Resin 4.0 Upgrade
From Resin 3.0
(New page: == Mandatory (non-backward compat) == There are some changes to the Resin 4.0 configuration that require updates when upgrading: # resin:type and resin:class are no longer valid # securi...) |
|||
| Line 10: | Line 10: | ||
In Resin 4.0, the Java CanDI (Dependency Injection) syntax replaces the old resin:type syntax for specifying custom configuration classes. The CanDI syntax uses an XML namespace containing the package and an XML local name with the class. For example: | In Resin 4.0, the Java CanDI (Dependency Injection) syntax replaces the old resin:type syntax for specifying custom configuration classes. The CanDI syntax uses an XML namespace containing the package and an XML local name with the class. For example: | ||
| − | ==== custom AccessLog ==== | + | ==== Resin 4.0 custom AccessLog ==== |
<access-log> | <access-log> | ||
| Line 27: | Line 27: | ||
<init param="my-param"/> | <init param="my-param"/> | ||
</access-log> | </access-log> | ||
| + | |||
| + | === com.caucho.security.AbstractAuthenticator === | ||
| + | |||
| + | Resin 4.0 changes the custom authenticator API using com.caucho.security.AbstractAuthenticator. Most users of custom authenticators will need to rewrite to the new API. There is a backwards compatibility adapter class com.caucho.server.security.AbstractAuthenticator, but the internal changes are sufficiently large that the adapter may not be sufficient. | ||
| + | |||
| + | The Resin 4.0 change more cleanly splits authentication from login. | ||
| + | |||
| + | * authentication returns a Principal from a username and Credentials | ||
| + | * login extracts authentication from a HTTP requests | ||
| + | |||
| + | So the Authenticator no longer knows anything about ServletRequest or ServletResponse, only the basic authentication data. If you need to access the ServletRequest or ServletResponse, you will need to write a custom Login instead. Applications which relied on the extra ServletRequest information in their authenticators may need to be refactored. | ||
Revision as of 18:55, 19 February 2009
Contents |
Mandatory (non-backward compat)
There are some changes to the Resin 4.0 configuration that require updates when upgrading:
- resin:type and resin:class are no longer valid
- security ServletAuthenticators may need to be rewritten
resin:type and resin:class
In Resin 4.0, the Java CanDI (Dependency Injection) syntax replaces the old resin:type syntax for specifying custom configuration classes. The CanDI syntax uses an XML namespace containing the package and an XML local name with the class. For example:
Resin 4.0 custom AccessLog
<access-log>
<foo:MyLog xmlns:foo="urn:java:com.foo"
path="..."
rollover-period="...">
<foo:param>my-param</foo:param>
</foo:MyLog>
</access-log>
old (invalid) custom AccessLog
<access-log resin:type="com.foo.MyLog"
path="..."
rollover-period="...">
<init param="my-param"/>
</access-log>
com.caucho.security.AbstractAuthenticator
Resin 4.0 changes the custom authenticator API using com.caucho.security.AbstractAuthenticator. Most users of custom authenticators will need to rewrite to the new API. There is a backwards compatibility adapter class com.caucho.server.security.AbstractAuthenticator, but the internal changes are sufficiently large that the adapter may not be sufficient.
The Resin 4.0 change more cleanly splits authentication from login.
- authentication returns a Principal from a username and Credentials
- login extracts authentication from a HTTP requests
So the Authenticator no longer knows anything about ServletRequest or ServletResponse, only the basic authentication data. If you need to access the ServletRequest or ServletResponse, you will need to write a custom Login instead. Applications which relied on the extra ServletRequest information in their authenticators may need to be refactored.
