Skip to main content

release-notes-15-to-29

3.29.1 - September 24, 2020

Javadoc | Release blog | Maven Central

Compatibility Notes

  • To leverage the new OData v2 client, you need to adjust existing code. Refer to documentation on how to switch for detailed instructions.
  • We start deprecating APIs of the outdated OData v2 client. In this release we deprecated:
    • Methods: execute, toQuery, withErrorHandler, cachingMetadata, withoutCachingMetadata, ignoringVersionIdentifier and ignoreVersionIdentifier.
    • Error handler: ODataVdmErrorResultHandler.
    • Exception classes VersionIdentifierMissingException and VersionIdentifierExpiredException.
    • You'll find instructions how to adjust the code to use the new OData v2 client in the Javadoc of deprecated method or class.

New Functionality

  • The improved OData v2 type-safe client is now Generally Available. From now on we recommend it for OData API consumption. Refer to the documentation on how to switch for more details on the new OData 2 client.

    • The methods executeRequest are no longer marked as Beta and ready for use in production code.
    • The new methods matchAnyVersionIdentifier() and disableVersionIdentifier() allow for better control over ETag handling.

  • The DefaultHttpDestination and DefaulErptHttpDestination can use a java.security.KeyStore and a key store password for HTTP communication. This is especially useful when utilizing mutual TLS (mTLS) for the communication with a remote system. Use the respective builder methods to set these values as in the following code snippet:

final DefaultHttpDestination defaultHttpDestination =
            DefaultHttpDestination.builder(uri).
            keyStore(keyStore).
            keyStorePassword(keyStorePassword).
            build();
  • We updated the Workflow API client library that is shipped as scp-workflow-cf module. It now supports the latest Workflow API service features.

Improvements

  • Handle requesting a CSRF token for OData V4 batch operations and actions

  • Improve the log output and error handling of CSRF token requests

  • In case a DefaultErpHttpDestination decorates an On-Premise HttpDestination and the destination configuration lacks an sap-client property, a notification appears in app logs to raise awareness of potential authentication issues.

  • Update and Delete requests in OData v4 type-safe client no longer send a * in the IF_MATCH header if no version identifier (ETag) has been retrieved from the server previously. This ensures consistent behavior of Update and Delete requests and protects you from unintended data loss and integrity problems.

  • Dependency Updates:

    • Update SAP Cloud Security Client from 2.7.6 to 2.7.7
    • Upgrade Fabric SDK for Java from 2.1.0 to 2.2.1
    • Upgrade Fabric Gateway for Java from 2.1.0 to 2.2.0
    • Upgrade Commons Codec from 1.14 to 1.15
    • Upgrade Commons IO from 2.7.0 to 2.8.0
    • Upgrade AssertJ from 3.17.0 to 3.17.2
    • Upgrade Mockito from 3.5.7 to 3.5.10
    • Upgrade Wiremock from 2.27.1 to 2.27.2
    • Upgrade Netty from 4.1.51.Final to 4.1.52.Final

Fixed Issues

  • Fix an issue where invalid service metadata files would cause the odata-generator to fail. The generator now skips such services with a warning and only fails if the failOnWarning flag is set.
  • Fix special characters escaping and double encoding issues. The following characters are encoded now:
    • %, # ,' ', ? , \ and " in the service and entity path
    • %, # ,' ', ? , \ , " , $ and & in system query options
    • %, # ,' ', ? , \ , " , $ , & and / in string parameters being passed in functions and GetByKey requests

3.28.1 - September 10, 2020

Javadoc | Release blog | Maven Central

Compatibility Notes

  • Blockchain Business Services: The constructors of classes Me and Partner are no longer public. New instances can be constructed using a builder, by calling Me.builder() and Partner.builder() respectively.
  • Blockchain Business Services: IdentityClient.deletePartner now only requires the Partner's ID instead of a full object.

New Functionality

  • The Currency Conversion library has been added. You can use this library to facilitate currency exchange rate conversions within your Cloud application.
    • Note that no exchange rates are provided by the library. It is assumed that you have your own data providers for getting the exchange rates.
    • The library supports bulk conversions, direct one-to-one conversions from a source value to a target value, and indirect conversions based on inverse rates or a reference currency.
    • You can perform currency conversions based on a fixed currency exchange rate, or a non-fixed rate (if you want the library to select the most appropriate rate based on a list of data from various data providers).
    • To use the library, add the currency-conversion-core and currency-conversion-datamodel Maven dependencies in your pom.xml.

Improvements

  • Update dependencies:
    • Update SAP Cloud Security Client from 2.7.5 to 2.7.6
    • Update AssertJ Core from 3.16.1 to 3.17.0
    • Update Caffeine from 2.8.4 to 2.8.5
    • Update Apache Commons Lang from version 3.10 to 3.11
    • Update Apache Commons Text from version 1.8 to 1.9
    • Update Apache CXF from 3.3.6 to 3.3.7
    • Update Mockito from 3.3.3 to 3.5.7
    • Update Jackson from 2.11.0 to 2.11.2
    • Update Junit Pioneer from 0.6.0 to 0.9.0
    • Update Netty from 4.1.50.Final to 4.1.51.Final
    • Update Jetty from 9.4.27.v20200227 to 9.4.31.v20200723
    • Update Protocol Buffers Java from 3.12.1 to3.12.2
    • Update Resilience4J from 1.4.0 to 1.5.0
    • Update Spring from version 5.2.6.RELEASE to 5.2.8.RELEASE
    • Update Spring Security from 5.3.2.RELEASE to 5.3.4.RELEASE
    • Update Wiremock from 2.26.3 to 2.27.1
    • Update Togglz from 2.6.1.Final to 2.8.0
    • Update SQLite JDBC Driver from 3.28.0 to 3.32.3.2
    • Update JavaPoet from 1.12.1 to 1.13.0
    • Update Spring Boot from 2.3.0.RELEASE to 2.3.2.RELEASE
    • Update JSON Unit AssertJ from 2.17.0 to 2.18.1
    • Update io.projectreactor:reactor-core from 3.3.5.RELEASE to 3.3.9.RELEASE
    • Update CDS4 from 1.11.0 to 1.12.1
    • Update com.squareup.okio:okio from 2.6.0 to 2.7.0

Fixed Issues

  • Fix an issue where numbers where not serialised correctly in OData V2 requests using executeRequest. Fractional and long numbers are now correctly serialised as JSON strings.
  • Fix an org.springframework.beans.BeanInstantiationException with a nested java.lang.NoSuchMethodException when adding the Maven dependency scp-workflow-cf to a Spring Boot project

3.27.0 - August 27, 2020

New functionality

  • The implicit properties of DefaultHttpClientFactory can now be customized.
    • With HttpClientAccessor.setHttpClientFactory( HttpClientFactory ) it is possible to change the logic that manages creation and configuration of HttpClient instances. These clients are used to handle the connection between platform services and integration endpoints internally. The DefaultHttpClientFactory class has been updated to allow for conveniently changing properties like time-out duration and maximum number of connections. Since the implementation can easily be extended, a custom logic would not need to start from scratch.
    • To change the properties, either create a new class that inherits from DefaultHttpClientFactory and override the accessor methods with scope protected. Or explore the flexible builder pattern for a similar result: DefaultHttpClientFactory.builder().
    • For more information, please find the related documentation.

Improvements

  • Improve log message quality of OData V2 errors that may occur within executeRequest method.

  • Update dependencies in maven archetypes:

    • Archetype scp-cf-tomee:
      • Update tomee-maven-plugin from 8.0.3 to 8.0.4
    • Archetype scp-cf-spring:
      • Update spring-boot from 2.3.0.RELEASE to 2.3.2.RELEASE
    • Archetype scp-neo-javaee7:
      • Update scp.sdkVersion from 1.74.10 to 1.79.14

3.26.0 - August 13, 2020

New functionality

OData and type-safe client libraries

  • We released a Beta version of improved type-safe client library implementation for OData v2 protocol which now shares a code base with OData v4 protocol. It brings significant advantages like:
    • Boosting performance by avoiding unnecessary metadata calls
    • The same code base for both OData protocol versions speeds up the innovation cycle and unlocks the developing of advanced features for both OData versions.
  • The results of create and update operations in OData v4 type-safe client now offer getModifiedEntity() method which returns a new Entity object including any changes to payload or metadata the service may have responded with.
  • We released a regular update for pregenerated type-safe client libraries (also known as VDM) for the latest RTC release 2008 of SAP S/4HANA Cloud.
    • The update covers all the changes to existing services and introduces new ones. You'll find them in com.sap.cloud.sdk.s4hana.datamodel.odata.services and com.sap.cloud.sdk.s4hana.datamodel.odatav4.services. Below is the quick reference on difference and compatibility between 2005 and current 2008 of SAP S/4HANA Cloud releases:
    • These deprecated OData services are no longer allowed:
    • These OData service methods have a changed argument order:
      • In service SalesDocumentWithCreditBlocksService the methods rejectCreditBlock and releaseCreditBlock are updated.
      • In service CustomerReturnsDeliveryV2Service the methods setPutawayQuantityWithBaseQuantity, putawayOneItemWithBaseQuantity and putawayOneItemWithSalesQuantity are updated.
    • These OData service methods have been removed:
      • In service ProductionOrderConfirmationV2Service the method createProdnOrdConfMatlDocItm has been removed.
      • In service ProcessOrderConfirmationV2Service the method createProcOrdConfMatlDocItm has been removed.
      • In service SupplierInvoiceIntegrationService the methods createSuplrInvcItemAcctAssgmt and createSuplrInvcItemPurOrdRef have been removed.
    • For reference on what OData services are included in current release, check out SAP Business Accelerator Hub for SAP S/4HANA Cloud

REST

  • The experimental REST SCP Workflow client library got enhanced with a new API class constructor that expects an ApiClient, which allows for easier integration with e.g., the Spring RestTemplate.

    final String basePath = "https://my-api.org";
    final RestTemplate restTemplate  = obtainRestTemplate();

    final ApiClient apiClient = new ApiClient(restTemplate).setBasePath(basePath);

    new WorkflowDefinitionsApi(apiClient).queryDefinitions();

SAP Cloud Platform - Clound Foundry

  • We added support for new authentication types recently introduced on SAP Cloud Platform - Cloud Foundry. It further improves handling of Destinations and keeps the SAP Cloud SDK up to date with SCP features:
    • SAP_ASSERTION_SSO
    • OAuth2JWTBearer
    • OAuth2Password

Known issues

  • The module testutil-core references the dependency org.eclipse.jetty:jetty-server:jar:9.4.27.v20200227 transitively which is subject to vulnerability CVE-2019-17638. As we look into updating to the newest version of jetty-server, one can mitigate the risk by assuming that testutil-core is used for testing only and hence not used in production environments.

Compatibility notes

  • Client library for ELECTRONICDOCFILE_0001 service is missing from SAP S/4HANA 2008 release. We're working to fix this as fast as possible and will communicate it in release notes.

Fixed Issues

  • Fix an issue where calling a remote-enabled function module that returns a table of type raw (byte sequence) returned the hash code of the byte sequence. It returns the String representation of the byte sequence instead now.
  • Fix a NullPointerException when invoking a function module in SAP S/4HANA which is not remote-enabled or does not exist.
  • Fix an issue where calling a remote-enabled function module with a byte sequence as an exporting parameter was not supported before. It is now possible to pass byte sequences as exporting parameters.

3.25.0 - July 30, 2020

New Functionality

  • OData 4.0: Extract version identifiers from the ETag header in case of create and update operations. Now result entities obtained via ModificationRespnse#getResponseEntity() will contain a version identifier. It will be sent as IF-MATCH header in subsequent update and delete operations.

  • New experimental method ScpCfDestinationLoader#tryGetDestination. It allows for custom request handling to resources on SAP Cloud Platform Destination Service. With the handler acting as functional interface, you can conveniently manage your own HTTP interaction. E.g.

    String destinationName;
    String basePath;
    String relativePath;

    Try<ScpCfDestination> destination = new ScpCfDestinationLoader()
      .tryGetDestination(
        destinationName, basePath, relativePath,
        (uri) -> restTemplate.getForObject(uri, ScpCfDestinationServiceV1Response.class));

Improvements

  • Update dependencies:

  • Update Maven plugins in Maven archetypes:

    • Archetype scp-cf-tomee:
      • Update tomee-maven-plugin from 8.0.1 to 8.0.3
    • Archetype scp-cf-tomee and neo-javaee7:
      • Update maven-war-plugin from 3.2.3 to 3.3.1

  • Add public enum SoapNamespace to rfc module, with experimental support to customize expected XML tag namespace from SOAP response messages. This can be useful if target SOAP service is not working with ABAP code.

  • The principal id can be extracted from authorization tokens of grant type urn:ietf:params:oauth:grant-type:jwt-bearer.

Fixed Issues

  • Fix an issue on SCP Neo with anonymous HTTP requests being blocked, when optional module concurrency-scp-neo was added as application dependency.
  • Fix an issue with SOAP wrapped RFC and BAPI calls that sends pure exporting parameters as empty tags in SOAP serialised requests. Exporting parameters are no longer sent in SOAP serialised requests.
  • Fix an issue with SOAP wrapped RFC and BAPI calls where de-serialisation failed when the exporting parameter is a list and is empty.
  • Fixed an issue with listeners where FileWritingODataQueryListener was inadvertently called for OData CRUD operations.

3.24.0

Release date: July 16, 2020

Improvements

3.23.0

Compatibility Notes

  • Method and parameter names for the SCP Workflow client library were adjusted

Improvements

  • Improved the error messages shown when JWT validation fails.

  • Improved the AuthTokenBuilder so that public keys used for verification of authorization tokens created by it are now being cached.

  • Client Library for SCP Workflow:

    • Method names improved to better reflect the Workflow domain
    • Methods return strong return types, the previous version had generic return types
    • Parameter names improved to better reflect their semantics

  • Update dependencies:

    • Update com.mikesamuel:json-sanitizer from 1.2.0 to 1.2.1
    • Update org.json:json from 20190722 to 20200518
    • Update commons-io:commons-io from 2.6 to 2.7
    • Update org.springframework.security.oauth:spring-security-oauth2 from 2.4.1.RELEASE to 2.5.0.RELEASE
    • Update com.github.ben-manes.caffeine:caffeine from 2.8.1 to 2.8.4
    • Update com.google.errorprone:error_prone_annotations from 2.3.4 to 2.4.0
    • Update io.projectreactor:reactor-core from 3.3.4.RELEASE to 3.3.5.RELEASE
    • Update Spring Boot from 2.2.7.RELEASE to 2.3.0.RELEASE
    • Update com.squareup.okio:okio from 2.4.3 to 2.6.0
    • Update OK HTTP from 4.4.1 to 4.5.0
    • Update SAP Cloud Security Client from 2.6.2 to 2.7.2

Fixed Issues

3.22.0

Compatibility Notes

  • Deprecated the constructor SoapRequest(Class<ServiceT>, Destination) in favor of SoapRequest(Class<ServiceT>, HttpDestination) because SOAP API invocation always uses the HTTP protocol.

New Functionality

  • A new, experimental API to run generic OData batch requests via ODataRequestBatch in version agnostic module odata-client. It allows for batching entity read and modification requests. Modifications are grouped within changesets and, depending on the service implementation, they are expected to rollback if one change in the set was unsuccessful. Multiple changesets and read requests can be attached. The class supports entity request handling for create, read, update and delete, as well as service specific functions and actions.

    • Notes

      • The API is not considered final yet. The class is @Beta annotated. Please refrain from using it in productive application code.

      • There are no helper methods on the result object yet to conveniently parse the multipart response. However the HttpResponse object can be accessed already.

      • The order of method invocations matters. It defines how the individual requests are serialized, when constructing the multipart batch request.

      • Sample code:

        HttpClient httpClient;
        ODataRequestRead read1;
        ODataRequestCreate create2;
        ODataRequestUpdate update3;

        ODataRequestBatch batchRequest =
          new ODataRequestBatch( "service-path/", ODataProtocol.V4 )
            .addRead( read1 )
            .beginChangeset()
            .addCreate( create2 )
            .addUpdate( update3 )
            .endChangeset();

        batchRequest.execute( httpClient );

  • Add getAllDestinations(DestinationOptions options) in ScpCfDestinationLoader class to fetch all the cloud foundry destinations. The method prioritizes the destination at service instance level in case there exists a destination with the same name on service instance and on sub account level.

Fixed Issues

  • Fix an issue where subscriber tenant and principal information would not be available in asynchronous threads when running on SAP Cloud Platform Neo.

3.21.0

New Functionality

  • Enhance the interface CloudPlatform with the method setEnvironmentVariableReader(Function<String, String>) allowing adjusting the way how environment variables are read.
  • Add experimental filter expressions in OData client value types of package com.sap.cloud.sdk.datamodel.odata.client.expression to allow for custom requests having entity-independent, yet type-safe query filters.

Improvements

  • Update dependencies:
    • Update Java JWT from 3.10.2 to 3.10.3
    • Update Junit Pioneer from 0.5.6 to 0.6.0
    • Update AssertJ from 3.15.0 to 3.16.1
    • Update Spring from 5.2.5.RELEASE to 5.2.6.RELEASE
    • Update Spring Security from 5.3.1.RELEASE to 5.3.2.RELEASE
    • Update Hibernate Validator from 6.1.2.Final to 6.1.5.Final
    • Update Netty BOM from 4.1.49.Final to 4.1.50.Final
    • Update Stax2 api from 4.2to 4.2.1
    • Update Protocol Buffers Java from 3.11.4 to3.12.1
  • Update dependencies in maven archetypes:
    • Archetype scp-cf-spring:
      • Update spring-boot from 2.2.6.RELEASE to 2.3.0.RELEASE
    • Archetype scp-neo-javaee7:
      • Update scp.sdkVersion from 1.72.13 to 1.74.10

Fixed Issues

  • Fix an issue in the realm of HTTP destinations created through the SAP Cloud Platform Extension Factory where a DestinationAccessException occurs

3.20.0

New Functionality

  • New builder pattern for type Resilience4jDecorationStrategy to enable custom function decoration properties.

  • A new, experimental interface ServiceWithNavigableEntities for OData v4 VDM, to allow for recursive traversal of navigation properties in entity sets. This generic type offers type-safe methods to create a request along chained entities with their navigation properties. By delegating to the existing request builder classes, the interface supports all basic CRUD operations, plus count. You can use all existing request modifiers, e.g. filter or select statements in Read. The interface type is @Beta annotated to declare methods and sub-types are still open for changes in the future.

    • Example

      • Create a new Trip in Vacation (id 2020) of Person (username "John")

      • HTTP request: POST /ODataService/People('John')/Vacations(2020)/Trips

      • Sample code:

        Trip tripItem;

        CreateRequestBuilder<Trip> createRequest = service
          .forEntity( Person.builder().username("John").build() )
          .navigateTo( Person.VACATIONS )
          .forEntity( Vacation.builder().id(2020).build() )
          .navigateTo( Vacation.TRIPS )
          .create( tripItem );

        createRequest.execute( destination );

  • Add public methods String getApplicationUrl() and String getApplicationProcessId() to ScpCfCloudPlatform and expose them in CloudPlatform to partially match the existing public API of subtype ScpNeoCloudPlatform.

Improvements

  • Renamed module odata-v4-client to odata-client and packages contained from c.s.c.s.datamodel.odatav4.client to c.s.c.s.datamodel.odata.client. Only API that is declared unstable is affected so changes are only required if unstable parts of the API are being used explicitly.
  • The OData generator (so the odata-generator, odata-generator-cli, and odata-generator-maven-plugin modules) are now able to also parse swagger files according to the OpenAPI v3 spec (in addition to the already supported OpenAPI v2 spec).

3.19.1

Compatibility Notes

  • As part of the update of the OData VDM to SAP S/4HANA Cloud 2005, in the Inbound Delivery (A2X) - API_INBOUND_DELIVERY_SRV_0002 API, some previously published methods that were not actually supported by the SAP S/4HANA system (like CRUD support for entity MaintenanceItemObjList) were removed from the SAP Business Accelerator Hub and as a consequence, from the SAP Cloud SDK.

New Functionality

3.19.0

  • Release date: April 30, 2020

New Functionality

  • Introducing the client library for the Workflow API on SAP Cloud Platform, Cloud Foundry

    • Example usage:
    final HttpDestination httpDestination = DestinationAccessor.getDestination(destinationName).asHttp();

    final List<WorkflowDefinition> workflowDefinitions =
                    new WorkflowDefinitionsApi(httpDestination).getWorkflowDefinitions();
    • Maven dependency:
    <dependency>
        <groupId>com.sap.cloud.sdk.services</groupId>
        <artifactId>scp-workflow-cf</artifactId>
    </dependency>

  • New VDM request builder for OData v4 to fetch the count of entries in an entity collection endpoint. The result is a non-null Long, the number of matching entries according to optional filter and search expressions.

    • Example for the VDM usage:

      long numEntries = new DefaultEntityService()
        .countEntities()
        .filter(SomeEntity.FIELDNAME.contains("foo"))
        .search("bar")
        .execute(someDestination);

    • Example for the generic usage:

      long numEntries = new CountRequestBuilder<>("/odata/service/path/", SomeEntity.class)
        .filter(SomeEntity.FIELDNAME.contains("foo"))
        .search("bar")
        .execute(someDestination);

  • Provide support for unbound actions in OData v4. The OData v4 generator generates unbound actions at the service level. Etag handling in actions is still not supported.

    • Note: Regenerate the VDM to enable these features on your classes.

  • The VDM request builders for OData v4 to delete and update entities DeleteRequestBuilder and UpdateRequestBuilder allow to influence the submission of the version identifier (ETag) of the respective entity in the remote system.

    • The method disableVersionIdentifier allows to avoid that the request header If-Match is sent at all.
    • The method matchAnyVersionIdentifier allows to control that the request header If-Match is sent with the value *.
    • Note that if both methods are invoked on the same request builder, the latest invocation takes precedence.
    • Example for the VDM usage to delete an entity without sending a version identifier:
    new DefaultEntityService()
    .deleteEntity(entity)
    .disableVersionIdentifier()
    .execute(destination);

    • Example for the VDM usage to update an entity while sending the * value in the request header:

      new DefaultEntityService()
      .updateEntity(entity)
      .matchAnyVersionIdentifier()
      .execute(destination);

Improvements

  • Update dependencies:
    • Update Guava from 28.2-jre to 29.0-jre
    • Update Apache CXF from 3.3.5 to 3.3.6
    • SAP Cloud Security Client from 2.6.1 to 2.6.2
    • Update Jackson from 2.10.3 to 2.11.0
    • Update Resilience4J from 1.3.1 to 1.4.0
    • Update AssertJ Guava from 3.3.0 to 3.4.0
    • Update Spring Security OAuth from 2.4.0.RELEASE to 2.4.1.RELEASE
    • Update Fabric SDK from 2.0.0 to 2.1.0
    • Update Netty BOM from 4.1.48.Final to 4.1.49.Final
  • Update Maven plugins in Maven archetypes:
    • Archetype scp-cf-tomee:
      • Update tomee-maven-plugin from 7.0.5 to 8.0.1
    • Archetype scp-cf-spring:
      • Update spring-boot-maven-plugin from 2.2.5.RELEASE to 2.2.6.RELEASE
    • Archetype scp-neo-javaee7:
      • Update jacoco-maven-plugin from 0.8.2 to 0.8.5
      • Update maven-surefire-plugin from 3.0.0-M3 to 3.0.0-M4

3.18.0

Compatibility Notes

  • The custom pmd plugin (com.sap.cloud.sdk.quality:pmd-plugin) was removed. The ruleset (com.sap.cloud.sdk.quality:pmd-rules) from now on contains only the rules shipped with the SAP Cloud SDK. All other imported rules were removed. To still use the ruleset with standard pmd plugin, especially in the SAP Cloud SDK for Continuous Delivery, we recommend adding the following configuration to the root pom of your project:
<build>
    <pluginManagement>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-pmd-plugin</artifactId>
                <configuration>
                    <rulesets>
                        <ruleset>rulesets/cloud-sdk-qualities.xml</ruleset>
                        <ruleset>rulesets/java/maven-pmd-plugin-default.xml</ruleset>
                    </rulesets>
                </configuration>
                <dependencies>
                    <dependency>
                        <groupId>com.sap.cloud.sdk.quality</groupId>
                        <artifactId>pmd-rules</artifactId>
                        <version>3.18.0</version>
                    </dependency>
                </dependencies>
            </plugin>
        </plugins>
    </pluginManagement>
    ...
</build>

Improvements

  • Update Dependencies:
    • Spring Security from 5.3.0.RELEASE to 5.3.1.RELEASE
    • JUnit Pioneer from 0.5.5 to 0.5.6
    • Java JWT from 3.10.1 to 3.10.2
    • SAP Cloud Security Client from 2.5.3 to 2.6.0

3.17.2

  • Release date: Apr 15, 2020

Compatibility Notes

  • The beta annotated CustomOperationRequestBuilder class has been renamed as FunctionRequestBuilder

Fixed Issues

  • Fix an issue with access token validation in a provider/subscriber setup, when having multiple XSUAA service bindings, e.g. one with service plan broker and one with service plan application.

3.17.1

Improvements

  • The interface ResilienceDecorationStrategy now provides an additional, optional argument to pass a custom ExecutorService in methods decorateCallable and decorateSupplier. This way the thread pool and task execution can be adjusted upon decoration. If the time limiter is enabled, it will be running in a thread through the passed executor. If Callable or Supplier lambda is queued, then the asynchronous task will be run with the given ExecutorService as well.

  • For communication with XSUAA, the recommended JWT Bearer Token Grant is now preferred over (discouraged) combination of User Token Grant and Refresh Token. This saves one internal HTTP request and the "uaa.user" scope is not necessary any longer in the xs-security.json configuration of the XSUAA service instance.

Fixed Issues

  • Fix unnecessary second request to destination service, when using proxy type "OnPremise" and authentication type "Principal Propagation".

  • Fix a regression introduced in 3.16.1 where public keys for token validation are not cached.

3.17.0

  • Release date: April 2, 2020

New Functionality

  • New support for OData V4 - Deep Update.
    • Single and collection-based entity navigation properties can be used when updating a base entity. This way nested entities can be updated and created, while performing a single OData request.
    • Note: This feature can only be used with UpdateRequestBuilder#modifyingEntity() (default), and not with UpdateRequestBuilder#replacingEntity() (custom).
    • Note: Removing an existing element from a collection-based entity navigation property is not yet supported.

Improvements

  • The OData v4 VDM now allows for ordering by multiple fields through calling orderBy and passing fields to it with the corresponding order.

      getPersons().orderBy(Person.FIRST_NAME.asc(), Person.LAST_NAME.desc());

  • Update Dependencies

    • Update Java JWT from 3.10.0 to 3.10.1
    • Update Mockito from 3.3.0 to 3.3.1
    • Update Wiremock from 2.26.2 to 2.26.3
    • Update Spring Security from 5.2.2.RELEASE to 5.3.0.RELEASE
    • Update Netty BOM from 4.1.47.Final to 4.1.48.Final
    • Update Apache TomEE libraries from version 7.0.6 to 7.0.7
    • Update SAP Cloud Application Programming Model from version 1.38.0 to 1.39.0
    • Update SAP Cloud Security Client from 2.5.1 to 2.5.3
    • Update Apache Commons Lang from version 3.9 to 3.10
    • Update JUnit from version 5.6.0 to 5.6.1
    • Update JUnit Pioneer from version 0.5.4 to 0.5.5
    • Update Spring from version 5.2.4.RELEASE to 5.2.5.RELEASE

  • Dependencies and Maven plugin versions in the archetypes scp-cf-spring, scp-cf-tomee and scp-neo-javaee7 updated.

    • jacoco-maven-plugin updated to 0.8.5
    • maven-surefire-plugin updated to 3.0.0-M4
    • maven-enforcer-plugin updated to 3.0.0-M3
    • maven-war-plugin updated to 3.2.3
    • maven-dependency-plugin updated to 3.1.2
    • Spring Boot updated from 2.2.1.RELEASE to 2.2.5.RELEASE

Fixed Issues

  • Fix a bug in the odata-v4-generator that causes fields of type Edm.TimeOfDay to not be recognized and thus generated properly, leading to missing SimpleProperty fields on the generated entity.

3.16.1

Compatibility Notes

  • As the Olingo dependency was removed from the Virtual Data Model (VDM), Olingo types are now set as custom fields and can be accessed by method getCustomField("fieldName").

New Functionality

  • Introduce the module SCP Blockchain Client Fabric for easy interaction with a Hyperledger Fabric network using all necessary configuration and credentials from a standardized user-provided service in the Cloud Foundry environment.
  • JSON Web Tokens (JWT) are now validated using their issuer and jku properties. Public keys for signature verification are fetched from the URL specified by the jku property. This only works if the issuer domain matches the domain of the XSUAA service. In case this fails or if the properties are not set, the implementation falls back to the previous validation mechanisms (e.g. verification key of XSUAA service binding, XSUAA token endpoint provider).

Improvements

  • Update Dependencies
    • Update Slf4J from version 1.7.26 to 1.7.30
    • Update Jackson from version 2.10.2 to 2.10.3
    • Update Wiremock from version 2.26.1 to 2.26.2
    • Update Jetty from version 9.4.26.v20200117 to 9.4.27.v20200227
    • Update Spring from version 5.2.3.RELEASE to 5.2.4.RELEASE
    • Update Apache HttpComponents from version 4.5.11 to 4.5.12

Fixed Issues

  • Fix missing authorization header with Principal Propagation for On-Premise connectivitiy on CloudFoundry.
  • Fix several special characters escaping and encoding issues.
    • ? in the service path
    • # and & in filter and select expressions
    • ' in string literals and in string parameters being passed in functions and GetByKey requests
    • " and \ in search expressions

3.15.1

Compatibility Notes

  • Use the library XSUAA Token Client and Token Flow API for handling communication with XSUAA service instances.

    • If you mock XSUAA service requests in your tests, some assertions might need to be updated. When using the new library, XSUAA request parameters should be passed as HTTP body content instead of query arguments.
    • The internally used types SubdomainReplacer and DefaultSubdomainReplacer became obsolete and were removed. The usage of this classes was replaced by the new library.
    • The behavior of following methods in the utility class XsuaaService has been changed.
      • retrieveAccessTokenViaUserTokenGrant()
      • retrieveAccessTokenHeaderViaUserTokenGrant() The old behavior is implemented in following methods.
      • retrieveAccessTokenViaUserTokenExchange()
      • retrieveAccessTokenHeaderViaUserTokenExchange() The change was made in order to better reflect on the internal logic of these methods. In addition to "Token Grant", the "Token Exchange" flavored operation will perform an authorization request with "Refresh Token" flow, which is required for Principal Propagation when manually consuming the CloudFoundry Connectivity Service. Please update your code accordingly.

  • The module com.sap.cloud.sdk.services:blockchain has been renamed to com.sap.cloud.sdk.services:blockchain-client-multichain to better reflect its focus on the Multichain Service.

New Functionality

  • Stabilize OData v4 Virtual Data Model (VDM). Following parts are considered stable as of this release:
    • execute() on all request builders (e.g., `CreateRequestBuilder)
    • select(), filter(), top(), skip(), and search() on GetAllRequestBuilder
    • GetByKeyRequestBuilder.select()
    • of(), and(), or(), not() for defining a SearchExpression
    • includingFields(), replacingEntity(), modifyingEntity() on UpdateRequestBuilder
    • The generic exception class ODataException
    • The classes NavigationProperty, ComplexProperty and SimpleProperty
    • The OData v4 generator now generates ComplexProperty fields on entities that can be used to build queries. Single instances and collections of complex types are supported.
  • Provide support for unbound functions in OData v4. The OData v4 generator generates unbound functions at the service level.
  • The OData v4 generator now creates entity classes that are only referenced by navigation properties and functions (not part of an entity set).

Improvements

  • Introduce snakeyaml version 1.26 as direct dependency and exclude the one used by the jackson library to overcome the security vulnerability CVE-2017-18640.

  • Replace the SAP Cloud SDK implementation for handling authentication and authorization within the SAP Cloud Platform landscape by the library XSUAA Token Client and Token Flow API version 2.5.1. See the compatibility notes for details.

  • Update Dependencies

    • SAP Cloud Application Programming Model from version 1.37.1 to 1.38.0
    • Lombok from version 1.18.10 to 1.18.12
    • Caffeine from version 2.8.0 to 2.8.1
    • Commons CSV from version 1.7 to 1.8
    • Apache HTTP Components CSV from version 4.5.10 to 4.5.11
    • EclipseLink CSV from version 2.7.5 to 2.7.6
    • Liquibase CSV from version 3.6.3 to 3.8.6
    • Resilience4J CSV from version 1.2.0 to 1.3.1
    • JUnit CSV from version 5.5.2 to 5.6.0
    • JUnit Pioneer from version 0.5.1 to 0.5.4
    • Jetty from version 9.4.25.v20191220 to 9.4.26.v20200117
    • Spring Security from version 5.2.1.RELEASE to 5.2.2.RELEASE
    • Hibernate Validator from version 6.0.17.Final to 6.1.2.Final
    • Java JWT from version 3.9.0 to 3.10.0
    • AssertJ from version 3.14.0 to 3.15.0
    • Mockito from version 3.2.4 to 3.3.0
    • Wiremock from version 2.20.0 to 2.26.1
    • SAP Cloud Platform SDK For Neo Environment (Java EE 7 Web Profile TomEE 7) to version 1.69.18

Fixed Issues

  • Fix an issue where the OData v2 URL query generation was not escaping single-quotes ' in String literals correctly. This character can now be used as part of entity keys and filter expressions.
  • Fix an issue with Decimal OData values being formatted in unexpected scientific notation (e.g. 4.2e-7) instead of expected decimal form (e.g. 0.00000042). The solution is provided for serializing entity properties of Java type BigDecimal.