Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
spring-security/doc/xdocs/upgrade/upgrade-070-080.html

47 lines
2.3 KiB
HTML
Raw Blame History

<html>
<head>
<title>Acegi Security - Upgrading from version 0.7.0 to 0.8.0</title>
</head>
<body>
<h1>Upgrading from 0.7.0 to 0.8.0</h1>
<p>
The following should help most casual users of the project update their
applications:
<ul>
<li>HttpSessionIntegrationFilter has been removed. Use net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter instead.
Note you will need to set the mandatory "context" property to something like "net.sf.acegisecurity.context.security.SecureContextImpl".
It's not the default because we want no dependencies between the context package and the rest of Acegi Security.<br><br></li>
<li>Filter ordering has changed. See the reference guide for confirmation of the correct ordering. Basically you should have
HttpSessionContextIntegrationFilter appear before any of your authentication mechanisms.<br><br></li>
<li>IoC container hosted filter chains can now be used instead of lengthy web.xml declarations. See the reference guide or the
Contacts Sample for further information.<br><br></li>
<li>Certain classes have been moved to new packages: ContextHolderAwareRequestWrapper (and its filter),
AuthenticationSimpleHttpInvokerRequestExecutor, ContextPropagatingRemoteInvocation,
SecureContext (and its implementation). These classes were moved as part of refactorings aimed at
improving the simplicity of the project's design.<br><br></li>
<li>If you wish to use the new ConcurrentSessionController you must declare the HttpSessionEventPublisher context listener in your
web.xml<br><br></li>
<li>The JaasAuthenticationCallbackHandler interface has had it's setAuthentication method removed.
The handle method now takes both the Callback and Authentication objects as arguments.<br><br></li>
<li>Added AuthenticationException to the AutenticationEntryPoint.commence method signature.<br><br></li>
<li>Added AccessDeniedException to the SecurityEncorcementFilter.sendAccessDeniedError method signature.<br><br></li>
<li>The Authentication.getDetails() no longer returns simply the IP address used for authentication.
It now returns a WebAuthenticationDetails instance, which contains the IP address, session information,
and can be extended to store further details.<br><br></li>
</ul>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink