Moving to Spring 3.0 was pretty seamless - drop in the new jars (don't forget aopalliance.jar) and you are good to go. My project works the same now as it did before, and now I can start using some of the new features!
The migration to Spring Security 3.0 took an hour or two work through.
Here are some of the small issues that I ran into: (these only take minutes to fix)
- Make sure you change your XSD references to reference the new 3.0 schema.
- There was some package refactoring, so several of my classes had to have import references fixed.
- <security:anonymous/> is really no longer needed.
- The getAuthorities method on the UserDetails interface now returns a Collection (rather than an array).
Make sure to include spring-security-config.jar
The only other issue that really bit me was an XML validation issue. I was using a customer authentication provider in my XML file that looked like this:
<security:authentication-provider ref="userDetailsService">
This was giving me the following validation error:
cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'security:authentication-provider'.
Luckily, someone else ran across the same issue, and I fixed it by wrapping my authentication-provider inside an authentication-manager:
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="userDetailsService"/>
</security:authentication-manager>