引用
Support for multiple http elements
Support for stateless authentication
DebugFilter provides additional debugging information
Improved Active Directory LDAP support (i.e. ActiveDirectoryLdapAuthenticationProvider)
Added Basic Crypto Module.
The namespace is fully documented in the reference appendix.
Added dependencies section to the reference appendix
Support HttpOnly Flag for Cookies in Servlet 3.0 environments
InMemoryUserDetailsManager provides in memory implementation of UserDetailsManager
Support for hasPermission expression on the authorize JSP tag
Support for disabling UI security (for testing purposes)
Support erasing credentials after successful authentication
Support clearing cookies on logout
Spring Security Google App Engine example application
Support for CAS proxy tickets
Support for arbitrary implementations of JAAS Configuration
Support nested switching of users for SwitchUserFilter
Support for stateless authentication
DebugFilter provides additional debugging information
Improved Active Directory LDAP support (i.e. ActiveDirectoryLdapAuthenticationProvider)
Added Basic Crypto Module.
The namespace is fully documented in the reference appendix.
Added dependencies section to the reference appendix
Support HttpOnly Flag for Cookies in Servlet 3.0 environments
InMemoryUserDetailsManager provides in memory implementation of UserDetailsManager
Support for hasPermission expression on the authorize JSP tag
Support for disabling UI security (for testing purposes)
Support erasing credentials after successful authentication
Support clearing cookies on logout
Spring Security Google App Engine example application
Support for CAS proxy tickets
Support for arbitrary implementations of JAAS Configuration
Support nested switching of users for SwitchUserFilter
多http元素,以前配置文件就是一个http标签,现在可以是多个,更为灵活。而最终促使升级的动机在于stateless authentication,它对于rest风格的接口可以起到很好的保护作用,也可以说填补了一些空缺。
升级的过程没有太大问题,除了有些类已经从老版本中去除,例如org.springframework.security.web.util.AntUrlPathMatcher这个类已经被拿走。
升级后部署运行时发现有错误,一个是在配置文件中没有更改shema的版本号(原来是3.0):
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
另一个报错是:
The use of "filters='none'" is no longer supported.
原因是intercept url的配置在新版本不再被支持:
引用
<intercept-url pattern="/public/**/*" filters="none"/>
改为:
引用
<http pattern="/public/**/*" security="none"/>
这里配置就用到了一个新特性,即多个http元素。