diff --git a/src/docbkx/namespace-config.xml b/src/docbkx/namespace-config.xml
index 73ffa09ff8..6aa809ebb7 100644
--- a/src/docbkx/namespace-config.xml
+++ b/src/docbkx/namespace-config.xml
@@ -276,7 +276,7 @@
user-service-ref attribute:
-
+
]]>
@@ -355,7 +355,7 @@
file to keep Spring Security updated about session lifecycle events:
- org.springframework.security.ui.session.HttpSessionEventPublisher
+ org.springframework.security.web.session.HttpSessionEventPublisher
]]> Then add the following line to your application context:
diff --git a/src/docbkx/preauth.xml b/src/docbkx/preauth.xml
index c395158466..7387194e98 100644
--- a/src/docbkx/preauth.xml
+++ b/src/docbkx/preauth.xml
@@ -34,9 +34,8 @@
X.509 authentication, as it already has a namespace configuration
option which is simpler to use and get started with. If you need to use explicit bean confiuration or
are planning on writing your own implementation then an understanding of how the
- provided implementations work will be useful. You will find the web related classes under the
- org.springframework.security.ui.preauth package and the backend classes
- under org.springframework.security.providers.preauth. We just provide an outline
+ provided implementations work will be useful. You will find classes under the
+ org.springframework.security.web.authentication.preauth. We just provide an outline
here so you should consult the Javadoc and source where appropriate.
@@ -152,14 +151,14 @@
A typical configuration using this filter would look like this:
+ class="org.springframework.security.web.authentication.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter">
+ class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
The beans required in an application context to enable remember-me services are as follows:
+ class="org.springframework.security.web.authentication.rememberme.RememberMeProcessingFilter">
-
+
+ class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationProvider">
]]>
diff --git a/src/docbkx/runas-auth-provider.xml b/src/docbkx/runas-auth-provider.xml
index ae24cd37aa..a5148d0c0b 100644
--- a/src/docbkx/runas-auth-provider.xml
+++ b/src/docbkx/runas-auth-provider.xml
@@ -87,12 +87,12 @@
bean context with the same key:
+
+ class="org.springframework.security.access.intercept.RunAsImplAuthenticationProvider">
]]>By using the same key, each RunAsUserToken
diff --git a/src/docbkx/samples.xml b/src/docbkx/samples.xml
index f96b3cdd39..fb2a0f4fe9 100644
--- a/src/docbkx/samples.xml
+++ b/src/docbkx/samples.xml
@@ -45,7 +45,7 @@
and passwords are suggested on that page. Simply authenticate with any of these and view
the resulting page. It should contain a success message similar to the following:
- Authentication object is of type: org.springframework.security.providers.UsernamePasswordAuthenticationToken
+ Authentication object is of type: org.springframework.security.authentication.UsernamePasswordAuthenticationToken
Authentication object as a String:
org.springframework.security.providers.UsernamePasswordAuthenticationToken@1f127853:
diff --git a/src/docbkx/secured-objects.xml b/src/docbkx/secured-objects.xml
index e994138a38..4c068839dc 100644
--- a/src/docbkx/secured-objects.xml
+++ b/src/docbkx/secured-objects.xml
@@ -32,14 +32,14 @@
for use with one of Spring AOP's proxying mechanisms:
+ class="org.springframework.security.intercept.aopalliance.MethodSecurityInterceptor">
-
+
- org.springframework.security.context.BankManager.delete*=ROLE_SUPERVISOR
- org.springframework.security.context.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR
+ com.mycompany.BankManager.delete*=ROLE_SUPERVISOR
+ com.mycompany.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR
]]>
@@ -76,14 +76,14 @@
+ class="org.springframework.security.intercept.aspectj.AspectJSecurityInterceptor">
-
+
- org.springframework.security.context.BankManager.delete*=ROLE_SUPERVISOR
- org.springframework.security.context.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR
+ com.mycompany.BankManager.delete*=ROLE_SUPERVISOR
+ com.mycompany.BankManager.getBalance=ROLE_TELLER,ROLE_SUPERVISOR
]]>
@@ -91,8 +91,8 @@
As you can see, aside from the class name, the
AspectJSecurityInterceptor is exactly the same as
the AOP Alliance security interceptor. Indeed the two interceptors can
- share the same objectDefinitionSource, as the
- ObjectDefinitionSource works with
+ share the same securityMetadataSource, as the
+ SecurityMetadataSource works with
java.lang.reflect.Methods rather than an AOP
library-specific class. Of course, your access decisions have access
to the relevant AOP library-specific invocation (ie
@@ -106,8 +106,8 @@
package org.springframework.security.samples.aspectj;
-import org.springframework.security.intercept.method.aspectj.AspectJSecurityInterceptor;
-import org.springframework.security.intercept.method.aspectj.AspectJCallback;
+import org.springframework.security.intercept.aspectj.AspectJSecurityInterceptor;
+import org.springframework.security.intercept.aspectj.AspectJCallback;
import org.springframework.beans.factory.InitializingBean;
public aspect DomainObjectInstanceSecurityAspect implements InitializingBean {
@@ -187,12 +187,12 @@ public void afterPropertiesSet() throws Exception {
+ class="org.springframework.security.web.access.ExceptionTranslationFilter">
+ class="org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint">
@@ -201,7 +201,7 @@ public void afterPropertiesSet() throws Exception {
class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
-
+
@@ -251,23 +251,23 @@ public void afterPropertiesSet() throws Exception {
used to configure a FilterChainProxy but the <intercept-url>
child elements only use the pattern and access attributes.
The second is by writing your own
- ObjectDefinitionSource, although this is beyond the
+ SecurityMetadataSource, although this is beyond the
scope of this document. Irrespective of the approach used, the
- ObjectDefinitionSource is responsible for returning
+ SecurityMetadataSource is responsible for returning
a List<ConfigAttribute> containing
all of the configuration attributes associated with a single secure
HTTP URL.It should be noted that the
- FilterSecurityInterceptor.setObjectDefinitionSource()
+ FilterSecurityInterceptor.setSecurityMetadataSource()
method actually expects an instance of
FilterInvocationDefinitionSource. This is a marker
- interface which subclasses ObjectDefinitionSource.
- It simply denotes the ObjectDefinitionSource
+ interface which subclasses SecurityMetadataSource.
+ It simply denotes the SecurityMetadataSource
understands FilterInvocations. In the interests of
simplicity we'll continue to refer to the
FilterInvocationDefinitionSource as an
- ObjectDefinitionSource, as the distinction is of
+ SecurityMetadataSource, as the distinction is of
little relevance to most users of the
FilterSecurityInterceptor.
@@ -276,7 +276,7 @@ public void afterPropertiesSet() throws Exception {
attributes that apply to each HTTP URL. Each configuration attribute
is assigned into its own SecurityConfig object. The
SecurityConfig object is discussed in the High
- Level Design section. The ObjectDefinitionSource
+ Level Design section. The SecurityMetadataSource
created by the property editor,
FilterInvocationDefinitionSource, matches
configuration attributes against FilterInvocations
@@ -295,7 +295,7 @@ public void afterPropertiesSet() throws Exception {
-
+
diff --git a/src/docbkx/supporting-infrastructure.xml b/src/docbkx/supporting-infrastructure.xml
index 434a8158eb..7b10b413c4 100644
--- a/src/docbkx/supporting-infrastructure.xml
+++ b/src/docbkx/supporting-infrastructure.xml
@@ -145,12 +145,12 @@
FilterChainProxy class. It is wired using a
DelegatingFilterProxy (just like in the example above),
but the target class is
- org.springframework.security.util.FilterChainProxy.
+ org.springframework.security.web.FilterChainProxy.
The filter chain is then declared in the application context, using
code such as this:
+