论坛首页 Java企业应用论坛

升级spring security到3.1

浏览 4116 次
精华帖 (0) :: 良好帖 (0) :: 新手帖 (0) :: 隐藏帖 (0)
作者 正文
   发表时间:2012-04-04  
除了对3.0.7进行一次修补之外,spring security自3.0.5版本后就没有什么大动作,知道最近释出3.1版本,3.1版本有比较显著的新特征加入(从官方文档):

引用
Support for multiple http elements
Support for stateless authentication
DebugFilter provides additional debugging information
Improved Active Directory LDAP support (i.e. ActiveDirectoryLdapAuthenticationProvider)
Added Basic Crypto Module.
The namespace is fully documented in the reference appendix.
Added dependencies section to the reference appendix
Support HttpOnly Flag for Cookies in Servlet 3.0 environments
InMemoryUserDetailsManager provides in memory implementation of UserDetailsManager
Support for hasPermission expression on the authorize JSP tag
Support for disabling UI security (for testing purposes)
Support erasing credentials after successful authentication
Support clearing cookies on logout
Spring Security Google App Engine example application
Support for CAS proxy tickets
Support for arbitrary implementations of JAAS Configuration
Support nested switching of users for SwitchUserFilter


多http元素,以前配置文件就是一个http标签,现在可以是多个,更为灵活。而最终促使升级的动机在于stateless authentication,它对于rest风格的接口可以起到很好的保护作用,也可以说填补了一些空缺。

升级的过程没有太大问题,除了有些类已经从老版本中去除,例如org.springframework.security.web.util.AntUrlPathMatcher这个类已经被拿走。

升级后部署运行时发现有错误,一个是在配置文件中没有更改shema的版本号(原来是3.0):

http://www.springframework.org/schema/security 
						   http://www.springframework.org/schema/security/spring-security-3.1.xsd


另一个报错是:

The use of "filters='none'" is no longer supported.


原因是intercept url的配置在新版本不再被支持:

引用

<intercept-url pattern="/public/**/*" filters="none"/>


改为:

引用

<http pattern="/public/**/*" security="none"/>


这里配置就用到了一个新特性,即多个http元素。
论坛首页 Java企业应用版

跳转论坛:
Global site tag (gtag.js) - Google Analytics