AuthorizeTag no longer depends on JDK 1.4. Tested on Websphere 5.0 w/JDK 1.3 (see http://opensource.atlassian.com/projects/spring/browse/SEC-11)

core/src/main/java/org/acegisecurity/taglibs/authz/AuthorizeTag.java

@@ -164,8 +164,16 @@ public class AuthorizeTag extends TagSupport {
 
         for (int i = 0; i < authorities.length; i++) {
             String authority = authorities[i];
-            String role = authority.replaceAll("\\s+", "");
+
-            requiredAuthorities.add(new GrantedAuthorityImpl(role));
+         // Remove the role's whitespace characters without depending on JDK 1.4+ 
+         // Includes space, tab, new line, carriage return and form feed. 
+         String role = StringUtils.replace(authority, " ", ""); 
+         role = StringUtils.replace(role, "\t", ""); 
+         role = StringUtils.replace(role, "\r", ""); 
+         role = StringUtils.replace(role, "\n", ""); 
+         role = StringUtils.replace(role, "\f", ""); 
+
+         requiredAuthorities.add(new GrantedAuthorityImpl(role));
         }
 
         return requiredAuthorities;

doc/xdocs/changes.xml

@@ -52,6 +52,7 @@
       <action dev="smccrory" type="add">SiteMinder authentication services (see http://opensource.atlassian.com/projects/spring/browse/SEC-35)</action>
       <action dev="luke_t" type="add">Acegifier sample added (see http://opensource.atlassian.com/projects/spring/browse/SEC-1)</action>
       <action dev="smccrory" type="fix">CVS changes to help new Eclipse-based developers get started</action>
+      <action dev="smccrory" type="fix">AuthorizeTag no longer depends on JDK 1.4.  Tested on Websphere 5.0 w/JDK 1.3 (see http://opensource.atlassian.com/projects/spring/browse/SEC-11)</action>
     </release>
     <release version="0.8.3" date="2005-05-12">
       <action dev="benalex" type="fix">HttpSessionContextIntegrationFilter elegantly handles IOExceptions and ServletExceptions within filter chain (see http://opensource.atlassian.com/projects/spring/browse/SEC-20)</action>