Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Tree: cc07f620df
Branches Tags
spring-security
/
doc
/
xdocs
/
upgrade
/
upgrade-090-100.html

upgrade-090-100.html 4.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. <html>
    2. 

  2. <head>
    3. 

  3. <title>Acegi Security - Upgrading from version 0.8.0 to 1.0.0</title>
    4. 

  4. </head>
    5. 

  5. <body>
    6. 

  6. <h1>Upgrading from 0.9.0 to 1.0.0</h1>
    7. 

  7. 

  8. <p>
    9. 

  9. The following should help most casual users of the project update their
    10. 

  10. applications:
    11. 

  11. 

  12.     <ul>
    13. 

  13.     
    14. 

  14.     <h1>Changes 0.9.0 to RC1</h1>
    15. 

  15. 

  16.     <li>The top level package name has changed. Simply find "net.sf.acegisecurity" and replace with
    17. 

  17. 	"org.acegisecurity".</li>
    18. 

  18. 	
    19. 

  19. 	<li>
    20. 

  20. 		DaoAuthenticationProvider has a property, authenticationDao. This property should now be renamed to
    21. 

  21. 		userDetailsService.
    22. 

  22. 	</li>
    23. 

  23. 		
    24. 

  24. 	<li>
    25. 

  25. 		In JSPs, each "authz" taglib prefix must be changed from uri="http://acegisecurity.sf.net/authz"
    26. 

  26. 		to uri="http://acegisecurity.org/authz".
    27. 

  27. 	</li>
    28. 

  28. 		
    29. 

  29. 	<li>net.sf.acegisecurity.providers.dao.AuthenticationDao is now org.acegisecurity.userdetails.UserDetailsService.
    30. 

  30. 	The interface signature has not changed. Similarly, User and UserDetails have moved into the latter's package as well.
    31. 

  31. 	If you've implemented your own AuthenticationDao, you'll need to change the class it's implementing and quite likely
    32. 

  32. 	the import packages for User and UserDetails. In addition, if using JdbcDaoImpl or InMemoryDaoImpl please
    33. 

  33. 	note they have moved to this new package.</li>
    34. 

  34. 		
    35. 

  35. 	<li>Acegi Security is now localised. In net.sf.acegisecurity you will find a messages.properties. It is
    36. 

  36. 	suggested to register this in your application context, perhaps using ReloadableResourceBundleMessageSource.
    37. 

  37. 	If you do not do this, the default messages included in the source code will be used so this change is
    38. 

  38. 	not critical. The Spring LocaleContextHolder class is used to determine the locale of messages included in
    39. 

  39. 	exceptions. At present only the default messages.properties is included (which is in English). If
    40. 

  40. 	you localise this file to another language, please consider attaching it to a
    41. 

  41. 	<a href="http://opensource2.atlassian.com/projects/spring/secure/BrowseProject.jspa?id=10040">new JIRA task</a>
    42. 

  42. 	so that we can include it in future Acegi Security releases.</li>
    43. 

  43. 	
    44. 

  44.     <h1>Changes RC1 to RC2</h1>
    45. 

  45. 	
    46. 

  46. 	<li>
    47. 

  47. 	org.acegisecurity.ui.rememberme.RememberMeProcessingFilter now requires an authenticationManager property. This will generally
    48. 

  48. 	point to an implementation of org.acegisecurity.providers.ProviderManager.
    49. 

  49. 	</li>
    50. 

  50. 	
    51. 

  51. 	<li>
    52. 

  52. 	org.acegisecurity.intercept.web.AuthenticationEntryPoint has moved to a new location,
    53. 

  53. 	org.acegisecurity.ui.AuthenticationEntryPoint.
    54. 

  54. 	</li>
    55. 

  55. 	
    56. 

  56. 	<li>
    57. 

  57. 	org.acegisecurity.intercept.web.SecurityEnforcementFilter has moved to a new location and name,
    58. 

  58. 	org.acegisecurity.ui.ExceptionTranslationFilter. In addition, the "filterSecurityInterceptor"
    59. 

  59. 	property on the old SecurityEnforcementFilter class has been removed. This is because
    60. 

  60. 	SecurityEnforcementFilter will no longer delegate to FilterSecurityInterceptor as it has in the
    61. 

  61. 	past. Because this delegation feature has been removed (see SEC-144 for a background as to why),
    62. 

  62. 	please add a new filter definition for FilterSecurityInterceptor to the end of your
    63. 

  63. 	FilterChainProxy. Generally you'll also rename the old SecurityEnforcementFilter entry in your
    64. 

  64. 	FilterChainProxy to ExceptionTranslationFilter, more accurately reflecting its purpose.
    65. 

  65. 	If you are not using FilterChainProxy (although we recommend that you do), you will need to add
    66. 

  66. 	an additional filter entry to web.xml and use FilterToBeanProxy to access the FilterSecurityInterceptor.
    67. 

  67. 	</li>
    68. 

  68. 	
    69. 

  69. 	<li>
    70. 

  70. 	If you are directly using SecurityContextHolder.setContext(SecurityContext) - which is not
    71. 

  71. 	very common - please not that best practise is now to call SecurityContextHolder.clearContext()
    72. 

  72. 	if you wish to erase the contents of the SecurityContextHolder. Previously code such as
    73. 

  73. 	SecurityContextHolder.setContext(new SecurityContextImpl()) would have been used. The revised
    74. 

  74. 	method internally stores null, which helps avoids redeployment issue caused by the previous
    75. 

  75. 	approaches (see SEC-159 for further details).
    76. 

  76. 	</li>
    77. 

  77. 

  78.     <h1>Changes RC2 to Final</h1>
    79. 

  79. 	
    80. 

  80. 	<li>
    81. 

  81. 	AbstractProcessingFilter.onUnsuccessfulAuthentication(HttpServletRequest, HttpServletResponse)
    82. 

  82.     has changed it signature (SEC-238). If subclassing, please override the new signature.
    83. 

  83. 	</li>
    84. 

  84. 	
    85. 

  85. 	<li>
    86. 

  86. 	ExceptionTranslationFilter no longer provides a sendAccessDenied() method. Use the
    87. 

  87. 	new AccessDeniedHandler instead if custom handling is required.
    88. 

  88. 	</li>
    89. 

  89. 	
    90. 

  90.     </ul>
    91. 

  91. 

  92. </body>
    93. 

  93. </html>
    94.