Resin 4.0 Upgrade

From Resin 3.0

Jump to: navigation, search



While most users can use Resin 4.0 with no changes from their 3.1 configuration files, sites which heavily customize classes and security may require some resin.xml changes and possibly API changes. The "mandatory" section of this page describes the changes that may be necessary to upgrade from Resin 3.1.

Users upgrading to Resin 4.0 from Resin 3.0 and earlier will need to make some larger changes to match Resin 4.0's clustering and watchdog support.

In addition to the mandatory changes, Resin 4.0 includes a much larger set of recommended changes, based on the new Java Dependency Injection specification. In places where Resin 3.x invented its own custom IoC/DI configuration, we recommend updating to the new Java Injection standard. This change affects the following configuration items:

  • declarative security, e.g. <resin:XmlAuthenticator> replaces <authenticator>
  • rewrite, e.g. <resin:Redirect> replaces <redirect>
  • custom beans, e.g. myfoo:MyBean replaces <bean>
  • JMS resources, e.g. <resin:MemoryQueue> replaces <jms-queue>
  • scheduled task, e.g. <resin:ScheduledTask> replaces <scheduled-task>

Mandatory Resin 3.1 to Resin 4.0 changes

There are some changes to the Resin 4.0 configuration that require updates when upgrading:

  1. resin:type and resin:class are no longer valid
  2. security ServletAuthenticators may need to be rewritten

resin:type and resin:class

In Resin 4.0, the Java CanDI (Dependency Injection) syntax replaces the old resin:type syntax for specifying custom configuration classes. The CanDI syntax uses an XML namespace containing the package and an XML local name with the class. For example:

Resin 4.0 custom AccessLog

    <foo:MyLog xmlns:foo=""

old (invalid) custom AccessLog

 <access-log resin:type=""
      <init param="my-param"/>

Resin 4.0 changes the custom authenticator API using Most users of custom authenticators will need to rewrite to the new API. There is a backwards compatibility adapter class, but the internal changes are sufficiently large that the adapter may not be sufficient.

The Resin 4.0 change more cleanly splits authentication from login.

  • authentication returns a Principal from a username and Credentials
  • login extracts authentication from a HTTP requests

So the Authenticator no longer knows anything about ServletRequest or ServletResponse, only the basic authentication data. If you need to access the ServletRequest or ServletResponse, you will need to write a custom Login instead. Applications which relied on the extra ServletRequest information in their authenticators may need to be refactored.

Personal tools