Spring Security Reference
please define title in your docbook file! 6
pattern security, EJB Container Managed Security and file system security respectively. Spring Security
provides deep capabilities in all of these important areas, which we’ll explore later in this reference guide.
1.2 History
Spring Security began in late 2003 as "The Acegi Security System for Spring". A question was posed
on the Spring Developers' mailing list asking whether there had been any consideration given to a
Spring-based security implementation. At the time the Spring community was relatively small (especially
compared with the size today!), and indeed Spring itself had only existed as a SourceForge project from
early 2003. The response to the question was that it was a worthwhile area, although a lack of time
currently prevented its exploration.
With that in mind, a simple security implementation was built and not released. A few weeks later another
member of the Spring community inquired about security, and at the time this code was offered to them.
Several other requests followed, and by January 2004 around twenty people were using the code. These
pioneering users were joined by others who suggested a SourceForge project was in order, which was
duly established in March 2004.
In those early days, the project didn’t have any of its own authentication modules. Container Managed
Security was relied upon for the authentication process, with Acegi Security instead focusing on
authorization. This was suitable at first, but as more and more users requested additional container
support, the fundamental limitation of container-specific authentication realm interfaces became clear.
There was also a related issue of adding new JARs to the container’s classpath, which was a common
source of end user confusion and misconfiguration.
Acegi Security-specific authentication services were subsequently introduced. Around a year later,
Acegi Security became an official Spring Framework subproject. The 1.0.0 final release was published in
May 2006 - after more than two and a half years of active use in numerous production software projects
and many hundreds of improvements and community contributions.
Acegi Security became an official Spring Portfolio project towards the end of 2007 and was rebranded
as "Spring Security".
Today Spring Security enjoys a strong and active open source community. There are thousands of
messages about Spring Security on the support forums. There is an active core of developers who work
on the code itself and an active community which also regularly share patches and support their peers.
1.3 Release Numbering
It is useful to understand how Spring Security release numbers work, as it will help you identify the effort
(or lack thereof) involved in migrating to future releases of the project. Each release uses a standard
triplet of integers: MAJOR.MINOR.PATCH. The intent is that MAJOR versions are incompatible, large-
scale upgrades of the API. MINOR versions should largely retain source and binary compatibility with
older minor versions, thought there may be some design changes and incompatible updates. PATCH
level should be perfectly compatible, forwards and backwards, with the possible exception of changes
which are to fix bugs and defects.
The extent to which you are affected by changes will depend on how tightly integrated your code is. If
you are doing a lot of customization you are more likely to be affected than if you are using a simple
namespace configuration.
You should always test your application thoroughly before rolling out a new version.
我的内容管理
展开
