Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Tree: e83c66bb37
Branches Tags
spring-security
/
upgrade-06-07.txt

upgrade-06-07.txt 2.0 KB
History Raw

12345678910111213141516171819202122232425262728293031323334 
  1. ===============================================================================
    2. 

  2.           ACEGI SECURITY SYSTEM FOR SPRING - UPGRADING FROM 0.6 TO 0.7
    3. 

  3. ===============================================================================
    4. 

  4. 

  5. The following should help most casual users of the project update their
    6. 

  6. applications:
    7. 

  7. 

  8. - MethodDefinitionMap, which is usually used by MethodSecurityInterceptor
    9. 

  9.   for its objectDefinitionSource property, has been changed. From 0.7, when
    10. 

  10.   MethodDefinitionMap is queried for configuration attributes associated with
    11. 

  11.   secure MethodInvocations, it will use any method matching in the method
    12. 

  12.   invocation class (as it always has) plus any method matching any interface
    13. 

  13.   the MethodInvocation class directly implements. So consider a PersonManager
    14. 

  14.   interface, a PersonManagerImpl class that implements it, and a definition of
    15. 

  15.   PersonManager.findAll=ROLE_FOO. In this example, any query for either
    16. 

  16.   PersonManager.findAll OR PersonManagerImpl.findAll will return ROLE_FOO.
    17. 

  17.   As we have always encouraged definition against the interface names (as per
    18. 

  18.   this example), this change should not adversely impact users. This change
    19. 

  19.   was necessary because of the new MethodDefinitionSourceAdvisor (see below).
    20. 

  20.   Refer to the MethodDefinitionMap JavaDocs for further clarification.
    21. 

  21. 

  22. - MethodDefinitionSourceAdvisor can now be used instead of defining proxies
    23. 

  23.   for secure business objects. The advisor is fully compatible with both
    24. 

  24.   MethodDefinitionMap and MethodDefinitionAttributes. Using an advisor allows
    25. 

  25.   caching of which methods the MethodSecurityInterceptor should handle, thus
    26. 

  26.   providing a performance benefit as MethodSecurityInterceptor is not called
    27. 

  27.   for public (non-secure) objects. It also simplifies configuration.
    28. 

  28. 

  29. - MethodSecurityInterceptor has moved from
    30. 

  30.   net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor to
    31. 

  31.   net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.
    32. 

  32.   A simple find and replace will suffice to update your application contexts.
    33. 

  33. 

  34. $Id$
    35.