org.hibernate.validator:hibernate-validator6.0.13.Final6.0.17.Final
lombok-maven-plugin1.18.2.01.18.6.0
javax.cache:cache-api1.0.01.1.1
vavr0.9.20.9.3
wiremock2.19.02.20.0
io.github.resilience4j:resilience4j-bulkhead0.14.00.16.0
io.github.resilience4j:resilience4j-cache0.14.00.16.0
io.github.resilience4j:resilience4j-timelimiter0.14.00.16.0

  • The dependency org.checkerframework:checker-qual has been excluded entirely. That is, it is neither a direct dependency of the SAP Cloud SDK anymore, nor is it a transitive dependency of both Caffeine and Guava.

  • Renamed/Moved Modules. Our goals with the renaming were the following:

    • Use the prefix com.sap.cloud.sdk instead of com.sap.cloud.s4hana.
    • Make all artifact ids unique, so that tools gradle can easily consume our modules.
    • The term s4hana in the group id is only used if the contained module is in some way specific for SAP S/4HANA.
    • Remove all obsolete modules.
v2.19.2v3.0.0
com.sap.cloud.s4hana.archetypes:archetypes-parentcom.sap.cloud.sdk.archetypes:archetypes-parent
com.sap.cloud.s4hana.archetypes:scp-cf-springcom.sap.cloud.sdk.archetypes:scp-cf-spring
com.sap.cloud.s4hana.archetypes:scp-cf-tomcat
com.sap.cloud.s4hana.archetypes:scp-cf-tomeecom.sap.cloud.sdk.archetypes:scp-cf-tomee
com.sap.cloud.s4hana.archetypes:scp-neo-javaee7com.sap.cloud.sdk.archetypes:scp-neo-javaee7
com.sap.cloud.s4hana.cloudplatform:auditlogcom.sap.cloud.sdk.cloudplatform:auditlog
com.sap.cloud.s4hana.cloudplatform:auditlog-scp-cfcom.sap.cloud.sdk.cloudplatform:auditlog-scp-cf
com.sap.cloud.s4hana.cloudplatform:auditlog-scp-neocom.sap.cloud.sdk.cloudplatform:auditlog-scp-neo
com.sap.cloud.s4hana.cloudplatform:cachingcom.sap.cloud.sdk.cloudplatform:caching
com.sap.cloud.s4hana.cloudplatform:cloudplatform-parentcom.sap.cloud.sdk.cloudplatform:cloudplatform-parent
com.sap.cloud.s4hana.cloudplatform:concurrency-scp-neocom.sap.cloud.sdk.cloudplatform:concurrency-scp-neo
com.sap.cloud.s4hana.cloudplatform:connectivitycom.sap.cloud.sdk.cloudplatform:cloudplatform-connectivity
com.sap.cloud.sdk.cloudplatform:cloudplatform-connectivity-scp
com.sap.cloud.s4hana.cloudplatform:connectivity-scp-cfcom.sap.cloud.sdk.cloudplatform:cloudplatform-connectivity-scp-cf
com.sap.cloud.s4hana.cloudplatform:connectivity-scp-neocom.sap.cloud.sdk.cloudplatform:cloudplatform-connectivity-scp-neo
com.sap.cloud.s4hana.cloudplatform:corecom.sap.cloud.sdk.cloudplatform:cloudplatform-core
com.sap.cloud.s4hana.cloudplatform:core-scp-cfcom.sap.cloud.sdk.cloudplatform:cloudplatform-core-scp-cf
com.sap.cloud.s4hana.cloudplatform:core-scp-neocom.sap.cloud.sdk.cloudplatform:cloudplatform-core-scp-neo
com.sap.cloud.s4hana.cloudplatform:meteringcom.sap.cloud.sdk.cloudplatform:metering
com.sap.cloud.s4hana.cloudplatform:metering-scp-neocom.sap.cloud.sdk.cloudplatform:metering-scp-neo
com.sap.cloud.sdk.cloudplatform:resilience
com.sap.cloud.s4hana.cloudplatform:sap-passportcom.sap.cloud.sdk.cloudplatform:sap-passport
com.sap.cloud.s4hana.cloudplatform:scp-cfcom.sap.cloud.sdk.cloudplatform:scp-cf
com.sap.cloud.s4hana.cloudplatform:scp-neocom.sap.cloud.sdk.cloudplatform:scp-neo
com.sap.cloud.s4hana.cloudplatform:securitycom.sap.cloud.sdk.cloudplatform:security
com.sap.cloud.s4hana.cloudplatform:security-scp-cfcom.sap.cloud.sdk.cloudplatform:security-scp-cf
com.sap.cloud.s4hana.cloudplatform:security-scp-neocom.sap.cloud.sdk.cloudplatform:security-scp-neo
com.sap.cloud.sdk.cloudplatform:security-servlet
com.sap.cloud.s4hana.cloudplatform:servletcom.sap.cloud.sdk.cloudplatform:servlet
com.sap.cloud.s4hana.cloudplatform:tenantcom.sap.cloud.sdk.cloudplatform:tenant
com.sap.cloud.s4hana.cloudplatform:tenant-scp-cfcom.sap.cloud.sdk.cloudplatform:tenant-scp-cf
com.sap.cloud.s4hana.cloudplatform:tenant-scp-neocom.sap.cloud.sdk.cloudplatform:tenant-scp-neo
com.sap.cloud.s4hana.datamodel:bapi-api
com.sap.cloud.s4hana.datamodel:bapi-generator
com.sap.cloud.s4hana.datamodel:bapi-parent
com.sap.cloud.s4hana.datamodel:messaging-apicom.sap.cloud.sdk.s4hana:s4hana-api-messaging
com.sap.cloud.sdk.datamodel:datamodel-parent
com.sap.cloud.s4hana.datamodel:messaging-corecom.sap.cloud.sdk.datamodel:messaging-core
com.sap.cloud.s4hana.datamodel:messaging-generatorcom.sap.cloud.sdk.datamodel:messaging-generator
com.sap.cloud.s4hana.datamodel:messaging-jmscom.sap.cloud.sdk.datamodel:messaging-jms
com.sap.cloud.s4hana.datamodel:messaging-parentcom.sap.cloud.sdk.datamodel:messaging-parent
com.sap.cloud.s4hana.datamodel:odata-apicom.sap.cloud.sdk.s4hana:s4hana-api-odata
com.sap.cloud.s4hana.datamodel:odata-corecom.sap.cloud.sdk.datamodel:odata-core
com.sap.cloud.s4hana.datamodel:odata-generatorcom.sap.cloud.sdk.datamodel:odata-generator
com.sap.cloud.s4hana.datamodel:odata-generator-clicom.sap.cloud.sdk.datamodel:odata-generator-cli
com.sap.cloud.s4hana.datamodel:odata-generator-maven-plugincom.sap.cloud.sdk.datamodel:odata-generator-maven-plugin
com.sap.cloud.s4hana.datamodel:odata-parentcom.sap.cloud.sdk.datamodel:odata-parent
com.sap.cloud.s4hana.frameworks:cxfcom.sap.cloud.sdk.frameworks:cxf
com.sap.cloud.s4hana.frameworks:eclipselinkcom.sap.cloud.sdk.frameworks:eclipselink
com.sap.cloud.s4hana.frameworks:eclipselink-javaeecom.sap.cloud.sdk.frameworks:eclipselink-javaee
com.sap.cloud.s4hana.frameworks:frameworks-parentcom.sap.cloud.sdk.frameworks:frameworks-parent
com.sap.cloud.s4hana.frameworks:hystrix
com.sap.cloud.s4hana.frameworks:hystrix-scp-neo
com.sap.cloud.s4hana.frameworks:javaeecom.sap.cloud.sdk.frameworks:javaee
com.sap.cloud.s4hana.frameworks:jaxrscom.sap.cloud.sdk.frameworks:jaxrs
com.sap.cloud.s4hana.frameworks:jaxrs-gsoncom.sap.cloud.sdk.frameworks:jaxrs-gson
com.sap.cloud.s4hana.frameworks:liquibasecom.sap.cloud.sdk.frameworks:liquibase
com.sap.cloud.s4hana.frameworks:liquibase-javaeecom.sap.cloud.sdk.frameworks:liquibase-javaee
com.sap.cloud.sdk.frameworks:resilience4j
com.sap.cloud.s4hana.frameworks:spring-boot-multitenancy-scp-cfcom.sap.cloud.sdk.frameworks:spring-boot-multitenancy-scp-cf
com.sap.cloud.s4hana.frameworks:spring-webcom.sap.cloud.sdk.frameworks:spring-web
com.sap.cloud.s4hana.frameworks:togglzcom.sap.cloud.sdk.frameworks:togglz
com.sap.cloud.s4hana.plugins:plugins-parentcom.sap.cloud.sdk.plugins:plugins-parent
com.sap.cloud.s4hana.plugins:s4sdk-maven-plugincom.sap.cloud.sdk.plugins:scp-neo-maven-plugin
com.sap.cloud.s4hana.plugins:scp-neo-maven-plugincom.sap.cloud.sdk.plugins:usage-analytics
com.sap.cloud.s4hana.plugins:usage-analyticscom.sap.cloud.sdk.plugins:usage-analytics-maven-plugin
com.sap.cloud.s4hana.quality:commoncom.sap.cloud.sdk.quality:common
com.sap.cloud.s4hana.quality:httpclient-listenercom.sap.cloud.sdk.quality:httpclient-listener
com.sap.cloud.s4hana.quality:listeners-allcom.sap.cloud.sdk.quality:listeners-all
com.sap.cloud.s4hana.quality:odata-querylistenercom.sap.cloud.sdk.quality:odata-querylistener
com.sap.cloud.s4hana.quality:pmd-plugincom.sap.cloud.sdk.quality:pmd-plugin
com.sap.cloud.s4hana.quality:pmd-rulescom.sap.cloud.sdk.quality:pmd-rules
com.sap.cloud.s4hana.quality:quality-parentcom.sap.cloud.sdk.quality:quality-parent
com.sap.cloud.s4hana.quality:rfc-querylistenercom.sap.cloud.sdk.quality:rfc-querylistener
com.sap.cloud.s4hana.services:blockchaincom.sap.cloud.sdk.services:blockchain
com.sap.cloud.s4hana.services:recast-aicom.sap.cloud.sdk.services:recast-ai
com.sap.cloud.s4hana.services:scp-blockchaincom.sap.cloud.sdk.services:scp-blockchain
com.sap.cloud.sdk.services:scp-business-logging-core
com.sap.cloud.s4hana.services:scp-kernel-servicescom.sap.cloud.sdk.services:scp-kernel-services
com.sap.cloud.s4hana.services:scp-machine-learningcom.sap.cloud.sdk.services:scp-machine-learning
com.sap.cloud.s4hana.services:services-parentcom.sap.cloud.sdk.services:services-parent
com.sap.cloud.s4hana.tests:end-to-end-testscom.sap.cloud.sdk.tests:end-to-end-tests
com.sap.cloud.s4hana.tests:integration-testscom.sap.cloud.sdk.tests:integration-tests
com.sap.cloud.s4hana.tests:odata-generator-testscom.sap.cloud.sdk.tests:odata-generator-tests
com.sap.cloud.s4hana.tests:performance-testscom.sap.cloud.sdk.tests:performance-tests
com.sap.cloud.s4hana.tests:tests-parentcom.sap.cloud.sdk.tests:tests-parent
com.sap.cloud.s4hana.tests:unit-testscom.sap.cloud.sdk.tests:unit-tests
com.sap.cloud.s4hana:authorizations
com.sap.cloud.s4hana:connectivitycom.sap.cloud.sdk.s4hana:s4hana-connectivity
com.sap.cloud.s4hana:connectivity-abap
com.sap.cloud.s4hana:corecom.sap.cloud.sdk.s4hana:s4hana-core
com.sap.cloud.s4hana:datamodel
com.sap.cloud.s4hana:fluent-resultcom.sap.cloud.sdk.datamodel:fluent-result
com.sap.cloud.s4hana:hierarchy
com.sap.cloud.s4hana:odata-service-discovery
com.sap.cloud.s4hana:plainstring
com.sap.cloud.s4hana:rfccom.sap.cloud.sdk.s4hana:rfc
com.sap.cloud.s4hana:rfc-json
com.sap.cloud.s4hana:s4hana-allcom.sap.cloud.sdk.s4hana:s4hana-all
com.sap.cloud.s4hana:s4hana-parentcom.sap.cloud.sdk.s4hana:s4hana-parent
com.sap.cloud.sdk.s4hana:s4hana-api-parent
com.sap.cloud.s4hana:sdk-bomcom.sap.cloud.sdk:sdk-bom
com.sap.cloud.s4hana:sdk-modules-bomcom.sap.cloud.sdk:sdk-modules-bom
com.sap.cloud.s4hana:sdk-parentcom.sap.cloud.sdk:sdk-parent
com.sap.cloud.s4hana:signing
com.sap.cloud.s4hana:soapcom.sap.cloud.sdk.datamodel:soap
com.sap.cloud.s4hana:sql
com.sap.cloud.s4hana:tables
com.sap.cloud.s4hana:testutilcom.sap.cloud.sdk.testutil:testutil-core
com.sap.cloud.sdk.testutil:testutil-parent
com.sap.cloud.s4hana:testutil-resourcescom.sap.cloud.sdk.testutil:testutil-resources
com.sap.cloud.s4hana:userprofile

New Functionality

  • Provide builders to construct destinations explicitly by providing values for properties in code, for example, DefaultHttpDestination.builder or ScpCfHttpDestination.builder.
  • Give more control when loading a destination by providing DestinationOptions.
    • Different destination loaders such as ScpCfDestinationLoader or ScpNeoDestinationLoader will consider different options that give fine-granular control over the behavior when loading the destination (for example, if provider or subscriber destinations shall take precedence).
    • Construct a DestinationOptions instance via the builder method.
    • Use the augmentBuilder method to set configuration parameters that are specific to a loader (platform or environment) using an appropriate class implementing DestinationOptionsAugmenter.
  • Execute code (given as Callable or Executable) by overriding (that is, "on-behalf of") the Tenant, Principal, or AuthToken of the context in TenantAccessor, PrincipalAccessor, and AuthTokenAccessor.
    • At the example of TenantAccessor.executeWithTenant, the given callable/executable will be executed in a context where the given tenant is set as the current tenant.
    • In addition to overriding, provide the option to set a fallback for a single execution (for example, with TenantAccessor.executeWithFallbackTenant) or globally (for example, with TenantAccessor.setFallbackTenant). Whenever, for example, a tenant is requested but not available, the SAP Cloud SDK will retrieve a fallback tenant from the given supplier.
  • Offer access to the current request, if available, via the new RequestAccessor and allow overriding the request and providing a fallback request when executing code.
  • Make XsuaaService public for communicating with a given XSUAA service on SAP Cloud Platform, Cloud Foundry.

Improvements

  • Decouple the implementation of resilient behavior from a concrete framework with the generic functional-style adapters in com.sap.cloud.sdk.cloudplatform.resilience. Provide default implementation of resilience using resilience4j as underlying library.
    • Provide ResilienceDecorator as the entry point for wrapping any code (callable or supplier) with resilient behavior.
    • Provide ResilienceConfiguration
  • Allow using any JSR-107 (JCache) compliant library for caching as part of resilience.
  • Allow nesting of ThreadContexts.
  • Improve log output on log level "debug" for DefaultMessageDelegator to improve error inspection in the messaging core module.