Details
-
Type:
Enhancement
-
Status:
Resolved
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 1.8.13
-
Fix Version/s: 1.11.0
-
Component/s: Architecture
-
Security Level: Default (Default Security Scheme)
-
Labels:
Description
We need to upgrade to Spring Security 3.X for several reasons:
- Eventually, Spring will fail to support 2.X and we will not be able to upgrade Spring's core code without breaking compatibility.
- We have several users who want to take advantage of new features in 3.X to simplify their security setup with LDAP and Kerberos authentication/authorization.
There are API changes between the versions that mean that the upgrade is not a drop-in replacement and the testing overhead to make sure that each authentication method works properly is not trivial. However, this needs to be done sooner than later in the 1.11 branch.
- Eventually, Spring will fail to support 2.X and we will not be able to upgrade Spring's core code without breaking compatibility.
- We have several users who want to take advantage of new features in 3.X to simplify their security setup with LDAP and Kerberos authentication/authorization.
There are API changes between the versions that mean that the upgrade is not a drop-in replacement and the testing overhead to make sure that each authentication method works properly is not trivial. However, this needs to be done sooner than later in the 1.11 branch.
