I am having a project which uses Spring framework(migrated from 2.0 to 3.0.7) and Spring security 2.0. And I want to use Spring security 3.0.7. I have used MessageDigestPasswordEncoder, SecurityContextHolder. But now I've added Spring security 3.0.7 jar files to my project but it is showing some compilation issues to above classes.
I need help for migration.
Thanks in advance.
Related
I have a web application NOT implemented on Spring Boot or Spring itself. It has no Spring whatsoever, it was made using RESTEasy running on Tomcat.
I'm supposed to add ADFS authentication to this web application through the use of Spring's Security SAML Extension.
I've seen a lot of projects online that implement this feature but all of them use Spring Boot or run on Spring. At the same time I've seen mentions of being able to implement Spring SAML without having a Spring project. So I'm a little confused now.
Is this feat achievable?
If so, could you guide me on how to do it?
Which Maven dependencies do I need exactly?
Which web.xml configs do I need?
Which Beans do I need to implement?
Thank you in advance.
I have an existing spring mvc project where I'm using spring 4.3.23.RELEASE version with spring security 4.2.13.RELEASE.
Now I want to upgrade the spring version 5.2.8.RELEASE. I don't identify which spring-security version is compatible with Spring 5.2.8.RELEASE version?
Generally speaking, the Spring Security Reference manual will answer this. For example, the manual for the Spring Security 5.2.5 RELEASE says:
Spring Security builds against Spring Framework 5.2.6.RELEASE but should generally work with any newer version of Spring Framework 5.x.
(The next release of Spring Security after 5.2.5 is 5.3.0.)
So I would expect Spring Security 5.2.5 would work with Spring Framework 5.2.8.
The Spring Security Reference manual also advises you to use "spring-framework-bom" to simplify dependency management. The idea is that you select a specific "bom" version and that gives you a set of compatible versions numbers for any of the Spring components that you use.
Spring documentation is the best source, but in case you are still unclear then the following approach can be taken.
As Spring Security depends on Spring Framework, one can look at the dependency tree of Spring Security to identify the compatible version of Spring Framework.
Now this can take some iterations but in the end one would get an accurate result.
Refer to the compile dependencies section in the maven repository page
I was tasked to assign to modify an application with RBAC(Role Based access control) for a project which uses an older spring mvc version 3.0.5.
We plan to integrate spring security for this task.
The question is, are there any older version of spring security we can use
that is compatible with the spring mvc we have?
Last Spring Security-3.1.0 supports spring 3.0.6. This version of spring security should work fine for your project.
Although your version should work fine with this version of spring security if you want you can do a minor version upgrade of spring. You can find the changelogs here https://spring.io/blog/2011/08/24/spring-3-0-6-is-now-available
And documentation for this version of the library can be found at this link spring-security-3.0.7-docs
But, please be cautious, it's not recommended to use older versions of security-related libraries since they might have known vulnerabilities.
I have a fully developed spring project, I am using spring security version 3.2.10 it is working fine with thymeleaf 2, I want to know whether thymeleaf 3.0.6 supports or fully compatible with spring security 3.2.10 version.
I googled so much but I didn't got answer for my doubt.Please someone help me whether thymeleaf 3.0.6 completely compatible with spring security 3.2.10 and I don't want to change or upgrade the spring security 3.2.10 version.
When I include spring-boot in my project, it has predefined versions of other spring components. eg: spring-boot 1.3.5 with spring-boot-starter-web automatically includes spring-mvc 4.2.6. if I want to use some features from webmvc 4.3, how can i know they are compatible? is there any compatibility matrix? or should i just treat it as a single release and never change versions?
Spring Boot will work the best for you if you don't try to resist defaults (of course change them only if necessary). You can include Spring 4.3 into Spring boot 1.3.x project, but I guess you will encounter various issues.
Version 1.4.0 will include Spring 4.3. Spring Boot 1.4.0 is on Milestone 3 currently.
BTW,
compatibility version for spring boot
1.5x: https://docs.spring.io/spring-boot/docs/1.5.x/reference/html/appendix-dependency-versions.html
and for spring boot 2.0x:
https://docs.spring.io/spring-boot/docs/2.0.x/reference/html/appendix-dependency-versions.html