Home Esplora Aiuto
Registrati Accedi
github
/
spring-security
mirror da https://github.com/spring-projects/spring-security
2
0
Forka 0
File Problemi 0 Wiki
Albero (Tree): ac3b142e4f
Rami (Branch) Tag
spring-security
/
doc
/
xdocs
/
upgrade
/
upgrade-090-100.xml

upgrade-090-100.xml 5.0 KB
Cronologia Originale

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 
  1. <?xml version="1.0" encoding="ISO-8859-1"?>
    2. 

  2. <document><properties><title>Acegi Security - Upgrading from version 0.8.0 to 1.0.0</title></properties><body><section name="Upgrading from 0.9.0 to 1.0.0"><p>
    3. 

  3. The following should help most casual users of the project update their
    4. 

  4. applications:
    5. 

  5. </p></section><section name="Changes 0.9.0 to RC1"><ul>
    6. 

  6. 

  7. <li>The top level package name has changed. Simply find "net.sf.acegisecurity" and replace with
    8. 

  8. "org.acegisecurity".</li>
    9. 

  9. 

  10. <li>
    11. 

  11. DaoAuthenticationProvider has a property, authenticationDao. This property should now be renamed to
    12. 

  12. userDetailsService.
    13. 

  13. </li>
    14. 

  14. 

  15. <li>
    16. 

  16. In JSPs, each "authz" taglib prefix must be changed from uri="http://acegisecurity.sf.net/authz"
    17. 

  17. to uri="http://acegisecurity.org/authz".
    18. 

  18. </li>
    19. 

  19. 

  20. <li>net.sf.acegisecurity.providers.dao.AuthenticationDao is now org.acegisecurity.userdetails.UserDetailsService.
    21. 

  21. The interface signature has not changed. Similarly, User and UserDetails have moved into the latter's package as well.
    22. 

  22. If you've implemented your own AuthenticationDao, you'll need to change the class it's implementing and quite likely
    23. 

  23. the import packages for User and UserDetails. In addition, if using JdbcDaoImpl or InMemoryDaoImpl please
    24. 

  24. note they have moved to this new package.</li>
    25. 

  25. 

  26. <li>Acegi Security is now localised. In net.sf.acegisecurity you will find a messages.properties. It is
    27. 

  27. suggested to register this in your application context, perhaps using ReloadableResourceBundleMessageSource.
    28. 

  28. If you do not do this, the default messages included in the source code will be used so this change is
    29. 

  29. not critical. The Spring LocaleContextHolder class is used to determine the locale of messages included in
    30. 

  30. exceptions. At present only the default messages.properties is included (which is in English). If
    31. 

  31. you localise this file to another language, please consider attaching it to a
    32. 

  32. <a href="http://opensource2.atlassian.com/projects/spring/secure/BrowseProject.jspa?id=10040">new JIRA task</a>
    33. 

  33. so that we can include it in future Acegi Security releases.</li>
    34. 

  34. 

  35. </ul></section><section name="Changes RC1 to RC2"><ul>
    36. 

  36. 

  37. <li>
    38. 

  38. org.acegisecurity.ui.rememberme.RememberMeProcessingFilter now requires an authenticationManager property. This will generally
    39. 

  39. point to an implementation of org.acegisecurity.providers.ProviderManager.
    40. 

  40. </li>
    41. 

  41. 

  42. <li>
    43. 

  43. org.acegisecurity.intercept.web.AuthenticationEntryPoint has moved to a new location,
    44. 

  44. org.acegisecurity.ui.AuthenticationEntryPoint.
    45. 

  45. </li>
    46. 

  46. 

  47. <li>
    48. 

  48. org.acegisecurity.intercept.web.SecurityEnforcementFilter has moved to a new location and name,
    49. 

  49. org.acegisecurity.ui.ExceptionTranslationFilter. In addition, the "filterSecurityInterceptor"
    50. 

  50. property on the old SecurityEnforcementFilter class has been removed. This is because
    51. 

  51. SecurityEnforcementFilter will no longer delegate to FilterSecurityInterceptor as it has in the
    52. 

  52. past. Because this delegation feature has been removed (see SEC-144 for a background as to why),
    53. 

  53. please add a new filter definition for FilterSecurityInterceptor to the end of your
    54. 

  54. FilterChainProxy. Generally you'll also rename the old SecurityEnforcementFilter entry in your
    55. 

  55. FilterChainProxy to ExceptionTranslationFilter, more accurately reflecting its purpose.
    56. 

  56. If you are not using FilterChainProxy (although we recommend that you do), you will need to add
    57. 

  57. an additional filter entry to web.xml and use FilterToBeanProxy to access the FilterSecurityInterceptor.
    58. 

  58. </li>
    59. 

  59. 

  60. <li>
    61. 

  61. If you are directly using SecurityContextHolder.setContext(SecurityContext) - which is not
    62. 

  62. very common - please not that best practise is now to call SecurityContextHolder.clearContext()
    63. 

  63. if you wish to erase the contents of the SecurityContextHolder. Previously code such as
    64. 

  64. SecurityContextHolder.setContext(new SecurityContextImpl()) would have been used. The revised
    65. 

  65. method internally stores null, which helps avoids redeployment issue caused by the previous
    66. 

  66. approaches (see SEC-159 for further details).
    67. 

  67. </li>
    68. 

  68. 

  69. </ul></section><section name="Changes RC2 to Final"><ul>
    70. 

  70. 

  71. <li>
    72. 

  72. AbstractProcessingFilter.onUnsuccessfulAuthentication(HttpServletRequest, HttpServletResponse)
    73. 

  73. has changed it signature (SEC-238). If subclassing, please override the new signature.
    74. 

  74. </li>
    75. 

  75. 

  76. <li>
    77. 

  77. ExceptionTranslationFilter no longer provides a sendAccessDenied() method. Use the
    78. 

  78. new AccessDeniedHandler instead if custom handling is required.
    79. 

  79. </li>
    80. 

  80. 

  81. <li>
    82. 

  82. There have been some changes to the LDAP provider APIs to allow for future improvements, as detailed in
    83. 

  83. <a href="http://opensource.atlassian.com/projects/spring/browse/SEC-264">SEC-264</a>. These
    84. 

  84. should only affect users who have written their own extensions to the provider. The general LDAP
    85. 

  85. classes are now in the packages org.acegisecurity.ldap and the org.acegisecurity.userdetails.ldap
    86. 

  86. package has been introduced. The search and authentication classes now return an
    87. 

  87. <a href="../multiproject/acegi-security/apidocs/org/acegisecurity/userdetails/ldap/LdapUserDetails.html">LdapUserDetails</a>
    88. 

  88. instance. The LdapAuthoritiesPopulator interface and its default implementation now both make use of
    89. 

  89. LdapUserDetails. Any customized versions should be updated to use the new method signatures.
    90. 

  90. </li>
    91. 

  91. 

  92. </ul></section></body></document>
    93.