Liberator 7 includes new support for IPv6; improvements to the Permissioning Service, Liberator’s Auth API, container performance, and the Liberator status page; and a technology preview of the next version of Liberator Explorer.
Hardware requirements and software dependencies
Upgrading to Liberator 7
Liberator 7 has the following feature improvements:
Expanded field-match criteria in Permissioning Service rules
You can now reference StreamLink application ID and KeyMaster mapping-values in the field-match criteria of permissioning rules. This enables you to make a user’s privileges dependent on which application they use to login, and on any options they set at login.
Application ID: grant users lower access privileges when they trade from a mobile device (Caplin FX Mobile) than when they trade from a desktop (Caplin FX Professional).
KeyMaster mapping-values: grant users lower access privileges when they select read-only access on the login page.
For information on using the StreamLink application ID and KeyMaster mapping-values in field-match criteria, see Field-Match Criteria.
For information on Caplin’s Permissioning Service, see User authentication and permissioning.
Requested subject now available in the Liberator Auth API
Liberator 7’s Auth API now provides access to a subscription’s subject in the form the client requested it, in addition to the backend subject that Liberator uses internally to service the client’s request.
Writing authorisation algorithms for requested subjects has the advantages of simplicity and efficiency:
You do not need to know the backend subjects that Liberator uses to service client requests.
Your string-matching routines are not tied to the subject-naming conventions of a specific integration adapter.
Your string-matching routines do not need to take account of identifiers that are often present in internal subjects, such as usernames and session identifiers.
For example, it requires less code to match a requested subject of '/PRIVATE/FX/TRADE' than it does to match the (example) internal subject that serves the request: '/PRIVATE/user_session_id/FX/TRADE'.
The inclusion of the requested subject has required a breaking change to the Liberator Auth API.
|Auth modules compiled against previous versions of the Liberator Auth API will not work with Liberator 7, and auth modules compiled against version 7 of the Liberator Auth API will not work with previous versions of Liberator.|
To view the changes in the new API, follow the links below:
See references to
requestedSubjectin the Liberator Auth API for Java:
See references to
requested_namein the Liberator Auth API for C:
_authFuncs data structure
|Caplin’s Permissioning Service 7 continues to use the mapped (internal) subject of each message. Rules and permissions defined for the Permissioning Service 6.2 can be re-used in the Permissioning Service 7. For more information on Caplin’s Permissioning Service, see Platform Architecture: Permissioning.|
Enhanced status page
Liberator 7 has a redesigned status page that now includes a list of the users who are currently logged in.
Optimised serving of containers
Session threads serving large containers now yield to other operations after a configurable number of records have been served. This allows a large container to be served without blocking other operations on the same thread.
For more information, see container-yield-size.
Technology preview of the next version of Liberator Explorer
Liberator 7 includes a preview of the next version of Liberator Explorer, which uses Caplin’s open source FlexLayout for powerful layout customisation, and infinite-scrolling lists for faster navigation of data sets.
Deploying Liberator 7 with Caplin Platform 6.2 components
Liberator 7 works with Caplin Platform 6.2 components, but with the following caveats:
Liberator 7 supports IPv6 but Caplin Platform 6.2 components do not. To avoid network connectivity issues, see DataSource: IPv6 networking.
Liberator 7 is incompatible with Liberator 6.2 auth modules. If you use a custom auth module, update it to Liberator 7’s Auth API.
Liberator 7 cannot be deployed with Liberator 6.2 in the same cluster. All nodes in a Liberator cluster must be of the same version.