spring-security/doc/xdocs/upgrade/upgrade-090-100.html

<html>
<head>
<title>Acegi Security - Upgrading from version 0.8.0 to 1.0.0</title>
</head>
<body>
<h1>Upgrading from 0.9.0 to 1.0.0</h1>

<p>
The following should help most casual users of the project update their
applications:

    <ul>
    
    <h1>Changes 0.9.0 to RC1</h1>

    <li>The top level package name has changed. Simply find "net.sf.acegisecurity" and replace with
	"org.acegisecurity".</li>
	
	<li>
		DaoAuthenticationProvider has a property, authenticationDao. This property should now be renamed to
		userDetailsService.
	</li>
		
	<li>
		In JSPs, each "authz" taglib prefix must be changed from uri="http://acegisecurity.sf.net/authz"
		to uri="http://acegisecurity.org/authz".
	</li>
		
	<li>net.sf.acegisecurity.providers.dao.AuthenticationDao is now org.acegisecurity.userdetails.UserDetailsService.
	The interface signature has not changed. Similarly, User and UserDetails have moved into the latter's package as well.
	If you've implemented your own AuthenticationDao, you'll need to change the class it's implementing and quite likely
	the import packages for User and UserDetails. In addition, if using JdbcDaoImpl or InMemoryDaoImpl please
	note they have moved to this new package.</li>
		
	<li>Acegi Security is now localised. In net.sf.acegisecurity you will find a messages.properties. It is
	suggested to register this in your application context, perhaps using ReloadableResourceBundleMessageSource.
	If you do not do this, the default messages included in the source code will be used so this change is
	not critical. The Spring LocaleContextHolder class is used to determine the locale of messages included in
	exceptions. At present only the default messages.properties is included (which is in English). If
	you localise this file to another language, please consider attaching it to a
	<a href="http://opensource2.atlassian.com/projects/spring/secure/BrowseProject.jspa?id=10040">new JIRA task</a>
	so that we can include it in future Acegi Security releases.</li>
	
    <h1>Changes RC1 to RC2</h1>
	
	<li>
	org.acegisecurity.ui.rememberme.RememberMeProcessingFilter now requires an authenticationManager property. This will generally
	point to an implementation of org.acegisecurity.providers.ProviderManager.
	</li>
	
	<li>
	org.acegisecurity.intercept.web.AuthenticationEntryPoint has moved to a new location,
	org.acegisecurity.ui.AuthenticationEntryPoint.
	</li>
	
	<li>
	org.acegisecurity.intercept.web.SecurityEnforcementFilter has moved to a new location and name,
	org.acegisecurity.ui.ExceptionTranslationFilter. In addition, the "filterSecurityInterceptor"
	property on the old SecurityEnforcementFilter class has been removed. This is because
	SecurityEnforcementFilter will no longer delegate to FilterSecurityInterceptor as it has in the
	past. Because this delegation feature has been removed (see SEC-144 for a background as to why),
	please add a new filter definition for FilterSecurityInterceptor to the end of your
	FilterChainProxy. Generally you'll also rename the old SecurityEnforcementFilter entry in your
	FilterChainProxy to ExceptionTranslationFilter, more accurately reflecting its purpose.
	If you are not using FilterChainProxy (although we recommend that you do), you will need to add
	an additional filter entry to web.xml and use FilterToBeanProxy to access the FilterSecurityInterceptor.
	</li>
	
	<li>
	If you are directly using SecurityContextHolder.setContext(SecurityContext) - which is not
	very common - please not that best practise is now to call SecurityContextHolder.clearContext()
	if you wish to erase the contents of the SecurityContextHolder. Previously code such as
	SecurityContextHolder.setContext(new SecurityContextImpl()) would have been used. The revised
	method internally stores null, which helps avoids redeployment issue caused by the previous
	approaches (see SEC-159 for further details).
	</li>
	
    </ul>

</body>
</html>