Glen Mazza created ROL-1968:
-------------------------------
Summary: Upgrade Spring Security from 2.0.7 to 3.1.4
Key: ROL-1968
URL: https://issues.apache.org/jira/browse/ROL-1968
Project: Roller
Issue Type: Task
Affects Versions: 5.1
Reporter: Glen Mazza
Assignee: Roller Unassigned
Attachments: SpringSecurity.patch
The enclosed patch gets us codewise about (my guess) 95-98% there, but there is
some configuration error in the updated security.xml that makes it all for
naught. Basically, the app will compile and run via mvn jetty:run at
http://localhost:8080/roller but authentication of the first user created at
the login screen *always* fails. I'm attaching the patch of what I have so far
in case somebody wants to be a hero and get the remaining 2-5% in--I'll try to
work on it more myself as well.
Debugging can be done via IntelliJ by doing Menu item Run -> Edit
Configurations, adding a new Maven config item ("debug Roller") with a working
directory of /full/path/to/app/folder and a command line option of "jetty:run".
Then add breakpoints to the code and choose Menu Item Run -> "debug Roller".
It's difficult to debug however, as most of the code is Spring internal via the
XML Configuration file and not Roller code.
We don't need to get the OpenID auth method working to commit this patch
(AFAICT it needed updating to work in 2.0.7 as it wasn't working right OOTB
anyway) -- I can look into that later, but just to get the standard
username/login at the command prompt working would be good enough to commit
this patch. I'm partly inclined to commit this patch anyway and hold Roller
trunk hostage, meaning *nobody* can use trunk until somebody patches it to get
Spring Security 3.1 working, but I'll pass on such a drastic step. :)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
