spring-security/doc/xdocs/upgrade/upgrade-080-090.html

56 lines
3.2 KiB
HTML
Raw Normal View History

<html>
<head>
<title>Acegi Security - Upgrading from version 0.8.0 to 1.0.0</title>
</head>
<body>
<h1>Upgrading from 0.8.0 to 1.0.0</h1>
<p>
The following should help most casual users of the project update their
applications:
<ul>
<li>The most significant change in 0.9.0 is that <code>ContextHolder</code> and all of its
related classes have been removed. This significant change was made for the sake of consistency
with the core Spring project's approach of a single <code>ThreadLocal</code> per use case,
instead of a shared <code>ThreadLocal</code> for multiple use cases as the previous
<code>ContextHolder</code> allowed. <b>This is an important change in 0.9.0.</b> Many applications
will need to modify their code (and possibly web views) if they directly interact with the old
<code>ContextHolder</code>. The replacement security <code>ThreadLocal</code> is called
<a href="../multiproject/acegi-security/xref/net/sf/acegisecurity/context/SecurityContextHolder.html">
SecurityContextHolder</a> and provides a single getter/setter for a
<a href="../multiproject/acegi-security/xref/net/sf/acegisecurity/context/SecurityContextHolder.html">SecurityContext</a>.
<code>SecurityContextHolder</code> guarantees to never return a <cod>null</code> <code>SecurityContext</code>.
<code>SecurityContext</code> provides single getter/setter for <code>Authentication</code>.<BR><BR>
To migrate, simply modify all your code that previously worked with <code>ContextHolder</code>,
<code>SecureContext</code> and <code>Context</code> to directly call <code>SecurityContextHolder</code>
and work with the <code>SecurityContext</code> (instead of the now removed <code>Context</code>
and <code>SecureContext</code> interfaces).<br><br>
We apologise for the inconvenience, but on a more positive note this means you receive strict
type checking, you no longer need to mess around with casting to and from <code>Context</code>
implementations, your applications no longer need to perform checking of <code>null</code> and
unexpected <code>Context</code> implementation types, and the new <code>SecurityContextHolder</code>
is an <code>InheritableThreadLocal</code> - which should make life easier in rich client
environments.<br><br></li>
<li>AbstractProcessingFilter has changed its getter/setter approach used for customised
authentication exception directions. See the <a href="../multiproject/acegi-security/xref/net/sf/acegisecurity/ui/AbstractProcessingFilter.html">
AbstractProcessingFilter JavaDocs</a> to learn more.<br><br></li>
<li>AnonymousProcessingFilter now has a removeAfterRequest property, which defaults to true. This
will cause the anonymous authentication token to be set to null at the end of each request, thus
avoiding the expense of creating a HttpSession in HttpSessionContextIntegrationFilter. You may
set this property to false if you would like the anoymous authentication token to be preserved,
which would be an unusual requirement.<br><br></li>
2005-11-03 01:55:47 -05:00
<li>Event publishing has been refactored. New event classes have been added, and the location of
LoggerListener has changed. See the net.sf.acegisecurity.event package.</li>
</ul>
</body>
</html>