===============================================================================
          ACEGI SECURITY SYSTEM FOR SPRING - UPGRADING FROM 0.3 TO 0.4
===============================================================================

Several changes were made between version 0.3 and 0.4 of the project.
These changes increased the modularity of the code, enhanced unit testing,
made package roles clearer, and added compelling alternatives to container
adapters and using web.xml security constraints to protect HTTP resources.

Unfortunately, changes to the API and package locations were required. The
following should help most casual users of the project update their
applications:

- All references to net.sf.acegisecurity.SecurityInterceptor become
  net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor.

- All references to net.sf.acegisecurity.MethodDefinitionAttributes become
  net.sf.acegisecurity.intercept.method.MethodDefinitionAttributes.

- All references to net.sf.acegisecurity.adapters.AutoIntegrationFilter become
  net.sf.acegisecurity.ui.AutoIntegrationFilter (see your web.xml).

- If you're using container adapters (extremely likely), consider replacing
  them with the net.sf.acegisecurity.ui.webapp package. This will avoid
  the need to have JARs in your container classloader, and is a lot cleaner.
  Refer to the reference documentation or Contacts sample application.

- If you're using web.xml <security-constraint>s for securing HTTP URLs
  (extremely likely), consider replacing it with the
  net.sf.acegisecurity.intercept.web package. This will give you considerably
  more flexibility, and reuse the same concepts as you'd be familiar with
  via the method security interception system. Refer to the reference
  documentation or Contacts sample application.

- The Contacts sample application now builds two distributions: contacts.war
  can be instantly deployed without configuring any container adapters,
  whilst contacts-container-adapter.war still uses container adapters. The
  contacts.war uses the net.sf.acegisecurity.intercept.web package to
  protect HTTP URLs, rather than web.xml <security-constraint>s.

- If you're using the Jetty container adapter, please check the jetty.xml
  requirements in the reference documentation. There has been a minor change.

We hope you find the new features useful in your projects.


$Id$