Migrating to Spring Security 3.1

With Spring Security 3.1.0.M2 having released, I thought let me give a shot upgrading to it.

For the purpose of the exercise, I have a maven web project which uses spring-security 3.0.5.

The first change to be made is in pom.xml - changing the version of dependency from 3.0.5.RELEASE to 3.1.0.M2.

This change itself will not make available the updated spring-security jars since the milestone releases are not available in maven central.

I had a tough time figuring out which repository to point to. When none worked, I downloaded the release and manually installed the required jars into my local maven repository.

Once this was done, I notice Eclipse giving an error for invalid spring-security xsd.

This was the second change to be made.

http://www.springframework.org/schema/security/spring-security-3.0.3.xsd

to

http://www.springframework.org/schema/security/spring-security-3.1.xsd

Once this was done, the xml file began to show validation errors.

My context file had the following:

<http auto-config='true'>
    <intercept-url pattern="/resources/**" filters="none"/>
    <intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
    <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <http-basic/>
</http>

fiters attribute is no longer supported in spring-security-3.1. It is now security="none".

This needs to be done in a separate <http> declaration. Spring security now supports multiple <http> declaration.

<http pattern="/resources/**" security="none"/>
<http auto-config='true'>
    <intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
    <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <http-basic/>
</http>

That is it. My application was now working with spring security 3.1

Comments

  1. This comment has been removed by the author.

    ReplyDelete
  2. <repository>
    <id>org.springframework.maven.milestone</id>
    <name>Maven Central Compatible Spring Milestone Repository</name>
    <url>http:// maven.springframework.org/milestone</url>
    </repository>

    ReplyDelete
  3. can you explain what jars have you changed in your pom.xml
    coz I get java.lang.ClassNotFoundException: org.springframework.security.taglibs.authz.AuthorizeTag

    ReplyDelete
  4. Hi,

    I'm also trying to integrate Spring Security 3.1 in my application but have the following problem. I am not logged in and I'm trying to access a secured page and instead of being redirected to the login page the app tries to access all resources on the page I requested. I have:










    What am I doing wrong?

    Thanks

    ReplyDelete
  5. Thanks, it was helpful.

    ReplyDelete

Post a Comment

Popular posts from this blog

Opening a safe deposit locker in SBI

Opening a Kannada Word document

Automating a cordova ios build