github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Created Spring Security Update in 1.1.10 (markdown)

master
Justin Richer 2014-08-24 18:49:50 -07:00
parent b652a7b276
commit 5407a26082
1 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
Spring-Security-Update-in-1.1.10.md Normal file

@ -0,0 +1,46 @@
## Why update?
While we try to avoid major library changes in patch releases, one of our upstream libraries, Spring Security OAuth, has pushed an important release that depends directly on newer versions of Spring and Spring Security, two other major underlying libraries. The Spring version dependency is now a new major version, `4.0`, which we have decided is too much of a jump for a patch release. We have masked out this dependency for now and will instead wait for the `1.2` development branch of MITREid Connect to switch to (see #657). Some testing has been done on running our libraries against Spring 4.0 and while success has been reported, we do not want to force all of our developers to move to a new major revision. The Spring Security release is more minor, from `3.1.4` to `3.2.3`, and it should cause only minor headaches for existing developers on the 1.1 series of releases. As such, we have decided to **update to Spring Security ``3.2.3``** effective in MITREid Connect release `1.1.10`.
The core project has been updated (see #656) but if you're building a custom server or client there are some things you'll need to do to make things work again.
## Updating Spring Security Versions
If you're using servers based on the example-server-overlay project or clients based on the simple-web-app project, you will want to change the `spring-security-version` tag in your `pom.xml` file from this:
```xml
<properties>
...
<spring.security.version>3.1.4.RELEASE</spring.security.version>
...
</properties>
```
to this:
```xml
<properties>
...
<spring.security.version>3.2.3.RELEASE</spring.security.version>
...
</properties>
```
If you are managing your dependencies in other ways, you will need to change your spring security release to this version yourself.
## Updating Bean Definition Files
Bean definition files such as `applicationContext.xml` or `servlet-context.xml` that reference the Spring Security namespace will need to be updated to point to the Spring Security 3.2 schema. In all bean definition files, find the schema location definition URL and change it from this:
```xml
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
```
to this:
```xml
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
```
Note that this must be done for **all** bean definition files.