spring-security/doc/xdocs/upgrade/upgrade-04-05.html

<html>
<head>
<title>Acegi Security - Upgrading from version 0.4 to 0.5</title>
</head>
<body>
<h1>Upgrading from 0.4 to 0.5</h1>

<p>The following should help most casual users of the project update their
applications:
<ul>

<li>All filters are now loaded via FilterToBeanProxy. The FilterToBeanProxy
  obtains the filter from a Spring application context via the
  WebApplicationContextUtils.getApplicationContext() method. Refer to the
  reference documentation to see the new configuration of filters.</li>

<li>SecurityEnforcementFilter now requires an AuthenticationEntryPoint
  and PortResolver. Refer to the reference documentation to see the
  alternatives AuthenticationEntryPoint implementations available. Simply
  use the PortResolverImpl for the PortResolver requirement.</li>

<li>Any of your login or login failure pages that previously referred to
  AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY
  should now use
  net.sf.acegisecurity.ui.AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY.</li>

<li>DaoAuthenticationProvider no longer provides setters for case sensitivity
  handling. The respective AuthenticationDao implementations should decide
  whether or not to return User instances reflecting the exact case of the
  requested username. The new PlaintextPasswordEncoder offers a setter for
  ignoring the password case (defaults to require exact case matches).</li>

<li>DaoAuthenticationProvider now provides caching. Successful authentications
  return DaoAuthenticationTokens. You must set the mandatory "key" property
  on DaoAuthenticationProvider so these tokens can be validated. You may
  also wish to change the "refreshTokenInterval" property from the default
  of 60,000 milliseconds.</li>

<li>If you're using container adapters, please refer to the reference
  documentation as additional JARs are now required in your container
  classloader.</li>

<li>Whilst not really a change needed to your program, if you're using
  Acegi Security please consider joining the acegisecurity-developer mailing
  list. This is currently the best way to keep informed about the project's
  status and provide feedback in design discussions. You can join at 
  https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer.
  Please continue using the Spring Users mailing list for general support.</li>
</ul>

<p>
There are also lots of new features you might wish to consider for your
projects. These include CAS integration, pluggable password encoders
(such as MD5 and SHA), along with pluggable salt sources. We hope you find
the new features useful in your projects.


</body>
</html>