Liberator 7 includes new support for IPv6; improvements to the Permissioning Service, Liberator's Auth API, container performance, and the Liberator status page; and a technology preview of the next version of Liberator Explorer.
- New features
- Improved features
- Deploying Liberator 7 with Caplin Platform 6.2 components
Liberator 7 has the following new features:
Liberator 7 supports DataSource connections and StreamLink connections over IPv6.
For more information on IPv6 support, see Liberator: IPv6 networking.
Liberator 7 has the following feature improvements:
- Expanded field-match criteria in Permissioning Service rules
- Requested subject now available in the Liberator Auth API
- Enhanced status page
- Optimised serving of containers
- Technology preview of the next version of Liberator Explorer
You can now reference StreamLink application ID and KeyMaster mapping-values in the field-match criteria of permissioning rules. This enables you to make a user's privileges dependent on which application they use to login, and on any options they set at login.
- Application ID: grant users lower access privileges when they trade from a mobile device (Caplin FX Mobile) than when they trade from a desktop (Caplin FX Professional).
- KeyMaster mapping-values: grant users lower access privileges when they select read-only access on the login page.
For information on using the StreamLink application ID and KeyMaster mapping-values in field-match criteria, see Field-Match Criteria.
For information on Caplin's Permissioning Service, see User authentication and permissioning.
Liberator 7's Auth API now provides access to a subscription's subject in the form the client requested it, in addition to the backend subject that Liberator uses internally to service the client's request.
Writing authorisation algorithms for requested subjects has the advantages of simplicity and efficiency:
- You do not need to know the backend subjects that Liberator uses to service client requests.
- Your string-matching routines are not tied to the subject-naming conventions of a specific integration adapter.
- Your string-matching routines do not need to take account of identifiers that are often present in internal subjects, such as usernames and session identifiers.
- For example, it requires less code to match a requested subject of '/PRIVATE/FX/TRADE' than it does to match the (example) internal subject that serves the request: '/PRIVATE/user_session_id/FX/TRADE'.
The inclusion of the requested subject has required a breaking change to the Liberator Auth API.
To view the changes in the new API, follow the links below:
- See references to requestedSubject in the Liberator Auth API for Java:
- See references to requested_name in the Liberator Auth API for C:
- _authFuncs data structure
Note: Caplin's Permissioning Service 7 continues to use the mapped (internal) subject of each message. Rules and permissions defined for the Permissioning Service 6.2 can be re-used in the Permissioning Service 7. For more information on Caplin's Permissioning Service, see Platform Architecture: Permissioning.
Liberator 7 has a redesigned status page that now includes a list of the users who are currently logged in.
Session threads serving large containers now yield to other operations after a configurable number of records have been served. This allows a large container to be served without blocking other operations on the same thread.
For more information, see container-yield-size.
Liberator 7 includes a preview of the next version of Liberator Explorer, which uses Caplin’s open source FlexLayout for powerful layout customisation, and infinite-scrolling lists for faster navigation of data sets.
Liberator 7 works with Caplin Platform 6.2 components, but with the following caveats:
- Liberator 7 supports IPv6 but Caplin Platform 6.2 components do not. To avoid network connectivity issues, see DataSource: IPv6 networking.
- Liberator 7 is incompatible with Liberator 6.2 auth modules. If you use a custom auth module, update it to Liberator 7's Auth API.
- Liberator 7 cannot be deployed with Liberator 6.2 in the same cluster. All nodes in a Liberator cluster must be of the same version.