Dec 23rd, 2009, 08:59 AM
Spring Security 3.0.0 Released
We're pleased to announce the Spring Security 3.0.0 final release. It is available from the SpringSource downloads area and from the Maven central repository.
Thanks to everyone in the community who's helped by kicking the tyres of the milestones and release candidates and providing feedback.
Check out the changelog to find out what's in the final release. Its probably worth browsing previous 3.0.x issues too if this is the first time you've tried one of the series.
There are a number of areas where functionality has changed since 2.0
- All namespace configurations must now include the <authentication-manager> element in order to instantiate the AuthenticationManager (it is no longer created internally).
- Namespace elements which create an AuthenticationProvider instance must be declared as children of the <authentication-manager>.
- The use of <custom-authentication-provider> has been dropped. Use <authentication-provider ref='yourProviderBeanName'> as a child of the <authentication-manager> element.
- <custom-filter> should no longer be used to decorate filter beans, but used with a ref="yourFilterBean" attribute as a child of the <http> block.
- <custom-after-invocation-provider> declarations should be replaced by <after-invocation-provider ref='yourProviderBeanName'>
within the <global-method-security> element.
- Changes to concurrent session control syntax https://jira.springsource.org/browse/SEC-1229. (see the reference manual for full details)
- Changes in authentication filter names https://jira.springsource.org/browse/SEC-1259.
If you encounter problems, please check the reference manual and sample applications which have all been updated to reflect these changes.
The project packaging and jars have also been changed in version 3.0. This blog entry on the M1 release contains more information.
We hope you enjoy the release.