|
|
|
@@ -135,8 +135,165 @@ You should always test your application thoroughly before rolling out a new vers
|
|
|
|
|
|
|
|
|
|
[[get-spring-security]]
|
|
|
|
|
=== Getting Spring Security
|
|
|
|
|
You can get hold of Spring Security in several ways. You can download a packaged distribution from the main Spring http://www.springsource.com/download/community?project=Spring%20Security[download page], download individual jars (and sample WAR files) from the Maven Central repository (or a SpringSource Maven repository for snapshot and milestone releases) or, alternatively, you can build the project from source yourself. See the project web site for more details.
|
|
|
|
|
You can get hold of Spring Security in several ways. You can download a packaged distribution from the main http://spring.io/spring-security[Spring Security] page, download individual jars from the Maven Central repository (or a SpringSource Maven repository for snapshot and milestone releases) or, alternatively, you can build the project from source yourself.
|
|
|
|
|
|
|
|
|
|
[[maven]]
|
|
|
|
|
==== Usage with Maven
|
|
|
|
|
|
|
|
|
|
A minimal Spring Security Maven set of dependencies typically looks like the following:
|
|
|
|
|
|
|
|
|
|
.pom.xml
|
|
|
|
|
[source,xml]
|
|
|
|
|
[subs="verbatim,attributes"]
|
|
|
|
|
----
|
|
|
|
|
<dependencies>
|
|
|
|
|
<!-- ... other dependency elements ... -->
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>org.springframework.security</groupId>
|
|
|
|
|
<artifactId>spring-security-web</artifactId>
|
|
|
|
|
<version>{spring-security-version}</version>
|
|
|
|
|
</dependency>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>org.springframework.security</groupId>
|
|
|
|
|
<artifactId>spring-security-config</artifactId>
|
|
|
|
|
<version>{spring-security-version}</version>
|
|
|
|
|
</dependency>
|
|
|
|
|
</dependencies>
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
If you are using additional features like LDAP, OpenID, etc. you will need to also include the appropriate <<modules>>.
|
|
|
|
|
|
|
|
|
|
[[maven-repositories]]
|
|
|
|
|
===== Maven Repositories
|
|
|
|
|
All GA releases (i.e. versions ending in .RELEASE) are deployed to Maven Central, so no additional Maven repositories need to be declared in your pom.
|
|
|
|
|
|
|
|
|
|
If you are using a SNAPSHOT version, you will need to ensure you have the Spring Snapshot repository defined as shown below:
|
|
|
|
|
|
|
|
|
|
.pom.xml
|
|
|
|
|
[source,xml]
|
|
|
|
|
----
|
|
|
|
|
<repositories>
|
|
|
|
|
<!-- ... possibly other repository elements ... -->
|
|
|
|
|
<repository>
|
|
|
|
|
<id>spring-snapshot</id>
|
|
|
|
|
<name>Spring Snapshot Repository</name>
|
|
|
|
|
<url>http://repo.springsource.org/snapshot</url>
|
|
|
|
|
</repository>
|
|
|
|
|
</repositories>
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
If you are using a milestone or release candidate version, you will need to ensure you have the Spring Milestone repository defined as shown below:
|
|
|
|
|
|
|
|
|
|
.pom.xml
|
|
|
|
|
[source,xml]
|
|
|
|
|
----
|
|
|
|
|
<repositories>
|
|
|
|
|
<!-- ... possibly other repository elements ... -->
|
|
|
|
|
<repository>
|
|
|
|
|
<id>spring-milestone</id>
|
|
|
|
|
<name>Spring Milestone Repository</name>
|
|
|
|
|
<url>http://repo.springsource.org/milestone</url>
|
|
|
|
|
</repository>
|
|
|
|
|
</repositories>
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
[[maven-bom]]
|
|
|
|
|
===== Using Spring 4 and Maven
|
|
|
|
|
|
|
|
|
|
Spring Security builds against Spring Framework {spring-version}, but is also tested against Spring Framework {spring4-version}. This means you can use Spring Security {spring-security-version} with Spring Framework {spring4-version}. The problem that many users will have is that Spring Security's transitive dependencies resolve Spring Framework {spring-version} causing all sorts of strange classpath problems.
|
|
|
|
|
|
|
|
|
|
One (tedious) way to circumvent this issue would be to include all the Spring Framework modules in a http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Management[<dependencyManagement>] section of your pom. An alternative approach is to include the `spring-framework-bom` within your `<dependencyManagement>` section of your `pom.xml` as shown below:
|
|
|
|
|
|
|
|
|
|
.pom.xml
|
|
|
|
|
[source,xml]
|
|
|
|
|
[subs="verbatim,attributes"]
|
|
|
|
|
----
|
|
|
|
|
<dependencyManagement>
|
|
|
|
|
<dependencies>
|
|
|
|
|
<dependency>
|
|
|
|
|
<groupId>org.springframework</groupId>
|
|
|
|
|
<artifactId>spring-framework-bom</artifactId>
|
|
|
|
|
<version>{spring4-version}</version>
|
|
|
|
|
<type>pom</type>
|
|
|
|
|
<scope>import</scope>
|
|
|
|
|
</dependency>
|
|
|
|
|
</dependencies>
|
|
|
|
|
</dependencyManagement>
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
This will ensure that all the transitive dependencies of Spring Security use the Spring {spring4-version} modules.
|
|
|
|
|
|
|
|
|
|
NOTE: This approach uses Maven's "bill of materials" (BOM) concept and is only available in Maven 2.0.9+. For additional details about how dependencies are resolved refer to http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html[Maven's Introduction to the Dependency Mechanism documentation].
|
|
|
|
|
|
|
|
|
|
[[gradle]]
|
|
|
|
|
==== Gradle
|
|
|
|
|
A minimal Spring Security Gradle set of dependencies typically looks like the following:
|
|
|
|
|
|
|
|
|
|
.build.gradle
|
|
|
|
|
[source,groovy]
|
|
|
|
|
[subs="verbatim,attributes"]
|
|
|
|
|
----
|
|
|
|
|
dependencies {
|
|
|
|
|
compile 'org.springframework.security:spring-security-web:{spring-security-version}'
|
|
|
|
|
compile 'org.springframework.security:spring-security-config:{spring-security-version}'
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
If you are using additional features like LDAP, OpenID, etc. you will need to also include the appropriate <<modules>>.
|
|
|
|
|
|
|
|
|
|
[[gradle-repositories]]
|
|
|
|
|
===== Gradle Repositories
|
|
|
|
|
All GA releases (i.e. versions ending in .RELEASE) are deployed to Maven Central, so using the mavenCentral() repository is sufficient for GA releases.
|
|
|
|
|
|
|
|
|
|
.build.gradle
|
|
|
|
|
[source,groovy]
|
|
|
|
|
----
|
|
|
|
|
repositories {
|
|
|
|
|
mavenCentral()
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
If you are using a SNAPSHOT version, you will need to ensure you have the Spring Snapshot repository defined as shown below:
|
|
|
|
|
|
|
|
|
|
.build.gradle
|
|
|
|
|
[source,groovy]
|
|
|
|
|
----
|
|
|
|
|
repositories {
|
|
|
|
|
maven { url 'https://repo.spring.io/snapshot' }
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
If you are using a milestone or release candidate version, you will need to ensure you have the Spring Milestone repository defined as shown below:
|
|
|
|
|
|
|
|
|
|
.build.gradle
|
|
|
|
|
[source,groovy]
|
|
|
|
|
----
|
|
|
|
|
repositories {
|
|
|
|
|
maven { url 'https://repo.spring.io/milestone' }
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
[[gradle-resolutionStrategy]]
|
|
|
|
|
===== Using Spring 4 and Gradle
|
|
|
|
|
|
|
|
|
|
By default Gradle will use the newest version when resolving transitive versions. This means that often times no additional work is necessary when running Spring Security {spring-security-version} with Spring Framework {spring4-version}. However, at times there can be issues that come up so it is best to mitigate this using http://www.gradle.org/docs/current/dsl/org.gradle.api.artifacts.ResolutionStrategy.html[Gradle's ResolutionStrategy] as shown below:
|
|
|
|
|
|
|
|
|
|
.build.gradle
|
|
|
|
|
[source,groovy]
|
|
|
|
|
[subs="verbatim,attributes"]
|
|
|
|
|
----
|
|
|
|
|
configurations.spring4TestRuntime {
|
|
|
|
|
resolutionStrategy.eachDependency { DependencyResolveDetails details ->
|
|
|
|
|
if (details.requested.group == 'org.springframework') {
|
|
|
|
|
details.useVersion {spring4-version}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
This will ensure that all the transitive dependencies of Spring Security use the Spring {spring4-version} modules.
|
|
|
|
|
|
|
|
|
|
NOTE: This example uses Gradle 1.9, but may need modifications to work in future versions of Gradle since this is an incubating feature within Gradle.
|
|
|
|
|
|
|
|
|
|
[[modules]]
|
|
|
|
|
==== Project Modules
|
|
|
|
|
Rob Winch