GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Spring Security
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1298 Commits
49 Branches
370 Tags
121 MiB
 
 
 
 
Tree: 12c78791de
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '12c78791de'
${ noResults }
spring-security/doc/xdocs/upgrade/upgrade-05-06.html

81 lines
3.3 KiB
Raw Blame History

<html>
<head>
<title>Acegi Security - Upgrading from version 0.3 to 0.4</title>
</head>
<body>
<h1>Upgrading from 0.5 to 0.6</h1>
<p>
The following should help most casual users of the project update their
applications:
<ul>
<li>
Locate and remove all property references to
DaoAuthenticationProvider.key and
DaoAuthenticationProvider.refreshTokenInterval.</li>
<li>If you are using DaoAuthenticationProvider and either (i) you are using
container adapters or (ii) your code relies on the Authentication object
having its getPrincipal() return a String, you must set the new
DaoAuthenticationProvider property, forcePrincipalAsString, to true.
By default DaoAuthenticationProvider returns an Authentication object
containing the relevant User, which allows access to additional properties.
Where possible, we recommend you change your code to something like this,
so that you can leave forcePrincipalAsString to the false default:<br><br>
<code>
String username = authentication.getPrincipal();<br>
if (authentication.getPrincipal() instanceof User) {<br>
username = ((User) authentication.getPrincipal()).getUsername();<br>
}</br>
</code><br>
</li>
<li>The signature of AuthenticationDaos have changed. In concrete
implementations, modify the User to UserDetails, as shown below:<br><br>
<code>
public User loadUserByUsername(String username)<br>
throws UsernameNotFoundException, DataAccessException {<br><br>
to:<br><br>
public UserDetails loadUserByUsername(String username)<br>
throws UsernameNotFoundException, DataAccessException {<br><br>
</code>
Existing concrete implementations would be returning User, which implements
UserDetails, so no further code changes should be required.
</li>
<li>Similar signature changes (User -> UserDetails) are also required to any
custom implementations of UserCache and SaltSource.</li>
<li>Any custom event listeners relying on AuthenticationEvent should note a
UserDetails is now provided in the AuthenticationEvent (not a User).</li>
<li>CAS users should note the CasAuthoritiesPopulator interface signature has
changed. Most CAS users will be using DaoCasAuthoritiesPopulator, so this
change is unlikely to require any action.</li>
<li>Please check your web.xml for whether you are using AutoIntegrationFilter.
Previously this class was loaded directly by web.xml as a filter. It is
now recommended to load it via FilterToBeanProxy and define it as a
bean in your application context. This usually involves making the entry
in web.xml match the following:<br><br>
<code>
&lt;filter&gt;<br>
&lt;filter-name&gt;Acegi Security System for Spring Auto Integration Filter&lt;/filter-name&gt;<br>
&lt;filter-class&gt;net.sf.acegisecurity.util.FilterToBeanProxy&lt;/filter-class&gt;<br>
&lt;init-param&gt;<br>
&lt;param-name&gt;targetClass&lt;/param-name&gt;<br>
&lt;param-value&gt;net.sf.acegisecurity.ui.AutoIntegrationFilter&lt;/param-value&gt;<br>
&lt;/init-param&gt;<br>
&lt;/filter&gt;<br>
</code>
<br><br>
Then add the following to applicationContext.xml: <br><br>
<code>
&lt;bean id="autoIntegrationFilter" class="net.sf.acegisecurity.ui.AutoIntegrationFilter"/&gt;<br>
</code>
</li>
</ul>
</body>
</html>