From 97bd75f78c374145eb82cda318b554ec6f5eb069 Mon Sep 17 00:00:00 2001 From: Scott McCrory Date: Tue, 8 Nov 2005 01:08:07 +0000 Subject: [PATCH] Added change examples and wrapped around all java & XML references. Other developers please review the end result and let me know if I went too far :-) --- doc/xdocs/upgrade/upgrade-080-090.html | 47 ++++++++++++++++++++++---- 1 file changed, 40 insertions(+), 7 deletions(-) diff --git a/doc/xdocs/upgrade/upgrade-080-090.html b/doc/xdocs/upgrade/upgrade-080-090.html index 40ac72d7ec..59ccb0170b 100644 --- a/doc/xdocs/upgrade/upgrade-080-090.html +++ b/doc/xdocs/upgrade/upgrade-080-090.html @@ -29,6 +29,29 @@ applications: and work with the SecurityContext (instead of the now removed Context and SecureContext interfaces).

+ For example, change:
+ + SecureContext ctx = SecureContextUtils.getSecureContext();
+ + to:
+ + SecurityContext ctx = SecurityContextHolder.getContext();
+ +
+ and change:
+ + <bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
+ <property name="context"><value>net.sf.acegisecurity.context.security.SecureContextImpl</value></property>
+ </bean>
+ + to:
+ + <bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
+ <property name="context"><value>net.sf.acegisecurity.context.SecurityContextImpl</value></property>
+ </bean>
+ +
+ We apologise for the inconvenience, but on a more positive note this means you receive strict type checking, you no longer need to mess around with casting to and from Context implementations, your applications no longer need to perform checking of null and @@ -36,21 +59,31 @@ applications: is an InheritableThreadLocal - which should make life easier in rich client environments.

-
  • AbstractProcessingFilter has changed its getter/setter approach used for customised +
  • AbstractProcessingFilter has changed its getter/setter approach used for customised authentication exception directions. See the - AbstractProcessingFilter JavaDocs to learn more.

    • + AbstractProcessingFilter JavaDocs to learn more.

    -
  • AnonymousProcessingFilter now has a removeAfterRequest property, which defaults to true. This +
  • AnonymousProcessingFilter now has a removeAfterRequest property, which defaults to true. This will cause the anonymous authentication token to be set to null at the end of each request, thus - avoiding the expense of creating a HttpSession in HttpSessionContextIntegrationFilter. You may + avoiding the expense of creating a HttpSession in HttpSessionContextIntegrationFilter. You may set this property to false if you would like the anoymous authentication token to be preserved, which would be an unusual requirement.

  • Event publishing has been refactored. New event classes have been added, and the location of - LoggerListener has changed. See the net.sf.acegisecurity.event package.
    • + LoggerListener has changed. See the net.sf.acegisecurity.event package.
    +
    + For example, change:
    + + <bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/>
    +     + to:
    + + <bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.authorization.LoggerListener"/> +

    + -
  • Users of the "authz" taglib will generally need to change the "operation" - to "username", as reflection is now used to retrieve the property.
    • +
  • Users of the <authz:authentication> JSP tag will generally need to set the operation + property equal to "username", as reflection is now used to retrieve the property displayed.