SEC-2782: Additional Updates to Migration Guide from 3.x to 4.x

2025-05-31 01:02:14 +00:00 · 2015-03-06 17:10:06 -06:00 · 2015-03-06 17:10:06 -06:00 · 9b4cbff58c
commit 9b4cbff58c
parent bed20db905
1 changed files with 233 additions and 3 deletions
--- a/docs/manual/src/docs/asciidoc/_includes/migrate-3-to-4.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/migrate-3-to-4.adoc
@ -8,7 +8,7 @@ As a major release version, the Spring Security team took the opportunity to mak
 * Minimizing https://www.owasp.org/index.php/Information_Leakage[Information Leakage]
 * Removing deprecated APIs

-A complete listing of non-passive changes between 3.x and 4.x can be found in https://jira.spring.io/issues/?jql=project%20%3D%20SEC%20AND%20status%20in%20(Resolved%2C%20Closed)%20AND%20fixVersion%20in%20(4.0.0.M1%2C%204.0.0.M2%2C%204.0.0.RC1%2C%204.0.0.RC2)%20AND%20labels%20%3D%20passivity[JIRA]
+A complete listing of non-passive changes between 3.x and 4.x can be found in https://jira.spring.io/issues/?jql=project%20%3D%20SEC%20AND%20status%20in%20(Resolved%2C%20Closed)%20AND%20fixVersion%20in%20(4.0.0%2C%204.0.0.M1%2C%204.0.0.M2%2C%204.0.0.RC1%2C%204.0.0.RC2)%20AND%20labels%20%3D%20passivity[JIRA]
 This guide is intended to help users migrate from Spring Security 3.x to Spring Security 4.x.

 NOTE: It is expected that users will be able to easily perform a successful migration within an hour.
@ -17,9 +17,31 @@ NOTE: It is expected that users will be able to easily perform a successful migr
 == Migrate XML Namespace Defaults

 We updated the default values for many of the Spring Security XML Namespace Elements.
-If you do not use XML based configuration, you may safely skip this section and proceed to <<m3to4-filter-urls>>
 You can find a detailed list of changes and how to address them below.

+NOTE: If you do not use XML based configuration, you may safely skip this section and proceed to <<m3to4-filter-urls>>
+
+[[m3to4-xmlnamespace-related]]
+=== Related Links
+
+For thoroughness we have include the related links in the table below.
+
+|====
+| JIRA | Commits
+
+| https://jira.spring.io/browse/SEC-2783[SEC-2783]
+| https://github.com/spring-projects/spring-security/commit/c67ff42b8abe124b7956896c78e9aac896fd79d9[c67ff42]
+
+| https://jira.spring.io/browse/SEC-2347[SEC-2347]
+| https://github.com/spring-projects/spring-security/commit/4392205f63e49b9675b06e584f571a48b017d0b6[4392205]
+
+| https://jira.spring.io/browse/SEC-2348[SEC-2348]
+| https://github.com/spring-projects/spring-security/commit/eedbf442359f9a99e367f2fdef61deea1cef46c9[eedbf44]
+
+| https://jira.spring.io/browse/SEC-2873[SEC-2873]
+| https://github.com/spring-projects/spring-security/commit/5f57e5b0c3726466db4f5d0521ac26423f0d9cd4[5f57e5b]
+|====
+
 [[m3to4-xmlnamespace-http]]
 === Migrate <http>

@ -558,4 +580,212 @@ http
 [[m3to4-deprecations]]
 == Deprecations

-TBD
+=== spring-security-acl
+
+==== AclImpl
+
+AclImpl had a deprecated constructor removed. Specifically, the constructor that defaults the `PermissionGrantingStrategy` was removed:
+
+[source,java]
+----
+@Deprecated
+public AclImpl(ObjectIdentity objectIdentity, Serializable id, AclAuthorizationStrategy aclAuthorizationStrategy,
+               AuditLogger auditLogger, Acl parentAcl, List<Sid> loadedSids, boolean entriesInheriting, Sid owner) {
+    ...
+}
+----
+
+This means that an AclImpl was being created with this constructor:
+
+[source,java]
+----
+new AclImpl(objectIdentity, id, aclAuthorizationStrategy, auditLogger,
+            parentAcl, loadedSids, entriesInheriting, owner);
+----
+
+it needs to be updated to pass in the `PermissionGrantingStrategy` instead of the `AuditLogger`
+
+
+[source,java]
+----
+PermissionGrantingStrategy permissionGrantingStrategy =
+   new DefaultPermissionGrantingStrategy(auditLogger);
+new AclImpl(objectIdentity, id, aclAuthorizationStrategy, permissionGrantingStrategy,
+            parentAcl, loadedSids, entriesInheriting, owner);
+----
+
+==== EhCacheBasedAclCache
+
+`EhCacheBasedAclCache` had a deprecated constructor removed. Specifically, the constructor that defaults the `PermissionGrantingStrategy` was removed:
+
+[source,java]
+----
+@Deprecated
+public EhCacheBasedAclCache(Ehcache cache) {
+    ...
+}
+----
+
+This means that an `EhCacheBasedAclCache` was being created with this constructor:
+
+[source,java]
+----
+new EhCacheBasedAclCache(ehCache);
+----
+
+it needs to be updated to pass in the `PermissionGrantingStrategy` too:
+
+
+[source,java]
+----
+PermissionGrantingStrategy permissionGrantingStrategy =
+   new DefaultPermissionGrantingStrategy(auditLogger);
+new EhCacheBasedAclCache(ehCache, permissionGrantingStrategy);
+----
+
+=== spring-security-cas
+
+==== ServiceAuthenticationDetailsSource
+
+`ServiceAuthenticationDetailsSource` removed the deprecated construtors that defaulted the `ServiceProperties`.
+
+[source,java]
+----
+@Deprecated
+public ServiceAuthenticationDetailsSource() {
+    ...
+}
+
+@Deprecated
+public ServiceAuthenticationDetailsSource(final String artifactParameterName) {
+    ...
+}
+----
+
+This means that an `ServiceAuthenticationDetailsSource` was being created with these constructors:
+
+[source,java]
+----
+new ServiceAuthenticationDetailsSource();
+
+new ServiceAuthenticationDetailsSource(artifactId);
+----
+
+it needs to be updated to pass in the `ServiceProperties` as shown below:
+
+
+[source,java]
+----
+new ServiceAuthenticationDetailsSource(serviceProperties);
+
+new ServiceAuthenticationDetailsSource(serviceProperties, artifactId);
+----
+
+=== spring-security-config
+
+==== filter-invocation-definition-source
+
+The XML element `filter-invocation-definition-source` was removed in favor of <<nsa-filter-security-metadata-source,filter-security-metadata-source>>.
+This means if you have something like this:
+
+[source,xml]
+----
+<filter-invocation-definition-source ...>
+    ...
+</filter-invocation-definition-source>
+----
+
+it needs to be replaced with:
+
+[source,xml]
+----
+<filter-security-metadata-source ...>
+    ...
+</filter-security-metadata-source>
+----
+
+==== http@access-denied-page
+The XML attribute `http@access-denied-page` was removed in favor of <<nsa-access-denied-handler-error-page,access-denied-handler@error-page>>.
+This means if you have something like this:
+
+
+[source,xml]
+----
+<http ... access-denied-page="/denied">
+    ...
+</http>
+----
+
+it needs to be replaced with:
+
+[source,xml]
+----
+<http ...>
+    <access-denied-handler error-page="/denied"/>
+</http>
+----
+
+==== http@path-type
+The XML attribute `http@path-type` was removed in favor of <<nsa-http-request-matcher,http@request-matcher>>.
+This means if you have something like this:
+
+
+[source,xml]
+----
+<http ... path-type="regex">
+    ...
+</http>
+----
+
+it needs to be replaced with:
+
+[source,xml]
+----
+<http ... request-matcher="regex">
+    ...
+</http>
+----
+
+==== filter-chain-map@path-type
+The XML attribute `filter-chain-map@path-type` was removed in favor of <<nsa-filter-chain-map-request-matcher,filter-chain-map@request-matcher>>.
+This means if you have something like this:
+
+
+[source,xml]
+----
+<filter-chain-map ... path-type="regex">
+    ...
+</filter-chain-map>
+----
+
+it needs to be replaced with:
+
+[source,xml]
+----
+<filter-chain-map ... request-matcher="regex">
+    ...
+</filter-chain-map>
+----
+
+==== filter-security-metadata-source@path-type
+The XML attribute `filter-security-metadata-source@path-type` was removed in favor of <<nsa-filter-security-metadata-source-request-matcher,filter-security-metadata-source@request-matcher>>.
+This means if you have something like this:
+
+
+[source,xml]
+----
+<filter-security-metadata-source ... path-type="regex">
+    ...
+</filter-security-metadata-source>
+----
+
+it needs to be replaced with:
+
+[source,xml]
+----
+<filter-security-metadata-source ... request-matcher="regex">
+    ...
+</filter-security-metadata-source>
+----
+
+