| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 |
- <html>
- <head>
- <title>Acegi Security - Upgrading from version 0.3 to 0.4</title>
- </head>
- <body>
- <h1>Upgrading from 0.5 to 0.6</h1>
- <p>
- The following should help most casual users of the project update their
- applications:
- <ul>
- <li>
- Locate and remove all property references to
- DaoAuthenticationProvider.key and
- DaoAuthenticationProvider.refreshTokenInterval.</li>
- <li>If you are using DaoAuthenticationProvider and either (i) you are using
- container adapters or (ii) your code relies on the Authentication object
- having its getPrincipal() return a String, you must set the new
- DaoAuthenticationProvider property, forcePrincipalAsString, to true.
- By default DaoAuthenticationProvider returns an Authentication object
- containing the relevant User, which allows access to additional properties.
- Where possible, we recommend you change your code to something like this,
- so that you can leave forcePrincipalAsString to the false default:<br><br>
- <code>
- String username = authentication.getPrincipal();<br>
- if (authentication.getPrincipal() instanceof User) {<br>
- username = ((User) authentication.getPrincipal()).getUsername();<br>
- }</br>
- </code><br>
- </li>
- <li>The signature of AuthenticationDaos have changed. In concrete
- implementations, modify the User to UserDetails, as shown below:<br><br>
- <code>
- public User loadUserByUsername(String username)<br>
- throws UsernameNotFoundException, DataAccessException {<br><br>
- to:<br><br>
-
- public UserDetails loadUserByUsername(String username)<br>
- throws UsernameNotFoundException, DataAccessException {<br><br>
- </code>
- Existing concrete implementations would be returning User, which implements
- UserDetails, so no further code changes should be required.
- </li>
- <li>Similar signature changes (User -> UserDetails) are also required to any
- custom implementations of UserCache and SaltSource.</li>
- <li>Any custom event listeners relying on AuthenticationEvent should note a
- UserDetails is now provided in the AuthenticationEvent (not a User).</li>
- <li>CAS users should note the CasAuthoritiesPopulator interface signature has
- changed. Most CAS users will be using DaoCasAuthoritiesPopulator, so this
- change is unlikely to require any action.</li>
- <li>Please check your web.xml for whether you are using AutoIntegrationFilter.
- Previously this class was loaded directly by web.xml as a filter. It is
- now recommended to load it via FilterToBeanProxy and define it as a
- bean in your application context. This usually involves making the entry
- in web.xml match the following:<br><br>
- <code>
- <filter><br>
- <filter-name>Acegi Security System for Spring Auto Integration Filter</filter-name><br>
- <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class><br>
- <init-param><br>
- <param-name>targetClass</param-name><br>
- <param-value>net.sf.acegisecurity.ui.AutoIntegrationFilter</param-value><br>
- </init-param><br>
- </filter><br>
- </code>
- <br><br>
- Then add the following to applicationContext.xml: <br><br>
- <code>
- <bean id="autoIntegrationFilter" class="net.sf.acegisecurity.ui.AutoIntegrationFilter"/><br>
- </code>
- </li>
- </ul>
- </body>
- </html>
|
