From 5407a260828f50f43cb8e5a185cf36112db1251f Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Sun, 24 Aug 2014 18:49:50 -0700 Subject: [PATCH] Created Spring Security Update in 1.1.10 (markdown) --- Spring-Security-Update-in-1.1.10.md | 46 +++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 Spring-Security-Update-in-1.1.10.md diff --git a/Spring-Security-Update-in-1.1.10.md b/Spring-Security-Update-in-1.1.10.md new file mode 100644 index 0000000..1dba635 --- /dev/null +++ b/Spring-Security-Update-in-1.1.10.md @@ -0,0 +1,46 @@ +## Why update? + +While we try to avoid major library changes in patch releases, one of our upstream libraries, Spring Security OAuth, has pushed an important release that depends directly on newer versions of Spring and Spring Security, two other major underlying libraries. The Spring version dependency is now a new major version, `4.0`, which we have decided is too much of a jump for a patch release. We have masked out this dependency for now and will instead wait for the `1.2` development branch of MITREid Connect to switch to (see #657). Some testing has been done on running our libraries against Spring 4.0 and while success has been reported, we do not want to force all of our developers to move to a new major revision. The Spring Security release is more minor, from `3.1.4` to `3.2.3`, and it should cause only minor headaches for existing developers on the 1.1 series of releases. As such, we have decided to **update to Spring Security ``3.2.3``** effective in MITREid Connect release `1.1.10`. + +The core project has been updated (see #656) but if you're building a custom server or client there are some things you'll need to do to make things work again. + +## Updating Spring Security Versions + +If you're using servers based on the example-server-overlay project or clients based on the simple-web-app project, you will want to change the `spring-security-version` tag in your `pom.xml` file from this: + +```xml + + ... + 3.1.4.RELEASE + ... + +``` + +to this: + + +```xml + + ... + 3.2.3.RELEASE + ... + +``` + +If you are managing your dependencies in other ways, you will need to change your spring security release to this version yourself. + +## Updating Bean Definition Files + +Bean definition files such as `applicationContext.xml` or `servlet-context.xml` that reference the Spring Security namespace will need to be updated to point to the Spring Security 3.2 schema. In all bean definition files, find the schema location definition URL and change it from this: + +```xml + http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd +``` + +to this: + +```xml + http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd +``` + +Note that this must be done for **all** bean definition files. \ No newline at end of file