Upgrading from 0.7.0 to 0.8.0
The following should help most casual users of the project update their
applications:
- HttpSessionIntegrationFilter has been removed. Use net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter instead.
Note you will need to set the mandatory "context" property to something like "net.sf.acegisecurity.context.security.SecureContextImpl".
It's not the default because we want no dependencies between the context package and the rest of Acegi Security.
- Filter ordering has changed. See the reference guide for confirmation of the correct ordering. Basically you should have
HttpSessionContextIntegrationFilter appear before any of your authentication mechanisms.
- IoC container hosted filter chains can now be used instead of lengthy web.xml declarations. See the reference guide or the
Contacts Sample for further information.
- Certain classes have been moved to new packages: ContextHolderAwareRequestWrapper (and its filter),
AuthenticationSimpleHttpInvokerRequestExecutor, ContextPropagatingRemoteInvocation,
SecureContext (and its implementation). These classes were moved as part of refactorings aimed at
improving the simplicity of the project's design.
- If you wish to use the new ConcurrentSessionController you must declare the HttpSessionEventPublisher context listener in your
web.xml
- The JaasAuthenticationCallbackHandler interface has had it's setAuthentication method removed.
The handle method now takes both the Callback and Authentication objects as arguments.
- Added AuthenticationException to the AutenticationEntryPoint.commence method signature.
- Added AccessDeniedException to the SecurityEncorcementFilter.sendAccessDeniedError method signature.
- The Authentication.getDetails() no longer returns simply the IP address used for authentication.
It now returns a WebAuthenticationDetails instance, which contains the IP address, session information,
and can be extended to store further details.
