SEC-1148: Simple classname mapping from 2.0 to 3.0

Author: tekul

class_mapping_from_2.0.x.txt

@@ -0,0 +1,57 @@
+Class Mapping from 2.0.x to 3.0.x
+------------------------------------
+
+Approximate mapping of classes which have new names, or new implementations in 3.0. These may not be a 
+straightforward replacement, but the listed classes and interfaces from 3.0 will give some indication of where to
+look in the APIs when upgrading.
+
+AbstractProcessingFilter, AbstractAuthenticationProcessingFilter
+AbstractFallbackMethodDefinitionSource, AbstractFallbackMethodSecurityMetadataSource
+AnonymousProcessingFilter, AnonymousAuthenticationFilter
+AuthenticationFailureConcurrentLoginEvent
+AuthenticationProcessingFilter, UsernamePasswordAuthenticationFilter
+AuthenticationProcessingFilterEntryPoint, LoginUrlAuthenticationEntryPoint
+
+BasicProcessingFilter, BasicAuthenticationFilter
+BasicProcessingFilterEntryPoint, BasicAuthenticationEntryPoint
+
+CasProcessingFilter, CasAuthenticationFilter
+CasProcessingFilterEntryPoint, CasAuthenticationEntryPoint
+ConcurrentSessionController, ConcurrentSessionControlStrategy (Now implemented through the SessionManagementFilter)
+ConfigAttributeDefinition, Collection<ConfigAttribute>
+
+DefaultFilterInvocationDefinitionSource, DefaultFilterInvocationSecurityMetadataSource
+DigestProcessingFilter, DigestAuthenticationFilter
+DigestProcessingFilterEntryPoint, DigestAuthenticationEntryPoint
+
+FilterInvocationDefinitionSource, FilterInvocationSecurityMetadataSource
+
+HttpSessionContextIntegrationFilter, SecurityContextPersistenceFilter (see also SecurityContextRepository)
+
+Jsr250MethodDefinitionSource, Jsr250MethodSecurityMetadataSource
+
+MapBasedMethodDefinitionSource, MapBasedMethodSecurityMetadataSource
+MethodDefinitionAttributes
+MethodDefinitionSource, MethodSecurityMetadataSource
+MethodDefinitionSourceAdvisor, MethodSecurityMetadataSourceAdvisor
+MethodDefinitionSourceEditor, MethodSecurityMetadataSourceEditor
+
+ObjectDefinitionSource SecurityMetadataSource
+OpenIDAuthenticationProcessingFilter, OpenIDAuthenticationFilter
+
+RedirectUtils, DefaultRedirectStrategy
+RememberMeProcessingFilter, RememberMeAuthenticationFilter
+RequestHeaderPreAuthenticatedProcessingFilter, RequestHeaderAuthenticationFilter
+
+SecuredMethodDefinitionSource, SecuredAnnotationSecurityMetadataSource
+SessionFixationProtectionFilter, SessionManagementFilter (See also SessionAuthenticationStrategy, SessionFixationProtectionStrategy)
+SpringSecurityContextSource, LdapContextSource (from Spring LDAP 1.3, which introduced the ability to bind as a specific user)
+SwitchUserFilter, SwitchUserProcessingFilter
+
+TargetUrlResolver, AuthenticationSuccessHandler (see also AuthenticationFailureHandler)
+TargetUrlResolverImpl, SavedRequestAwareAuthenticationSuccessHandler (see also SimpleUrlAuthenticationSuccessHandler)
+
+WASSecurityHelper, DefaultWASUsernameAndGroupsExtractor
+
+X509PreAuthenticatedProcessingFilter, X509AuthenticationFilter
+

docs/manual/src/docbook/appendix-namespace.xml

@@ -11,7 +11,12 @@
       xlink:href="#ns-config">introductory chapter</link> on namespace configuration, as this is
     intended as a supplement to the information there. Using a good quality XML editor while editing
     a configuration based on the schema is recommended as this will provide contextual information
-    on which elements and attributes are available as well as comments explaining their purpose. </para>
+    on which elements and attributes are available as well as comments explaining their purpose. The
+    namespace is captured in <link xlink:href="http://www.relaxng.org/">RELAX NG</link> Compact
+    format and later converted into an XSD schema. If you are familiar with this format, you may
+    wish to examine the <link
+      xlink:href="https://src.springsource.org/svn/spring-security/trunk/config/src/main/resources/org/springframework/security/config/spring-security-3.0.rnc"
+      >schema file</link>.</para>
   <section xml:id="nsa-http">
     <title>Web Application Security - the <literal>&lt;http&gt;</literal> Element</title>
     <para> The <literal>&lt;http&gt;</literal> element encapsulates the security configuration for
@@ -488,8 +493,8 @@
         configuration as web security, but this can be overridden as explained above <xref
           xlink:href="#nsa-access-decision-manager-ref"/>, using the same attribute. </para>
       <section>
-        <title>The <literal>secured-annotations</literal> and
-            <literal>jsr250-annotations</literal> Attributes</title>
+        <title>The <literal>secured-annotations</literal> and <literal>jsr250-annotations</literal>
+          Attributes</title>
         <para> Setting these to "true" will enable support for Spring Security's own
             <literal>@Secured</literal> annotations and JSR-250 annotations, respectively. They are
           both disabled by default. Use of JSR-250 annotations also adds a

docs/manual/src/docbook/introduction.xml

@@ -164,13 +164,13 @@
     </section>
     <section xml:id="history">
         <title>History</title>
-        <para>Spring Security began in late 2003 as "The Acegi Security System for Spring". A
-            question was posed on the Spring Developers' mailing list asking whether there had been
-            any consideration given to a Spring-based security implementation. At the time the
-            Spring community was relatively small (especially by today's size!), and indeed Spring
-            itself had only existed as a SourceForge project from early 2003. The response to the
-            question was that it was a worthwhile area, although a lack of time currently prevented
-            its exploration.</para>
+        <para>Spring Security began in late 2003 as <quote>The Acegi Security System for
+                Spring</quote>. A question was posed on the Spring Developers' mailing list asking
+            whether there had been any consideration given to a Spring-based security
+            implementation. At the time the Spring community was relatively small (especially
+            compared with the size today!), and indeed Spring itself had only existed as a
+            SourceForge project from early 2003. The response to the question was that it was a
+            worthwhile area, although a lack of time currently prevented its exploration.</para>
         <para>With that in mind, a simple security implementation was built and not released. A few
             weeks later another member of the Spring community inquired about security, and at the
             time this code was offered to them. Several other requests followed, and by January 2004