You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Steve's Guide to Upgrading from Acegi to Spring Security

This document is a guide for upgrading an Education Systems app from Acegi Security to Spring Security, based on the IAP application upgrade. There are two parts, one for the jar-file project upgrade and one for the web app upgrade.

1. Jar File Project Upgrade

By "jar file project " I mean a project that is not a web application - for example, the csf-iap project.

1.1 The pom file

Under the "csf-security" dependency, remove the exclusions for Spring Security and add an exclusion for Acegi. The Aegi exclusion looks like this:

<exclusion>
    <artifactId>acegi-security</artifactId>
    <groupId>org.acegisecurity</groupId>
</exclusion>

The CSF Security module includes dependencies for Spring Security, so there is no need to include them in your project.

1.2 Java Code

a) The following Java files made reference to Acegi classes (e.g. SecurityContextHolder):

  1. IapActivityServiceImpl.java
  2. IapPublishServiceImpl.java
  3. IapSecurityServiceImpl.java

In most cases, these were upgraded by changing the import statements' package names. e.g:

org.acegisecurity.context.SecurityContextHolder changes to org.springframework.security.core.context.SecurityContextHolder

Eclipse handled these changes nicely - I did a global search in the Java code for "acegi", deleted any imports that referenced org.acegisecurity package names,and then used Eclipse's "Organize Imports" feature to pull in the correct Spring Security imports.

b) Some interfaces have changed slightly with Spring Security - in particular, rather than the Acegi practice of using arrays, Spring Security uses Collections.

Steve's Guide to Upgrading from Acegi to Spring Security

This document is a guide for upgrading an Education Systems app from Acegi Security to Spring Security, based on the IAP application upgrade. There are two parts, one for the jar-file project upgrade and one for the web app upgrade.

1. Jar File Project Upgrade

By "jar file project " I mean a project that is not a web application - for example, the csf-iap project.

1.1 The pom file

Under the "csf-security" dependency, remove the exclusions for Spring Security and add an exclusion for Acegi. The Aegi exclusion looks like this:<exclusion>
<artifactId>acegi-security</artifactId>
<groupId>org.acegisecurity</groupId>
</exclusion>

The CSF Security module includes dependencies for Spring Security, so there is no need to include them in your project.

1.2 Java Code

a) All references to acegi classes were replaced by references to Spring Security classes. In most cases, these were upgraded by changing the import statements' package names. e.g:

org.acegisecurity.context.SecurityContextHolder changes to org.springframework.security.core.context.SecurityContextHolder

Eclipse handled these changes nicely - I did a global search in the Java code for "acegi", deleted any imports that referenced org.acegisecurity package names,and then used Eclipse's "Organize Imports" feature to pull in the correct Spring Security imports.

b) Some interfaces have changed slightly with Spring Security - in particular, rather than the Acegi practice of using arrays, Spring Security uses Collections. This requires some code changes (e.g. we now use size() to determine how many elements are in the collection rather than length()).

c) Some class names changed between Spring Sec 2.0 & 3.0. These are documented here: http://git.springsource.org/~rwinch/spring-security/rwinchs-spring-security/blobs/3.0.x/class_mapping_from_2.0.x.txt

An example is BasicProcessingFilter which was renamed to BasicAuthenticationFilter.

d) References to the Acegi portion of CSF Security changed to the Spring Security portion of CSF, e.g.:

edu.mit.csf.security.acegi.MitGrantedAuthority changes to edu.mit.csf.security.spring.MitGrantedAuthority.

e) References to the CSF Security Acegi XML configuration changed to the Spring XML configuration:

applicationContext-csf-security-acegi.xml changes to applicationContext-csf-security-spring.xml.

1.3 XML Configuration Files

Some of the csf-iap XML files used to configure Spring had Acegi references which needed to be updated:

a) All references to acegi classes were replaced by references to the equivalent Spring Security classes as described above.

b) References to the CSF Security Acegi XML configuration changed to the Spring XML configuration as described above.

  • No labels