35 lines
2.0 KiB
Plaintext
35 lines
2.0 KiB
Plaintext
===============================================================================
|
|
ACEGI SECURITY SYSTEM FOR SPRING - UPGRADING FROM 0.6 TO 0.7
|
|
===============================================================================
|
|
|
|
The following should help most casual users of the project update their
|
|
applications:
|
|
|
|
- MethodDefinitionMap, which is usually used by MethodSecurityInterceptor
|
|
for its objectDefinitionSource property, has been changed. From 0.7, when
|
|
MethodDefinitionMap is queried for configuration attributes associated with
|
|
secure MethodInvocations, it will use any method matching in the method
|
|
invocation class (as it always has) plus any method matching any interface
|
|
the MethodInvocation class directly implements. So consider a PersonManager
|
|
interface, a PersonManagerImpl class that implements it, and a definition of
|
|
PersonManager.findAll=ROLE_FOO. In this example, any query for either
|
|
PersonManager.findAll OR PersonManagerImpl.findAll will return ROLE_FOO.
|
|
As we have always encouraged definition against the interface names (as per
|
|
this example), this change should not adversely impact users. This change
|
|
was necessary because of the new MethodDefinitionSourceAdvisor (see below).
|
|
Refer to the MethodDefinitionMap JavaDocs for further clarification.
|
|
|
|
- MethodDefinitionSourceAdvisor can now be used instead of defining proxies
|
|
for secure business objects. The advisor is fully compatible with both
|
|
MethodDefinitionMap and MethodDefinitionAttributes. Using an advisor allows
|
|
caching of which methods the MethodSecurityInterceptor should handle, thus
|
|
providing a performance benefit as MethodSecurityInterceptor is not called
|
|
for public (non-secure) objects. It also simplifies configuration.
|
|
|
|
- MethodSecurityInterceptor has moved from
|
|
net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor to
|
|
net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.
|
|
A simple find and replace will suffice to update your application contexts.
|
|
|
|
$Id$
|