diff --git a/docs/manual/src/docs/asciidoc/_includes/migrate-3-to-4.adoc b/docs/manual/src/docs/asciidoc/_includes/migrate-3-to-4.adoc index 87899d81b1..fc5f3cbbf4 100644 --- a/docs/manual/src/docs/asciidoc/_includes/migrate-3-to-4.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/migrate-3-to-4.adoc @@ -8,7 +8,7 @@ As a major release version, the Spring Security team took the opportunity to mak * Minimizing https://www.owasp.org/index.php/Information_Leakage[Information Leakage] * Removing deprecated APIs -A complete listing of non-passive changes between 3.x and 4.x can be found in https://jira.spring.io/issues/?jql=project%20%3D%20SEC%20AND%20status%20in%20(Resolved%2C%20Closed)%20AND%20fixVersion%20in%20(4.0.0.M1%2C%204.0.0.M2%2C%204.0.0.RC1%2C%204.0.0.RC2)%20AND%20labels%20%3D%20passivity[JIRA] +A complete listing of non-passive changes between 3.x and 4.x can be found in https://jira.spring.io/issues/?jql=project%20%3D%20SEC%20AND%20status%20in%20(Resolved%2C%20Closed)%20AND%20fixVersion%20in%20(4.0.0%2C%204.0.0.M1%2C%204.0.0.M2%2C%204.0.0.RC1%2C%204.0.0.RC2)%20AND%20labels%20%3D%20passivity[JIRA] This guide is intended to help users migrate from Spring Security 3.x to Spring Security 4.x. NOTE: It is expected that users will be able to easily perform a successful migration within an hour. @@ -17,9 +17,31 @@ NOTE: It is expected that users will be able to easily perform a successful migr == Migrate XML Namespace Defaults We updated the default values for many of the Spring Security XML Namespace Elements. -If you do not use XML based configuration, you may safely skip this section and proceed to <> You can find a detailed list of changes and how to address them below. +NOTE: If you do not use XML based configuration, you may safely skip this section and proceed to <> + +[[m3to4-xmlnamespace-related]] +=== Related Links + +For thoroughness we have include the related links in the table below. + +|==== +| JIRA | Commits + +| https://jira.spring.io/browse/SEC-2783[SEC-2783] +| https://github.com/spring-projects/spring-security/commit/c67ff42b8abe124b7956896c78e9aac896fd79d9[c67ff42] + +| https://jira.spring.io/browse/SEC-2347[SEC-2347] +| https://github.com/spring-projects/spring-security/commit/4392205f63e49b9675b06e584f571a48b017d0b6[4392205] + +| https://jira.spring.io/browse/SEC-2348[SEC-2348] +| https://github.com/spring-projects/spring-security/commit/eedbf442359f9a99e367f2fdef61deea1cef46c9[eedbf44] + +| https://jira.spring.io/browse/SEC-2873[SEC-2873] +| https://github.com/spring-projects/spring-security/commit/5f57e5b0c3726466db4f5d0521ac26423f0d9cd4[5f57e5b] +|==== + [[m3to4-xmlnamespace-http]] === Migrate @@ -558,4 +580,212 @@ http [[m3to4-deprecations]] == Deprecations -TBD \ No newline at end of file +=== spring-security-acl + +==== AclImpl + +AclImpl had a deprecated constructor removed. Specifically, the constructor that defaults the `PermissionGrantingStrategy` was removed: + +[source,java] +---- +@Deprecated +public AclImpl(ObjectIdentity objectIdentity, Serializable id, AclAuthorizationStrategy aclAuthorizationStrategy, + AuditLogger auditLogger, Acl parentAcl, List loadedSids, boolean entriesInheriting, Sid owner) { + ... +} +---- + +This means that an AclImpl was being created with this constructor: + +[source,java] +---- +new AclImpl(objectIdentity, id, aclAuthorizationStrategy, auditLogger, + parentAcl, loadedSids, entriesInheriting, owner); +---- + +it needs to be updated to pass in the `PermissionGrantingStrategy` instead of the `AuditLogger` + + +[source,java] +---- +PermissionGrantingStrategy permissionGrantingStrategy = + new DefaultPermissionGrantingStrategy(auditLogger); +new AclImpl(objectIdentity, id, aclAuthorizationStrategy, permissionGrantingStrategy, + parentAcl, loadedSids, entriesInheriting, owner); +---- + +==== EhCacheBasedAclCache + +`EhCacheBasedAclCache` had a deprecated constructor removed. Specifically, the constructor that defaults the `PermissionGrantingStrategy` was removed: + +[source,java] +---- +@Deprecated +public EhCacheBasedAclCache(Ehcache cache) { + ... +} +---- + +This means that an `EhCacheBasedAclCache` was being created with this constructor: + +[source,java] +---- +new EhCacheBasedAclCache(ehCache); +---- + +it needs to be updated to pass in the `PermissionGrantingStrategy` too: + + +[source,java] +---- +PermissionGrantingStrategy permissionGrantingStrategy = + new DefaultPermissionGrantingStrategy(auditLogger); +new EhCacheBasedAclCache(ehCache, permissionGrantingStrategy); +---- + +=== spring-security-cas + +==== ServiceAuthenticationDetailsSource + +`ServiceAuthenticationDetailsSource` removed the deprecated construtors that defaulted the `ServiceProperties`. + +[source,java] +---- +@Deprecated +public ServiceAuthenticationDetailsSource() { + ... +} + +@Deprecated +public ServiceAuthenticationDetailsSource(final String artifactParameterName) { + ... +} +---- + +This means that an `ServiceAuthenticationDetailsSource` was being created with these constructors: + +[source,java] +---- +new ServiceAuthenticationDetailsSource(); + +new ServiceAuthenticationDetailsSource(artifactId); +---- + +it needs to be updated to pass in the `ServiceProperties` as shown below: + + +[source,java] +---- +new ServiceAuthenticationDetailsSource(serviceProperties); + +new ServiceAuthenticationDetailsSource(serviceProperties, artifactId); +---- + +=== spring-security-config + +==== filter-invocation-definition-source + +The XML element `filter-invocation-definition-source` was removed in favor of <>. +This means if you have something like this: + +[source,xml] +---- + + ... + +---- + +it needs to be replaced with: + +[source,xml] +---- + + ... + +---- + +==== http@access-denied-page +The XML attribute `http@access-denied-page` was removed in favor of <>. +This means if you have something like this: + + +[source,xml] +---- + + ... + +---- + +it needs to be replaced with: + +[source,xml] +---- + + + +---- + +==== http@path-type +The XML attribute `http@path-type` was removed in favor of <>. +This means if you have something like this: + + +[source,xml] +---- + + ... + +---- + +it needs to be replaced with: + +[source,xml] +---- + + ... + +---- + +==== filter-chain-map@path-type +The XML attribute `filter-chain-map@path-type` was removed in favor of <>. +This means if you have something like this: + + +[source,xml] +---- + + ... + +---- + +it needs to be replaced with: + +[source,xml] +---- + + ... + +---- + +==== filter-security-metadata-source@path-type +The XML attribute `filter-security-metadata-source@path-type` was removed in favor of <>. +This means if you have something like this: + + +[source,xml] +---- + + ... + +---- + +it needs to be replaced with: + +[source,xml] +---- + + ... + +---- + +