|
|
@@ -1,11 +1,21 @@
|
|
|
// FIXME: This might make sense in Getting Spring Security along with the artifact information
|
|
|
|
|
|
[[modules]]
|
|
|
-= Project Modules
|
|
|
+= Project Modules and Dependencies
|
|
|
In Spring Security 3.0, the codebase was sub-divided into separate jars which more clearly separate different functionality areas and third-party dependencies.
|
|
|
If you use Maven to build your project, these are the modules you should add to your `pom.xml`.
|
|
|
Even if you do not use Maven, we recommend that you consult the `pom.xml` files to get an idea of third-party dependencies and versions.
|
|
|
Another good idea is to examine the libraries that are included in the sample applications.
|
|
|
+This section provides a reference of the modules in Spring Security and the additional dependencies that they require in order to function in a running application.
|
|
|
+We don't include dependencies that are only used when building or testing Spring Security itself.
|
|
|
+Nor do we include transitive dependencies which are required by external dependencies.
|
|
|
+
|
|
|
+The version of Spring required is listed on the project website, so the specific versions are omitted for Spring dependencies below.
|
|
|
+Note that some of the dependencies listed as "optional" below may still be required for other non-security functionality in a Spring application.
|
|
|
+Also dependencies listed as "optional" may not actually be marked as such in the project's Maven POM files if they are used in most applications.
|
|
|
+They are "optional" only in the sense that you don't need them unless you are using the specified functionality.
|
|
|
+
|
|
|
+Where a module depends on another Spring Security module, the non-optional dependencies of the module it depends on are also assumed to be required and are not listed separately.
|
|
|
|
|
|
|
|
|
[[spring-security-core]]
|
|
|
@@ -20,12 +30,62 @@ It contains the following top-level packages:
|
|
|
* `org.springframework.security.authentication`
|
|
|
* `org.springframework.security.provisioning`
|
|
|
|
|
|
+.Core Dependencies
|
|
|
+|===
|
|
|
+| Dependency | Version | Description
|
|
|
+
|
|
|
+| ehcache
|
|
|
+| 1.6.2
|
|
|
+| Required if the Ehcache-based user cache implementation is used (optional).
|
|
|
+
|
|
|
+| spring-aop
|
|
|
+|
|
|
|
+| Method security is based on Spring AOP
|
|
|
+
|
|
|
+| spring-beans
|
|
|
+|
|
|
|
+| Required for Spring configuration
|
|
|
+
|
|
|
+| spring-expression
|
|
|
+|
|
|
|
+| Required for expression-based method security (optional)
|
|
|
+
|
|
|
+| spring-jdbc
|
|
|
+|
|
|
|
+| Required if using a database to store user data (optional).
|
|
|
+
|
|
|
+| spring-tx
|
|
|
+|
|
|
|
+| Required if using a database to store user data (optional).
|
|
|
+
|
|
|
+| aspectjrt
|
|
|
+| 1.6.10
|
|
|
+| Required if using AspectJ support (optional).
|
|
|
+
|
|
|
+| jsr250-api
|
|
|
+| 1.0
|
|
|
+| Required if you are using JSR-250 method-security annotations (optional).
|
|
|
+|===
|
|
|
+
|
|
|
+
|
|
|
[[spring-security-remoting]]
|
|
|
== Remoting -- `spring-security-remoting.jar`
|
|
|
This module provides integration with Spring Remoting.
|
|
|
You do not need this unless you are writing a remote client that uses Spring Remoting.
|
|
|
The main package is `org.springframework.security.remoting`.
|
|
|
|
|
|
+.Remoting Dependencies
|
|
|
+|===
|
|
|
+| Dependency | Version | Description
|
|
|
+
|
|
|
+| spring-security-core
|
|
|
+|
|
|
|
+|
|
|
|
+
|
|
|
+| spring-web
|
|
|
+|
|
|
|
+| Required for clients which use HTTP remoting support.
|
|
|
+|===
|
|
|
|
|
|
[[spring-security-web]]
|
|
|
== Web -- `spring-security-web.jar`
|
|
|
@@ -34,6 +94,26 @@ It contains anything with a servlet API dependency.
|
|
|
You need it if you require Spring Security web authentication services and URL-based access-control.
|
|
|
The main package is `org.springframework.security.web`.
|
|
|
|
|
|
+.Web Dependencies
|
|
|
+|===
|
|
|
+| Dependency | Version | Description
|
|
|
+
|
|
|
+| spring-security-core
|
|
|
+|
|
|
|
+|
|
|
|
+
|
|
|
+| spring-web
|
|
|
+|
|
|
|
+| Spring web support classes are used extensively.
|
|
|
+
|
|
|
+| spring-jdbc
|
|
|
+|
|
|
|
+| Required for JDBC-based persistent remember-me token repository (optional).
|
|
|
+
|
|
|
+| spring-tx
|
|
|
+|
|
|
|
+| Required by remember-me persistent token repository implementations (optional).
|
|
|
+|===
|
|
|
|
|
|
[[spring-security-config]]
|
|
|
== Config -- `spring-security-config.jar`
|
|
|
@@ -42,6 +122,30 @@ You need it if you use the Spring Security XML namespace for configuration or Sp
|
|
|
The main package is `org.springframework.security.config`.
|
|
|
None of the classes are intended for direct use in an application.
|
|
|
|
|
|
+.Config Dependencies
|
|
|
+|===
|
|
|
+| Dependency | Version | Description
|
|
|
+
|
|
|
+| spring-security-core
|
|
|
+|
|
|
|
+|
|
|
|
+
|
|
|
+| spring-security-web
|
|
|
+|
|
|
|
+| Required if you are using any web-related namespace configuration (optional).
|
|
|
+
|
|
|
+| spring-security-ldap
|
|
|
+|
|
|
|
+| Required if you are using the LDAP namespace options (optional).
|
|
|
+
|
|
|
+| spring-security-openid
|
|
|
+|
|
|
|
+| Required if you are using OpenID authentication (optional).
|
|
|
+
|
|
|
+| aspectjweaver
|
|
|
+| 1.6.10
|
|
|
+| Required if using the protect-pointcut namespace syntax (optional).
|
|
|
+|===
|
|
|
|
|
|
[[spring-security-ldap]]
|
|
|
== LDAP -- `spring-security-ldap.jar`
|
|
|
@@ -49,6 +153,36 @@ This module provides LDAP authentication and provisioning code.
|
|
|
It is required if you need to use LDAP authentication or manage LDAP user entries.
|
|
|
The top-level package is `org.springframework.security.ldap`.
|
|
|
|
|
|
+.LDAP Dependencies
|
|
|
+|===
|
|
|
+| Dependency | Version | Description
|
|
|
+
|
|
|
+| spring-security-core
|
|
|
+|
|
|
|
+|
|
|
|
+
|
|
|
+| spring-ldap-core
|
|
|
+| 1.3.0
|
|
|
+| LDAP support is based on Spring LDAP.
|
|
|
+
|
|
|
+| spring-tx
|
|
|
+|
|
|
|
+| Data exception classes are required.
|
|
|
+
|
|
|
+| apache-ds footnote:[The modules `apacheds-core`, `apacheds-core-entry`, `apacheds-protocol-shared`, `apacheds-protocol-ldap` and `apacheds-server-jndi` are required.
|
|
|
+]
|
|
|
+| 1.5.5
|
|
|
+| Required if you are using an embedded LDAP server (optional).
|
|
|
+
|
|
|
+| shared-ldap
|
|
|
+| 0.9.15
|
|
|
+| Required if you are using an embedded LDAP server (optional).
|
|
|
+
|
|
|
+| ldapsdk
|
|
|
+| 4.1
|
|
|
+| Mozilla LdapSDK.
|
|
|
+Used for decoding LDAP password policy controls if you are using password-policy functionality with OpenLDAP, for example.
|
|
|
+|===
|
|
|
|
|
|
[[spring-security-oauth2-core]]
|
|
|
== OAuth 2.0 Core -- `spring-security-oauth2-core.jar`
|
|
|
@@ -92,6 +226,26 @@ This module contains a specialized domain object ACL implementation.
|
|
|
It is used to apply security to specific domain object instances within your application.
|
|
|
The top-level package is `org.springframework.security.acls`.
|
|
|
|
|
|
+.ACL Dependencies
|
|
|
+|===
|
|
|
+| Dependency | Version | Description
|
|
|
+
|
|
|
+| spring-security-core
|
|
|
+|
|
|
|
+|
|
|
|
+
|
|
|
+| ehcache
|
|
|
+| 1.6.2
|
|
|
+| Required if the Ehcache-based ACL cache implementation is used (optional if you are using your own implementation).
|
|
|
+
|
|
|
+| spring-jdbc
|
|
|
+|
|
|
|
+| Required if you are using the default JDBC-based AclService (optional if you implement your own).
|
|
|
+
|
|
|
+| spring-tx
|
|
|
+|
|
|
|
+| Required if you are using the default JDBC-based AclService (optional if you implement your own).
|
|
|
+|===
|
|
|
|
|
|
[[spring-security-cas]]
|
|
|
== CAS -- `spring-security-cas.jar`
|
|
|
@@ -99,6 +253,27 @@ This module contains Spring Security's CAS client integration.
|
|
|
You should use it if you want to use Spring Security web authentication with a CAS single sign-on server.
|
|
|
The top-level package is `org.springframework.security.cas`.
|
|
|
|
|
|
+.CAS Dependencies
|
|
|
+|===
|
|
|
+| Dependency | Version | Description
|
|
|
+
|
|
|
+| spring-security-core
|
|
|
+|
|
|
|
+|
|
|
|
+
|
|
|
+| spring-security-web
|
|
|
+|
|
|
|
+|
|
|
|
+
|
|
|
+| cas-client-core
|
|
|
+| 3.1.12
|
|
|
+| The JA-SIG CAS Client.
|
|
|
+This is the basis of the Spring Security integration.
|
|
|
+
|
|
|
+| ehcache
|
|
|
+| 1.6.2
|
|
|
+| Required if you are using the Ehcache-based ticket cache (optional).
|
|
|
+|===
|
|
|
|
|
|
[[spring-security-openid]]
|
|
|
== OpenID -- `spring-security-openid.jar`
|
|
|
@@ -110,7 +285,57 @@ It is used to authenticate users against an external OpenID server.
|
|
|
The top-level package is `org.springframework.security.openid`.
|
|
|
It requires OpenID4Java.
|
|
|
|
|
|
+.OpenID Dependencies
|
|
|
+|===
|
|
|
+| Dependency | Version | Description
|
|
|
+
|
|
|
+| spring-security-core
|
|
|
+|
|
|
|
+|
|
|
|
+
|
|
|
+| spring-security-web
|
|
|
+|
|
|
|
+|
|
|
|
+
|
|
|
+| openid4java-nodeps
|
|
|
+| 0.9.6
|
|
|
+| Spring Security's OpenID integration uses OpenID4Java.
|
|
|
+
|
|
|
+| httpclient
|
|
|
+| 4.1.1
|
|
|
+| openid4java-nodeps depends on HttpClient 4.
|
|
|
+
|
|
|
+| guice
|
|
|
+| 2.0
|
|
|
+| openid4java-nodeps depends on Guice 2.
|
|
|
+|===
|
|
|
+
|
|
|
|
|
|
[[spring-security-test]]
|
|
|
== Test -- `spring-security-test.jar`
|
|
|
This module contains support for testing with Spring Security.
|
|
|
+
|
|
|
+[[spring-security-taglibs]]
|
|
|
+== Taglibs -- `spring-secuity-taglibs.jar`
|
|
|
+Provides Spring Security's JSP tag implementations.
|
|
|
+
|
|
|
+.Taglib Dependencies
|
|
|
+|===
|
|
|
+| Dependency | Version | Description
|
|
|
+
|
|
|
+| spring-security-core
|
|
|
+|
|
|
|
+|
|
|
|
+
|
|
|
+| spring-security-web
|
|
|
+|
|
|
|
+|
|
|
|
+
|
|
|
+| spring-security-acl
|
|
|
+|
|
|
|
+| Required if you are using the `accesscontrollist` tag or `hasPermission()` expressions with ACLs (optional).
|
|
|
+
|
|
|
+| spring-expression
|
|
|
+|
|
|
|
+| Required if you are using SPEL expressions in your tag access constraints.
|
|
|
+|===
|
Heinz Wittig