|
|
@@ -135,8 +135,165 @@ You should always test your application thoroughly before rolling out a new vers
|
|
|
|
|
|
[[get-spring-security]]
|
|
|
=== Getting Spring Security
|
|
|
-You can get hold of Spring Security in several ways. You can download a packaged distribution from the main Spring http://www.springsource.com/download/community?project=Spring%20Security[download page], download individual jars (and sample WAR files) from the Maven Central repository (or a SpringSource Maven repository for snapshot and milestone releases) or, alternatively, you can build the project from source yourself. See the project web site for more details.
|
|
|
+You can get hold of Spring Security in several ways. You can download a packaged distribution from the main http://spring.io/spring-security[Spring Security] page, download individual jars from the Maven Central repository (or a SpringSource Maven repository for snapshot and milestone releases) or, alternatively, you can build the project from source yourself.
|
|
|
|
|
|
+[[maven]]
|
|
|
+==== Usage with Maven
|
|
|
+
|
|
|
+A minimal Spring Security Maven set of dependencies typically looks like the following:
|
|
|
+
|
|
|
+.pom.xml
|
|
|
+[source,xml]
|
|
|
+[subs="verbatim,attributes"]
|
|
|
+----
|
|
|
+<dependencies>
|
|
|
+ <!-- ... other dependency elements ... -->
|
|
|
+ <dependency>
|
|
|
+ <groupId>org.springframework.security</groupId>
|
|
|
+ <artifactId>spring-security-web</artifactId>
|
|
|
+ <version>{spring-security-version}</version>
|
|
|
+ </dependency>
|
|
|
+ <dependency>
|
|
|
+ <groupId>org.springframework.security</groupId>
|
|
|
+ <artifactId>spring-security-config</artifactId>
|
|
|
+ <version>{spring-security-version}</version>
|
|
|
+ </dependency>
|
|
|
+</dependencies>
|
|
|
+----
|
|
|
+
|
|
|
+If you are using additional features like LDAP, OpenID, etc. you will need to also include the appropriate <<modules>>.
|
|
|
+
|
|
|
+[[maven-repositories]]
|
|
|
+===== Maven Repositories
|
|
|
+All GA releases (i.e. versions ending in .RELEASE) are deployed to Maven Central, so no additional Maven repositories need to be declared in your pom.
|
|
|
+
|
|
|
+If you are using a SNAPSHOT version, you will need to ensure you have the Spring Snapshot repository defined as shown below:
|
|
|
+
|
|
|
+.pom.xml
|
|
|
+[source,xml]
|
|
|
+----
|
|
|
+<repositories>
|
|
|
+ <!-- ... possibly other repository elements ... -->
|
|
|
+ <repository>
|
|
|
+ <id>spring-snapshot</id>
|
|
|
+ <name>Spring Snapshot Repository</name>
|
|
|
+ <url>http://repo.springsource.org/snapshot</url>
|
|
|
+ </repository>
|
|
|
+</repositories>
|
|
|
+----
|
|
|
+
|
|
|
+If you are using a milestone or release candidate version, you will need to ensure you have the Spring Milestone repository defined as shown below:
|
|
|
+
|
|
|
+.pom.xml
|
|
|
+[source,xml]
|
|
|
+----
|
|
|
+<repositories>
|
|
|
+ <!-- ... possibly other repository elements ... -->
|
|
|
+ <repository>
|
|
|
+ <id>spring-milestone</id>
|
|
|
+ <name>Spring Milestone Repository</name>
|
|
|
+ <url>http://repo.springsource.org/milestone</url>
|
|
|
+ </repository>
|
|
|
+</repositories>
|
|
|
+----
|
|
|
+
|
|
|
+[[maven-bom]]
|
|
|
+===== Using Spring 4 and Maven
|
|
|
+
|
|
|
+Spring Security builds against Spring Framework {spring-version}, but is also tested against Spring Framework {spring4-version}. This means you can use Spring Security {spring-security-version} with Spring Framework {spring4-version}. The problem that many users will have is that Spring Security's transitive dependencies resolve Spring Framework {spring-version} causing all sorts of strange classpath problems.
|
|
|
+
|
|
|
+One (tedious) way to circumvent this issue would be to include all the Spring Framework modules in a http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Management[<dependencyManagement>] section of your pom. An alternative approach is to include the `spring-framework-bom` within your `<dependencyManagement>` section of your `pom.xml` as shown below:
|
|
|
+
|
|
|
+.pom.xml
|
|
|
+[source,xml]
|
|
|
+[subs="verbatim,attributes"]
|
|
|
+----
|
|
|
+<dependencyManagement>
|
|
|
+ <dependencies>
|
|
|
+ <dependency>
|
|
|
+ <groupId>org.springframework</groupId>
|
|
|
+ <artifactId>spring-framework-bom</artifactId>
|
|
|
+ <version>{spring4-version}</version>
|
|
|
+ <type>pom</type>
|
|
|
+ <scope>import</scope>
|
|
|
+ </dependency>
|
|
|
+ </dependencies>
|
|
|
+</dependencyManagement>
|
|
|
+----
|
|
|
+
|
|
|
+This will ensure that all the transitive dependencies of Spring Security use the Spring {spring4-version} modules.
|
|
|
+
|
|
|
+NOTE: This approach uses Maven's "bill of materials" (BOM) concept and is only available in Maven 2.0.9+. For additional details about how dependencies are resolved refer to http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html[Maven's Introduction to the Dependency Mechanism documentation].
|
|
|
+
|
|
|
+[[gradle]]
|
|
|
+==== Gradle
|
|
|
+A minimal Spring Security Gradle set of dependencies typically looks like the following:
|
|
|
+
|
|
|
+.build.gradle
|
|
|
+[source,groovy]
|
|
|
+[subs="verbatim,attributes"]
|
|
|
+----
|
|
|
+dependencies {
|
|
|
+ compile 'org.springframework.security:spring-security-web:{spring-security-version}'
|
|
|
+ compile 'org.springframework.security:spring-security-config:{spring-security-version}'
|
|
|
+}
|
|
|
+----
|
|
|
+
|
|
|
+If you are using additional features like LDAP, OpenID, etc. you will need to also include the appropriate <<modules>>.
|
|
|
+
|
|
|
+[[gradle-repositories]]
|
|
|
+===== Gradle Repositories
|
|
|
+All GA releases (i.e. versions ending in .RELEASE) are deployed to Maven Central, so using the mavenCentral() repository is sufficient for GA releases.
|
|
|
+
|
|
|
+.build.gradle
|
|
|
+[source,groovy]
|
|
|
+----
|
|
|
+repositories {
|
|
|
+ mavenCentral()
|
|
|
+}
|
|
|
+----
|
|
|
+
|
|
|
+If you are using a SNAPSHOT version, you will need to ensure you have the Spring Snapshot repository defined as shown below:
|
|
|
+
|
|
|
+.build.gradle
|
|
|
+[source,groovy]
|
|
|
+----
|
|
|
+repositories {
|
|
|
+ maven { url 'https://repo.spring.io/snapshot' }
|
|
|
+}
|
|
|
+----
|
|
|
+
|
|
|
+If you are using a milestone or release candidate version, you will need to ensure you have the Spring Milestone repository defined as shown below:
|
|
|
+
|
|
|
+.build.gradle
|
|
|
+[source,groovy]
|
|
|
+----
|
|
|
+repositories {
|
|
|
+ maven { url 'https://repo.spring.io/milestone' }
|
|
|
+}
|
|
|
+----
|
|
|
+
|
|
|
+[[gradle-resolutionStrategy]]
|
|
|
+===== Using Spring 4 and Gradle
|
|
|
+
|
|
|
+By default Gradle will use the newest version when resolving transitive versions. This means that often times no additional work is necessary when running Spring Security {spring-security-version} with Spring Framework {spring4-version}. However, at times there can be issues that come up so it is best to mitigate this using http://www.gradle.org/docs/current/dsl/org.gradle.api.artifacts.ResolutionStrategy.html[Gradle's ResolutionStrategy] as shown below:
|
|
|
+
|
|
|
+.build.gradle
|
|
|
+[source,groovy]
|
|
|
+[subs="verbatim,attributes"]
|
|
|
+----
|
|
|
+ configurations.spring4TestRuntime {
|
|
|
+ resolutionStrategy.eachDependency { DependencyResolveDetails details ->
|
|
|
+ if (details.requested.group == 'org.springframework') {
|
|
|
+ details.useVersion {spring4-version}
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+----
|
|
|
+
|
|
|
+This will ensure that all the transitive dependencies of Spring Security use the Spring {spring4-version} modules.
|
|
|
+
|
|
|
+NOTE: This example uses Gradle 1.9, but may need modifications to work in future versions of Gradle since this is an incubating feature within Gradle.
|
|
|
|
|
|
[[modules]]
|
|
|
==== Project Modules
|
Rob Winch