Details
-
Type:
Enhancement
-
Status:
Resolved
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 1.8.13
-
Fix Version/s: 1.11.0
-
Component/s: Architecture
-
Security Level: Default (Default Security Scheme)
-
Labels:
Description
We need to upgrade to Spring Security 3.X for several reasons:
- Eventually, Spring will fail to support 2.X and we will not be able to upgrade Spring's core code without breaking compatibility.
- We have several users who want to take advantage of new features in 3.X to simplify their security setup with LDAP and Kerberos authentication/authorization.
There are API changes between the versions that mean that the upgrade is not a drop-in replacement and the testing overhead to make sure that each authentication method works properly is not trivial. However, this needs to be done sooner than later in the 1.11 branch.
- Eventually, Spring will fail to support 2.X and we will not be able to upgrade Spring's core code without breaking compatibility.
- We have several users who want to take advantage of new features in 3.X to simplify their security setup with LDAP and Kerberos authentication/authorization.
There are API changes between the versions that mean that the upgrade is not a drop-in replacement and the testing overhead to make sure that each authentication method works properly is not trivial. However, this needs to be done sooner than later in the 1.11 branch.
It sounds like DJ might have made some significant progress on this so I'll reassign this to him.