spring-security/upgrade-03-04.txt

48 lines
2.3 KiB
Plaintext

===============================================================================
ACEGI SECURITY SYSTEM FOR SPRING - UPGRADING FROM 0.3 TO 0.4
===============================================================================
Several changes were made between version 0.3 and 0.4 of the project.
These changes increased the modularity of the code, enhanced unit testing,
made package roles clearer, and added compelling alternatives to container
adapters and using web.xml security constraints to protect HTTP resources.
Unfortunately, changes to the API and package locations were required. The
following should help most casual users of the project update their
applications:
- All references to net.sf.acegisecurity.SecurityInterceptor become
net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor.
- All references to net.sf.acegisecurity.MethodDefinitionAttributes become
net.sf.acegisecurity.intercept.method.MethodDefinitionAttributes.
- All references to net.sf.acegisecurity.adapters.AutoIntegrationFilter become
net.sf.acegisecurity.ui.AutoIntegrationFilter (see your web.xml).
- If you're using container adapters (extremely likely), consider replacing
them with the net.sf.acegisecurity.ui.webapp package. This will avoid
the need to have JARs in your container classloader, and is a lot cleaner.
Refer to the reference documentation or Contacts sample application.
- If you're using web.xml <security-constraint>s for securing HTTP URLs
(extremely likely), consider replacing it with the
net.sf.acegisecurity.intercept.web package. This will give you considerably
more flexibility, and reuse the same concepts as you'd be familiar with
via the method security interception system. Refer to the reference
documentation or Contacts sample application.
- The Contacts sample application now builds two distributions: contacts.war
can be instantly deployed without configuring any container adapters,
whilst contacts-container-adapter.war still uses container adapters. The
contacts.war uses the net.sf.acegisecurity.intercept.web package to
protect HTTP URLs, rather than web.xml <security-constraint>s.
- If you're using the Jetty container adapter, please check the jetty.xml
requirements in the reference documentation. There has been a minor change.
We hope you find the new features useful in your projects.
$Id$