Versions Compared

Old Version 5

changes.mady.by.user Stephen Turner

Saved on

compared with

New Version 6

changes.mady.by.user Stephen Turner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

b) References to the CSF Security Acegi XML configuration changed to the Spring XML configuration as described above.

2. Web Project Upgrade

This section describes the changes needed for a web project (e.g. iap-web).

2.1 The pom File

No changes were necessary - all dependency changes were taken care of by the changes to the Jar file project (csf-iap in my case).

2.2 Java Code

All references to Acegi classes were removed. For iap-web I was able to remove reference to Acegi or Spring security altogether by using our SecurityContextService interface instead. This interface provides an abstraction barrier between our code and the security subsystem (Acegi/Spring) and should be used instead of core Spring Security classes wherever possible.

...

2.3 XML Configuration Files

...

a) The security XML config file (applicationContext-iap-security.xml) needed an overhaul:

  1. Spring Security XML schema locations added to <beans> tag. In fact the whole XML file was modernized, removing the older DOCTYPE declaration.
  2. The filterChainProxy bean declaration was changed to the Spring Security format. 
  3. Converted filterSecurityInterceptor config to new format.
  4. All references to acegi classes were replaced by references to the equivalent Spring Security classes as described above.

...

2.4 JSP Tags

...

The <authz> tags have been replaced by <security> tags. In some cases, the tag interfaces have changed. e.g. e.g.:

Code Block

      <authz:authentication operation="username"/>

changes to

Code Block

      <security:authentication property="principal.username"/>

So in all JSPs, <auth> tags must change to <security> tags.

b) The authz.tld file was removed from the project.

c) In the taglibs.include file we replaced

Code Block

<%@taglib uri="/WEB-INF/authz.tld" prefix="authz" %>

with

Code Block

<%@taglib uri="http://www.springframework.org/security/tags" prefix="security" %>

...

2.5 web.xml

...

a) Spring container config - we now refer to classpath*:applicationContext-csf-security-spring.xml and  classpath*:applicationContext-csf-security-spring.xml

b) Spring Security config - replaced filter-name "acegi" with filter name "filterChainProxy",  class org.springframework.web.filter.DelegatingFilterProxy