Resin 4.0 Upgrade
From Resin 3.0
Contents |
Mandatory (non-backward compat)
There are some changes to the Resin 4.0 configuration that require updates when upgrading:
- resin:type and resin:class are no longer valid
- security ServletAuthenticators may need to be rewritten
resin:type and resin:class
In Resin 4.0, the Java CanDI (Dependency Injection) syntax replaces the old resin:type syntax for specifying custom configuration classes. The CanDI syntax uses an XML namespace containing the package and an XML local name with the class. For example:
Resin 4.0 custom AccessLog
<access-log> <foo:MyLog xmlns:foo="urn:java:com.foo" path="..." rollover-period="..."> <foo:param>my-param</foo:param> </foo:MyLog> </access-log>
old (invalid) custom AccessLog
<access-log resin:type="com.foo.MyLog" path="..." rollover-period="..."> <init param="my-param"/> </access-log>
com.caucho.security.AbstractAuthenticator
Resin 4.0 changes the custom authenticator API using com.caucho.security.AbstractAuthenticator. Most users of custom authenticators will need to rewrite to the new API. There is a backwards compatibility adapter class com.caucho.server.security.AbstractAuthenticator, but the internal changes are sufficiently large that the adapter may not be sufficient.
The Resin 4.0 change more cleanly splits authentication from login.
- authentication returns a Principal from a username and Credentials
- login extracts authentication from a HTTP requests
So the Authenticator no longer knows anything about ServletRequest or ServletResponse, only the basic authentication data. If you need to access the ServletRequest or ServletResponse, you will need to write a custom Login instead. Applications which relied on the extra ServletRequest information in their authenticators may need to be refactored.