Thursday April 17, 2008
Thursday April 17, 2008
Upgrading to Spring Security 2.0 This evening I spent a few hours and upgraded AppFuse to use Acegi Spring Security 2.0. The upgrade was fairly straightforward:
- %s/org.acegisecurity/org.springframework.security/g
- Upgraded dependencies (exclusions are necessary if you're using Spring 2.5.x and don't want 2.0.x dependencies pulled in):
<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core-tiger</artifactId> <version>${spring.security.version}</version> <exclusions> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> </exclusion> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-support</artifactId> </exclusion> </exclusions> </dependency> ... <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>${spring.security.version}</version> <exclusions> <exclusion> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> </exclusion> </exclusions> </dependency> - Changed taglib prefix from "authz" to "security" and change the associated taglib declaration to:
<%@ taglib uri="http://www.springframework.org/security/tags" prefix="security" %> - In web.xml, I changed <filter-class> to org.springframework.web.filter.DelegatingFilterProxy. Since I didn't name my filter springSecurityFilterChain, I also had to add the following <init-param>:
<init-param> <param-name>targetBeanName</param-name> <param-value>springSecurityFilterChain</param-value> </init-param> - Lastly, I modified security.xml to use the new syntax. AppFuse's security.xml went from 175 lines to 33 with the new security namespace configuration!
It's hard to believe I first looked at Acegi almost 4 years ago. At that time, I said it contained too much XML for my needs. Ben's reaction:
Seriously, the "whole lotta XML" gives you exponentially more power and flexibility than a method such as this could ever hope to provide you.
It's nice to see that Spring Security 2.0 gives you exponentially more power and flexibility without all the XML. Thanks guys!
P.S. You can also view the full changelog for this upgrade.
Update: If you're using <authz:authentication property="fullName"/> in your JSPs, you'll need to change it to <security:authentication property="principal.fullName"/>. Posted in Java at Apr 17 2008, 02:45:47 AM MDT 12 Comments
Search This Site
Recent Entries
- Spring MVC vs. JSF and The State of Spring Web
- Extensionless URLs with Java Web Frameworks
- AppFuse 2.0.2 Released
- AppFuse Light 1.8.2 Released
- Issues with AntRun Plugin and Maven
- JavaOne Parties Update
- Happy Cinco de Linko!
- Denver Weather
- Running Spring MVC Web Applications in OSGi
- JavaOne: Where are the good parties at?