15 år sedan · 48dcc211e9
--- a/class_mapping_from_2.0.x.txt
+++ b/class_mapping_from_2.0.x.txt
@@ -0,0 +1,57 @@
 
				+Class Mapping from 2.0.x to 3.0.x
			
 
				+------------------------------------
			
 
				+
			
 
				+Approximate mapping of classes which have new names, or new implementations in 3.0. These may not be a 
			
 
				+straightforward replacement, but the listed classes and interfaces from 3.0 will give some indication of where to
			
 
				+look in the APIs when upgrading.
			
 
				+
			
 
				+AbstractProcessingFilter, AbstractAuthenticationProcessingFilter
			
 
				+AbstractFallbackMethodDefinitionSource, AbstractFallbackMethodSecurityMetadataSource
			
 
				+AnonymousProcessingFilter, AnonymousAuthenticationFilter
			
 
				+AuthenticationFailureConcurrentLoginEvent
			
 
				+AuthenticationProcessingFilter, UsernamePasswordAuthenticationFilter
			
 
				+AuthenticationProcessingFilterEntryPoint, LoginUrlAuthenticationEntryPoint
			
 
				+
			
 
				+BasicProcessingFilter, BasicAuthenticationFilter
			
 
				+BasicProcessingFilterEntryPoint, BasicAuthenticationEntryPoint
			
 
				+
			
 
				+CasProcessingFilter, CasAuthenticationFilter
			
 
				+CasProcessingFilterEntryPoint, CasAuthenticationEntryPoint
			
 
				+ConcurrentSessionController, ConcurrentSessionControlStrategy (Now implemented through the SessionManagementFilter)
			
 
				+ConfigAttributeDefinition, Collection<ConfigAttribute>
			
 
				+
			
 
				+DefaultFilterInvocationDefinitionSource, DefaultFilterInvocationSecurityMetadataSource
			
 
				+DigestProcessingFilter, DigestAuthenticationFilter
			
 
				+DigestProcessingFilterEntryPoint, DigestAuthenticationEntryPoint
			
 
				+
			
 
				+FilterInvocationDefinitionSource, FilterInvocationSecurityMetadataSource
			
 
				+
			
 
				+HttpSessionContextIntegrationFilter, SecurityContextPersistenceFilter (see also SecurityContextRepository)
			
 
				+
			
 
				+Jsr250MethodDefinitionSource, Jsr250MethodSecurityMetadataSource
			
 
				+
			
 
				+MapBasedMethodDefinitionSource, MapBasedMethodSecurityMetadataSource
			
 
				+MethodDefinitionAttributes
			
 
				+MethodDefinitionSource, MethodSecurityMetadataSource
			
 
				+MethodDefinitionSourceAdvisor, MethodSecurityMetadataSourceAdvisor
			
 
				+MethodDefinitionSourceEditor, MethodSecurityMetadataSourceEditor
			
 
				+
			
 
				+ObjectDefinitionSource SecurityMetadataSource
			
 
				+OpenIDAuthenticationProcessingFilter, OpenIDAuthenticationFilter
			
 
				+
			
 
				+RedirectUtils, DefaultRedirectStrategy
			
 
				+RememberMeProcessingFilter, RememberMeAuthenticationFilter
			
 
				+RequestHeaderPreAuthenticatedProcessingFilter, RequestHeaderAuthenticationFilter
			
 
				+
			
 
				+SecuredMethodDefinitionSource, SecuredAnnotationSecurityMetadataSource
			
 
				+SessionFixationProtectionFilter, SessionManagementFilter (See also SessionAuthenticationStrategy, SessionFixationProtectionStrategy)
			
 
				+SpringSecurityContextSource, LdapContextSource (from Spring LDAP 1.3, which introduced the ability to bind as a specific user)
			
 
				+SwitchUserFilter, SwitchUserProcessingFilter
			
 
				+
			
 
				+TargetUrlResolver, AuthenticationSuccessHandler (see also AuthenticationFailureHandler)
			
 
				+TargetUrlResolverImpl, SavedRequestAwareAuthenticationSuccessHandler (see also SimpleUrlAuthenticationSuccessHandler)
			
 
				+
			
 
				+WASSecurityHelper, DefaultWASUsernameAndGroupsExtractor
			
 
				+
			
 
				+X509PreAuthenticatedProcessingFilter, X509AuthenticationFilter
			
 
				+
			
--- a/docs/manual/src/docbook/appendix-namespace.xml
+++ b/docs/manual/src/docbook/appendix-namespace.xml
@@ -11,7 +11,12 @@
 
				       xlink:href="#ns-config">introductory chapter</link> on namespace configuration, as this is
			
 
				     intended as a supplement to the information there. Using a good quality XML editor while editing
			
 
				     a configuration based on the schema is recommended as this will provide contextual information
			
 
				-    on which elements and attributes are available as well as comments explaining their purpose. </para>
			
 
				+    on which elements and attributes are available as well as comments explaining their purpose. The
			
 
				+    namespace is captured in <link xlink:href="http://www.relaxng.org/">RELAX NG</link> Compact
			
 
				+    format and later converted into an XSD schema. If you are familiar with this format, you may
			
 
				+    wish to examine the <link
			
 
				+      xlink:href="https://src.springsource.org/svn/spring-security/trunk/config/src/main/resources/org/springframework/security/config/spring-security-3.0.rnc"
			
 
				+      >schema file</link>.</para>
			
 
				   <section xml:id="nsa-http">
			
 
				     <title>Web Application Security - the <literal>&lt;http&gt;</literal> Element</title>
			
 
				     <para> The <literal>&lt;http&gt;</literal> element encapsulates the security configuration for
			
@@ -488,8 +493,8 @@
 
				         configuration as web security, but this can be overridden as explained above <xref
			
 
				           xlink:href="#nsa-access-decision-manager-ref"/>, using the same attribute. </para>
			
 
				       <section>
			
 
				-        <title>The <literal>secured-annotations</literal> and
			
 
				-            <literal>jsr250-annotations</literal> Attributes</title>
			
 
				+        <title>The <literal>secured-annotations</literal> and <literal>jsr250-annotations</literal>
			
 
				+          Attributes</title>
			
 
				         <para> Setting these to "true" will enable support for Spring Security's own
			
 
				             <literal>@Secured</literal> annotations and JSR-250 annotations, respectively. They are
			
 
				           both disabled by default. Use of JSR-250 annotations also adds a
			
--- a/docs/manual/src/docbook/introduction.xml
+++ b/docs/manual/src/docbook/introduction.xml
@@ -164,13 +164,13 @@
 
				     </section>
			
 
				     <section xml:id="history">
			
 
				         <title>History</title>
			
 
				-        <para>Spring Security began in late 2003 as "The Acegi Security System for Spring". A
			
 
				-            question was posed on the Spring Developers' mailing list asking whether there had been
			
 
				-            any consideration given to a Spring-based security implementation. At the time the
			
 
				-            Spring community was relatively small (especially by today's size!), and indeed Spring
			
 
				-            itself had only existed as a SourceForge project from early 2003. The response to the
			
 
				-            question was that it was a worthwhile area, although a lack of time currently prevented
			
 
				-            its exploration.</para>
			
 
				+        <para>Spring Security began in late 2003 as <quote>The Acegi Security System for
			
 
				+                Spring</quote>. A question was posed on the Spring Developers' mailing list asking
			
 
				+            whether there had been any consideration given to a Spring-based security
			
 
				+            implementation. At the time the Spring community was relatively small (especially
			
 
				+            compared with the size today!), and indeed Spring itself had only existed as a
			
 
				+            SourceForge project from early 2003. The response to the question was that it was a
			
 
				+            worthwhile area, although a lack of time currently prevented its exploration.</para>
			
 
				         <para>With that in mind, a simple security implementation was built and not released. A few
			
 
				             weeks later another member of the Spring community inquired about security, and at the
			
 
				             time this code was offered to them. Several other requests followed, and by January 2004