spring-security/upgrade-04-05.txt

52 lines
2.6 KiB
Plaintext

===============================================================================
ACEGI SECURITY SYSTEM FOR SPRING - UPGRADING FROM 0.4 TO 0.5
===============================================================================
The following should help most casual users of the project update their
applications:
- All filters are now loaded via FilterToBeanProxy. The FilterToBeanProxy
obtains the filter from a Spring application context via the
WebApplicationContextUtils.getApplicationContext() method. Refer to the
reference documentation to see the new configuration of filters.
- SecurityEnforcementFilter now requires an AuthenticationEntryPoint
and PortResolver. Refer to the reference documentation to see the
alternatives AuthenticationEntryPoint implementations available. Simply
use the PortResolverImpl for the PortResolver requirement.
- Any of your login or login failure pages that previously referred to
AuthenticationProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY
should now use
net.sf.acegisecurity.ui.AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY
- DaoAuthenticationProvider no longer provides setters for case sensitivity
handling. The respective AuthenticationDao implementations should decide
whether or not to return User instances reflecting the exact case of the
requested username. The new PlaintextPasswordEncoder offers a setter for
ignoring the password case (defaults to require exact case matches).
- DaoAuthenticationProvider now provides caching. Successful authentications
return DaoAuthenticationTokens. You must set the mandatory "key" property
on DaoAuthenticationProvider so these tokens can be validated. You may
also wish to change the "refreshTokenInterval" property from the default
of 60,000 milliseconds.
- If you're using container adapters, please refer to the reference
documentation as additional JARs are now required in your container
classloader.
- Whilst not really a change needed to your program, if you're using
Acegi Security please consider joining the acegisecurity-developer mailing
list. This is currently the best way to keep informed about the project's
status and provide feedback in design discussions. You can join at
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer.
Please continue using the Spring Users mailing list for general support.
There are also lots of new features you might wish to consider for your
projects. These include CAS integration, pluggable password encoders
(such as MD5 and SHA), along with pluggable salt sources. We hope you find
the new features useful in your projects.
$Id$