upgrade to spring security 2.0.5 from acegisecurity

classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

upgrade to spring security 2.0.5 from acegisecurity

Robert Collins
This should work, but I don't have ldap etc environments to test in.

In principle a lot of things could be upgraded from the comments made
about the upgrade, but I've only met acegi today, so I have no idea
about that :)

The main reason to do this is that openid support is bundled in with
spring security, so rather than try to glue openid4java into hudson
as-is, if we do this upgrade first it should make doing open id closer
to trivial (just need to write a UI to specify limits some folk may
want) & UI glue.

I'm running tests on it now, but as its nearly entirely mechanical
thought I'd send it in as-is.

-Rob

Index: core/src/main/java/hudson/Functions.java
===================================================================
--- core/src/main/java/hudson/Functions.java (revision 24493)
+++ core/src/main/java/hudson/Functions.java (working copy)
@@ -62,7 +62,7 @@
 import hudson.util.Iterators;
 import hudson.scm.SCM;
 import hudson.scm.SCMDescriptor;
-import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
+import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
 import org.apache.commons.jelly.JellyContext;
 import org.apache.commons.jelly.JellyTagException;
 import org.apache.commons.jelly.Script;
Index: core/src/main/java/hudson/triggers/SafeTimerTask.java
===================================================================
--- core/src/main/java/hudson/triggers/SafeTimerTask.java (revision 24493)
+++ core/src/main/java/hudson/triggers/SafeTimerTask.java (working copy)
@@ -23,7 +23,7 @@
  */
 package hudson.triggers;
 
-import org.acegisecurity.context.SecurityContextHolder;
+import org.springframework.security.context.SecurityContextHolder;
 
 import java.util.Timer;
 import java.util.TimerTask;
Index: core/src/main/java/hudson/ExpressionFactory2.java
===================================================================
--- core/src/main/java/hudson/ExpressionFactory2.java (revision 24493)
+++ core/src/main/java/hudson/ExpressionFactory2.java (working copy)
@@ -1,6 +1,6 @@
 package hudson;
 
-import org.acegisecurity.AcegiSecurityException;
+import org.springframework.security.SpringSecurityException;
 import org.apache.commons.jelly.JellyContext;
 import org.apache.commons.jelly.JellyException;
 import org.apache.commons.jelly.expression.Expression;
@@ -70,7 +70,7 @@
                 CURRENT_CONTEXT.set(context);
                 JexlContext jexlContext = new JellyJexlContext( context );
                 return expression.evaluate(jexlContext);
-            } catch (AcegiSecurityException e) {
+            } catch (SpringSecurityException e) {
                 // let the security exception pass through
                 throw e;
             } catch (Exception e) {
Index: core/src/main/java/hudson/security/ACL.java
===================================================================
--- core/src/main/java/hudson/security/ACL.java (revision 24493)
+++ core/src/main/java/hudson/security/ACL.java (working copy)
@@ -23,11 +23,11 @@
  */
 package hudson.security;
 
-import org.acegisecurity.AccessDeniedException;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.acegisecurity.acls.sid.PrincipalSid;
-import org.acegisecurity.acls.sid.Sid;
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.Authentication;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.acls.sid.PrincipalSid;
+import org.springframework.security.acls.sid.Sid;
 import hudson.model.Hudson;
 import hudson.model.Executor;
 
Index: core/src/main/java/hudson/security/SidACL.java
===================================================================
--- core/src/main/java/hudson/security/SidACL.java (revision 24493)
+++ core/src/main/java/hudson/security/SidACL.java (working copy)
@@ -23,11 +23,11 @@
  */
 package hudson.security;
 
-import org.acegisecurity.Authentication;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.acls.sid.PrincipalSid;
-import org.acegisecurity.acls.sid.GrantedAuthoritySid;
-import org.acegisecurity.acls.sid.Sid;
+import org.springframework.security.Authentication;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.acls.sid.PrincipalSid;
+import org.springframework.security.acls.sid.GrantedAuthoritySid;
+import org.springframework.security.acls.sid.Sid;
 
 import java.util.logging.Logger;
 import static java.util.logging.Level.FINE;
Index: core/src/main/java/hudson/security/GroupDetails.java
===================================================================
--- core/src/main/java/hudson/security/GroupDetails.java (revision 24493)
+++ core/src/main/java/hudson/security/GroupDetails.java (working copy)
@@ -23,7 +23,7 @@
  */
 package hudson.security;
 
-import org.acegisecurity.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetails;
 
 /**
  * Represents the details of a group.
Index: core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java
===================================================================
--- core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java (revision 24493)
+++ core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java (working copy)
@@ -31,8 +31,8 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
 
 /**
  * {@link AuthenticationProcessingFilter} with a change for Hudson so that
Index: core/src/main/java/hudson/security/HudsonFilter.java
===================================================================
--- core/src/main/java/hudson/security/HudsonFilter.java (revision 24493)
+++ core/src/main/java/hudson/security/HudsonFilter.java (working copy)
@@ -37,9 +37,9 @@
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.ui.rememberme.RememberMeServices;
-import org.acegisecurity.userdetails.UserDetailsService;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.ui.rememberme.RememberMeServices;
+import org.springframework.security.userdetails.UserDetailsService;
 
 /**
  * {@link Filter} that Hudson uses to implement security support.
Index: core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java
===================================================================
--- core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java (revision 24493)
+++ core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java (working copy)
@@ -23,9 +23,9 @@
  */
 package hudson.security;
 
-import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.Authentication;
+import org.springframework.security.ui.rememberme.TokenBasedRememberMeServices;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.Authentication;
 import org.apache.commons.codec.digest.DigestUtils;
 
 /**
@@ -40,9 +40,9 @@
  */
 public class TokenBasedRememberMeServices2 extends TokenBasedRememberMeServices {
     @Override
-    protected String makeTokenSignature(long tokenExpiryTime, UserDetails userDetails) {
-        String expectedTokenSignature = DigestUtils.md5Hex(userDetails.getUsername() + ":" + tokenExpiryTime + ":"
-                + "N/A" + ":" + getKey());
+    protected String makeTokenSignature(long tokenExpiryTime, String username, String password) {
+        String expectedTokenSignature = DigestUtils.md5Hex(username + ":" +
+            tokenExpiryTime + ":" + "N/A" + ":" + getKey());
         return expectedTokenSignature;
     }
 
Index: core/src/main/java/hudson/security/UserMayOrMayNotExistException.java
===================================================================
--- core/src/main/java/hudson/security/UserMayOrMayNotExistException.java (revision 24493)
+++ core/src/main/java/hudson/security/UserMayOrMayNotExistException.java (working copy)
@@ -23,8 +23,8 @@
  */
 package hudson.security;
 
-import org.acegisecurity.userdetails.UsernameNotFoundException;
-import org.acegisecurity.userdetails.UserDetailsService;
+import org.springframework.security.userdetails.UsernameNotFoundException;
+import org.springframework.security.userdetails.UserDetailsService;
 
 /**
  * Thrown from {@link UserDetailsService#loadUserByUsername(String)}
Index: core/src/main/java/hudson/security/AuthenticationManagerProxy.java
===================================================================
--- core/src/main/java/hudson/security/AuthenticationManagerProxy.java (revision 24493)
+++ core/src/main/java/hudson/security/AuthenticationManagerProxy.java (working copy)
@@ -23,10 +23,10 @@
  */
 package hudson.security;
 
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.DisabledException;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.DisabledException;
 
 /**
  * {@link AuthenticationManager} proxy that delegates to another instance.
Index: core/src/main/java/hudson/security/csrf/DefaultCrumbIssuer.java
===================================================================
--- core/src/main/java/hudson/security/csrf/DefaultCrumbIssuer.java (revision 24493)
+++ core/src/main/java/hudson/security/csrf/DefaultCrumbIssuer.java (working copy)
@@ -19,7 +19,7 @@
 
 import net.sf.json.JSONObject;
 
-import org.acegisecurity.Authentication;
+import org.springframework.security.Authentication;
 import org.kohsuke.stapler.StaplerRequest;
 
 /**
Index: core/src/main/java/hudson/security/SparseACL.java
===================================================================
--- core/src/main/java/hudson/security/SparseACL.java (revision 24493)
+++ core/src/main/java/hudson/security/SparseACL.java (working copy)
@@ -23,8 +23,8 @@
  */
 package hudson.security;
 
-import org.acegisecurity.Authentication;
-import org.acegisecurity.acls.sid.Sid;
+import org.springframework.security.Authentication;
+import org.springframework.security.acls.sid.Sid;
 
 import java.util.ArrayList;
 import java.util.List;
Index: core/src/main/java/hudson/security/AuthorizationStrategy.java
===================================================================
--- core/src/main/java/hudson/security/AuthorizationStrategy.java (revision 24493)
+++ core/src/main/java/hudson/security/AuthorizationStrategy.java (working copy)
@@ -45,7 +45,7 @@
 
 import net.sf.json.JSONObject;
 
-import org.acegisecurity.Authentication;
+import org.springframework.security.Authentication;
 import org.kohsuke.stapler.StaplerRequest;
 
 /**
Index: core/src/main/java/hudson/security/HttpSessionContextIntegrationFilter2.java
===================================================================
--- core/src/main/java/hudson/security/HttpSessionContextIntegrationFilter2.java (revision 24493)
+++ core/src/main/java/hudson/security/HttpSessionContextIntegrationFilter2.java (working copy)
@@ -23,9 +23,9 @@
  */
 package hudson.security;
 
-import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
-import org.acegisecurity.context.SecurityContext;
-import org.acegisecurity.Authentication;
+import org.springframework.security.context.HttpSessionContextIntegrationFilter;
+import org.springframework.security.context.SecurityContext;
+import org.springframework.security.Authentication;
 
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
@@ -34,6 +34,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 import java.io.IOException;
+import javax.servlet.http.HttpServletResponse;
 
 /**
  * Erases the {@link SecurityContext} persisted in {@link HttpSession}
@@ -43,13 +44,14 @@
  */
 public class HttpSessionContextIntegrationFilter2 extends HttpSessionContextIntegrationFilter {
     public HttpSessionContextIntegrationFilter2() throws ServletException {
-        setContext(NotSerilizableSecurityContext.class);
+        setContextClass(NotSerilizableSecurityContext.class);
     }
 
-    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
+    @Override
+    public void doFilterHttp(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws IOException, ServletException {
         HttpSession session = ((HttpServletRequest) req).getSession(false);
         if(session!=null) {
-            SecurityContext o = (SecurityContext)session.getAttribute(ACEGI_SECURITY_CONTEXT_KEY);
+            SecurityContext o = (SecurityContext)session.getAttribute(SPRING_SECURITY_CONTEXT_KEY);
             if(o!=null) {
                 Authentication a = o.getAuthentication();
                 if(a!=null) {
@@ -57,7 +59,7 @@
                         InvalidatableUserDetails ud = (InvalidatableUserDetails) a.getPrincipal();
                         if(ud.isInvalid())
                             // don't let Acegi see invalid security context
-                            session.setAttribute(ACEGI_SECURITY_CONTEXT_KEY,null);
+                            session.setAttribute(SPRING_SECURITY_CONTEXT_KEY,null);
                     }
                 }
             }
Index: core/src/main/java/hudson/security/PAMSecurityRealm.java
===================================================================
--- core/src/main/java/hudson/security/PAMSecurityRealm.java (revision 24493)
+++ core/src/main/java/hudson/security/PAMSecurityRealm.java (working copy)
@@ -31,18 +31,18 @@
 import hudson.os.PosixAPI;
 import hudson.util.FormValidation;
 import hudson.util.spring.BeanBuilder;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.BadCredentialsException;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.GrantedAuthorityImpl;
-import org.acegisecurity.providers.AuthenticationProvider;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.User;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.BadCredentialsException;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.providers.AuthenticationProvider;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.userdetails.UsernameNotFoundException;
+import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.User;
 import org.jvnet.libpam.PAM;
 import org.jvnet.libpam.PAMException;
 import org.jvnet.libpam.UnixUser;
Index: core/src/main/java/hudson/security/AccessControlled.java
===================================================================
--- core/src/main/java/hudson/security/AccessControlled.java (revision 24493)
+++ core/src/main/java/hudson/security/AccessControlled.java (working copy)
@@ -23,7 +23,7 @@
  */
 package hudson.security;
 
-import org.acegisecurity.AccessDeniedException;
+import org.springframework.security.AccessDeniedException;
 
 /**
  * Object that has an {@link ACL}
Index: core/src/main/java/hudson/security/SecurityRealm.java
===================================================================
--- core/src/main/java/hudson/security/SecurityRealm.java (revision 24493)
+++ core/src/main/java/hudson/security/SecurityRealm.java (working copy)
@@ -35,17 +35,17 @@
 import hudson.util.DescriptorList;
 import hudson.util.PluginServletFilter;
 import hudson.util.spring.BeanBuilder;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.GrantedAuthorityImpl;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.context.SecurityContext;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.acegisecurity.ui.rememberme.RememberMeServices;
-import static org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.context.SecurityContext;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.ui.rememberme.RememberMeServices;
+import static org.springframework.security.ui.rememberme.TokenBasedRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY;
+import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UsernameNotFoundException;
 import org.kohsuke.stapler.Stapler;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
@@ -226,7 +226,7 @@
         SecurityContextHolder.clearContext();
 
         // reset remember-me cookie
-        Cookie cookie = new Cookie(ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,"");
+        Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,"");
         cookie.setPath(req.getContextPath().length()>0 ? req.getContextPath() : "/");
         rsp.addCookie(cookie);
 
Index: core/src/main/java/hudson/security/LDAPSecurityRealm.java
===================================================================
--- core/src/main/java/hudson/security/LDAPSecurityRealm.java (revision 24493)
+++ core/src/main/java/hudson/security/LDAPSecurityRealm.java (working copy)
@@ -35,25 +35,22 @@
 import hudson.util.FormValidation;
 import hudson.util.Scrambler;
 import hudson.util.spring.BeanBuilder;
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.AcegiSecurityException;
-import org.acegisecurity.ldap.InitialDirContextFactory;
-import org.acegisecurity.ldap.LdapDataAccessException;
-import org.acegisecurity.ldap.LdapTemplate;
-import org.acegisecurity.ldap.LdapUserSearch;
-import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch;
-import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
-import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
-import org.acegisecurity.userdetails.ldap.LdapUserDetails;
-import org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.SpringSecurityException;
+import org.springframework.security.ldap.LdapDataAccessException;
+import org.springframework.security.ldap.LdapUserSearch;
+import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
+import org.springframework.security.ldap.LdapAuthoritiesPopulator;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.userdetails.UsernameNotFoundException;
+import org.springframework.security.userdetails.ldap.LdapUserDetails;
+import org.springframework.security.userdetails.ldap.LdapUserDetailsImpl;
+import org.springframework.dao.DataAccessException;
+import org.springframework.web.context.WebApplicationContext;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.QueryParameter;
-import org.springframework.dao.DataAccessException;
-import org.springframework.web.context.WebApplicationContext;
 
 import javax.naming.Context;
 import javax.naming.NamingException;
@@ -72,6 +69,10 @@
 import java.util.logging.Logger;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.ldap.SpringSecurityContextSource;
+import org.springframework.security.ldap.SpringSecurityLdapTemplate;
+import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
 
 
 /**
@@ -271,7 +272,7 @@
     /**
      * Created in {@link #createSecurityComponents()}. Can be used to connect to LDAP.
      */
-    private transient LdapTemplate ldapTemplate;
+    private transient SpringSecurityLdapTemplate ldapTemplate;
 
     @DataBoundConstructor
     public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String managerDN, String managerPassword) {
@@ -339,7 +340,7 @@
         builder.parse(Hudson.getInstance().servletContext.getResourceAsStream("/WEB-INF/security/LDAPBindSecurityRealm.groovy"),binding);
         final WebApplicationContext appContext = builder.createApplicationContext();
 
-        ldapTemplate = new LdapTemplate(findBean(InitialDirContextFactory.class, appContext));
+        ldapTemplate = new SpringSecurityLdapTemplate(findBean(SpringSecurityContextSource.class, appContext));
 
         return new SecurityComponents(
             findBean(AuthenticationManager.class, appContext),
@@ -393,18 +394,17 @@
         }
         public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
             try {
-                LdapUserDetails ldapUser = ldapSearch.searchForUser(username);
+                DirContextOperations ldapUser = ldapSearch.searchForUser(username);
                 // LdapUserSearch does not populate granted authorities (group search).
                 // Add those, as done in LdapAuthenticationProvider.createUserDetails().
-                if (ldapUser != null) {
-                    LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence(ldapUser);
-                    GrantedAuthority[] extraAuthorities = authoritiesPopulator.getGrantedAuthorities(ldapUser);
-                    for (int i = 0; i < extraAuthorities.length; i++) {
-                        user.addAuthority(extraAuthorities[i]);
-                    }
-                    ldapUser = user.createUserDetails();
+                if (null == ldapUser)
+                    return null;
+                LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence(ldapUser);
+                GrantedAuthority[] extraAuthorities = authoritiesPopulator.getGrantedAuthorities(ldapUser, username);
+                for (int i = 0; i < extraAuthorities.length; i++) {
+                    user.addAuthority(extraAuthorities[i]);
                 }
-                return ldapUser;
+                return user.createUserDetails();
             } catch (LdapDataAccessException e) {
                 LOGGER.log(Level.WARNING, "Failed to search LDAP for username="+username,e);
                 throw new UserMayOrMayNotExistException(e.getMessage(),e);
@@ -436,7 +436,7 @@
             } catch (NamingException e) {
                 LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address",e);
                 return null;
-            } catch (AcegiSecurityException e) {
+            } catch (SpringSecurityException e) {
                 LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address",e);
                 return null;
             }
@@ -450,15 +450,15 @@
         // Make these available (private in parent class and no get methods!)
         String rolePrefix;
         boolean convertToUpperCase;
-        public AuthoritiesPopulatorImpl(InitialDirContextFactory initialDirContextFactory, String groupSearchBase) {
-            super(initialDirContextFactory, fixNull(groupSearchBase));
+        public AuthoritiesPopulatorImpl(SpringSecurityContextSource springSecurityContextSource, String groupSearchBase) {
+            super(springSecurityContextSource, fixNull(groupSearchBase));
             // These match the defaults in acegi 1.0.5; set again to store in non-private fields:
             setRolePrefix("ROLE_");
             setConvertToUpperCase(true);
         }
 
         @Override
-        protected Set getAdditionalRoles(LdapUserDetails ldapUser) {
+        protected Set getAdditionalRoles(DirContextOperations user, String username) {
             return Collections.singleton(AUTHENTICATED_AUTHORITY);
         }
 
Index: core/src/main/java/hudson/security/UnwrapSecurityExceptionFilter.java
===================================================================
--- core/src/main/java/hudson/security/UnwrapSecurityExceptionFilter.java (revision 24493)
+++ core/src/main/java/hudson/security/UnwrapSecurityExceptionFilter.java (working copy)
@@ -24,8 +24,8 @@
 package hudson.security;
 
 import org.apache.commons.jelly.JellyTagException;
-import org.acegisecurity.AcegiSecurityException;
-import org.acegisecurity.ui.ExceptionTranslationFilter;
+import org.springframework.security.SpringSecurityException;
+import org.springframework.security.ui.ExceptionTranslationFilter;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterConfig;
@@ -54,8 +54,8 @@
             if (t instanceof JellyTagException) {
                 JellyTagException jte = (JellyTagException) t;
                 Throwable cause = jte.getCause();
-                if (cause instanceof AcegiSecurityException) {
-                    AcegiSecurityException se = (AcegiSecurityException) cause;
+                if (cause instanceof SpringSecurityException) {
+                    SpringSecurityException se = (SpringSecurityException) cause;
                     throw new ServletException(se);
                 }
             }
Index: core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java
===================================================================
--- core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java (revision 24493)
+++ core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java (working copy)
@@ -24,8 +24,8 @@
 package hudson.security;
 
 import hudson.model.Hudson;
-import org.acegisecurity.AccessDeniedException;
-import org.acegisecurity.ui.AccessDeniedHandler;
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.ui.AccessDeniedHandler;
 import org.kohsuke.stapler.Stapler;
 
 import javax.servlet.ServletException;
Index: core/src/main/java/hudson/security/InvalidatableUserDetails.java
===================================================================
--- core/src/main/java/hudson/security/InvalidatableUserDetails.java (revision 24493)
+++ core/src/main/java/hudson/security/InvalidatableUserDetails.java (working copy)
@@ -23,9 +23,9 @@
  */
 package hudson.security;
 
-import org.acegisecurity.Authentication;
-import org.acegisecurity.context.SecurityContext;
-import org.acegisecurity.userdetails.UserDetails;
+import org.springframework.security.Authentication;
+import org.springframework.security.context.SecurityContext;
+import org.springframework.security.userdetails.UserDetails;
 
 import javax.servlet.http.HttpSession;
 
Index: core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
===================================================================
--- core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java (revision 24493)
+++ core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java (working copy)
@@ -39,16 +39,16 @@
 import hudson.util.Scrambler;
 import hudson.util.spring.BeanBuilder;
 import net.sf.json.JSONObject;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.acegisecurity.providers.encoding.PasswordEncoder;
-import org.acegisecurity.providers.encoding.ShaPasswordEncoder;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.providers.encoding.PasswordEncoder;
+import org.springframework.security.providers.encoding.ShaPasswordEncoder;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.userdetails.UsernameNotFoundException;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.Stapler;
 import org.kohsuke.stapler.StaplerRequest;
Index: core/src/main/java/hudson/security/UserDetailsServiceProxy.java
===================================================================
--- core/src/main/java/hudson/security/UserDetailsServiceProxy.java (revision 24493)
+++ core/src/main/java/hudson/security/UserDetailsServiceProxy.java (working copy)
@@ -23,9 +23,9 @@
  */
 package hudson.security;
 
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.userdetails.UsernameNotFoundException;
 import org.springframework.dao.DataAccessException;
 
 /**
Index: core/src/main/java/hudson/security/AccessDeniedException2.java
===================================================================
--- core/src/main/java/hudson/security/AccessDeniedException2.java (revision 24493)
+++ core/src/main/java/hudson/security/AccessDeniedException2.java (working copy)
@@ -1,7 +1,7 @@
 package hudson.security;
 
-import org.acegisecurity.AccessDeniedException;
-import org.acegisecurity.Authentication;
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.Authentication;
 
 /**
  * {@link AccessDeniedException} with more information.
Index: core/src/main/java/hudson/security/LegacySecurityRealm.java
===================================================================
--- core/src/main/java/hudson/security/LegacySecurityRealm.java (revision 24493)
+++ core/src/main/java/hudson/security/LegacySecurityRealm.java (working copy)
@@ -23,9 +23,9 @@
  */
 package hudson.security;
 
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationException;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationException;
 import org.springframework.web.context.WebApplicationContext;
 import org.kohsuke.stapler.StaplerRequest;
 import groovy.lang.Binding;
Index: core/src/main/java/hudson/security/ContainerAuthentication.java
===================================================================
--- core/src/main/java/hudson/security/ContainerAuthentication.java (revision 24493)
+++ core/src/main/java/hudson/security/ContainerAuthentication.java (working copy)
@@ -23,9 +23,9 @@
  */
 package hudson.security;
 
-import org.acegisecurity.Authentication;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.GrantedAuthorityImpl;
+import org.springframework.security.Authentication;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.GrantedAuthorityImpl;
 
 import javax.servlet.http.HttpServletRequest;
 import java.security.Principal;
Index: core/src/main/java/hudson/security/NotSerilizableSecurityContext.java
===================================================================
--- core/src/main/java/hudson/security/NotSerilizableSecurityContext.java (revision 24493)
+++ core/src/main/java/hudson/security/NotSerilizableSecurityContext.java (working copy)
@@ -14,10 +14,10 @@
  */
 package hudson.security;
 
-import org.acegisecurity.context.SecurityContext;
-import org.acegisecurity.context.SecurityContextImpl;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.userdetails.UserDetails;
+import org.springframework.security.context.SecurityContext;
+import org.springframework.security.context.SecurityContextImpl;
+import org.springframework.security.Authentication;
+import org.springframework.security.userdetails.UserDetails;
 
 import javax.servlet.http.HttpSession;
 
Index: core/src/main/java/hudson/security/RememberMeServicesProxy.java
===================================================================
--- core/src/main/java/hudson/security/RememberMeServicesProxy.java (revision 24493)
+++ core/src/main/java/hudson/security/RememberMeServicesProxy.java (working copy)
@@ -23,8 +23,8 @@
  */
 package hudson.security;
 
-import org.acegisecurity.ui.rememberme.RememberMeServices;
-import org.acegisecurity.Authentication;
+import org.springframework.security.ui.rememberme.RememberMeServices;
+import org.springframework.security.Authentication;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
Index: core/src/main/java/hudson/security/BasicAuthenticationFilter.java
===================================================================
--- core/src/main/java/hudson/security/BasicAuthenticationFilter.java (revision 24493)
+++ core/src/main/java/hudson/security/BasicAuthenticationFilter.java (working copy)
@@ -25,8 +25,8 @@
 
 import hudson.model.Hudson;
 import hudson.util.Scrambler;
-import org.acegisecurity.GrantedAuthorityImpl;
-import org.acegisecurity.context.SecurityContextHolder;
+import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.context.SecurityContextHolder;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
 
Index: core/src/main/java/hudson/security/AuthorizationMatrixProperty.java
===================================================================
--- core/src/main/java/hudson/security/AuthorizationMatrixProperty.java (revision 24493)
+++ core/src/main/java/hudson/security/AuthorizationMatrixProperty.java (working copy)
@@ -47,7 +47,7 @@
 
 import net.sf.json.JSONObject;
 
-import org.acegisecurity.acls.sid.Sid;
+import org.springframework.security.acls.sid.Sid;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.QueryParameter;
 import org.kohsuke.stapler.AncestorInPath;
Index: core/src/main/java/hudson/security/HudsonAuthenticationEntryPoint.java
===================================================================
--- core/src/main/java/hudson/security/HudsonAuthenticationEntryPoint.java (revision 24493)
+++ core/src/main/java/hudson/security/HudsonAuthenticationEntryPoint.java (working copy)
@@ -23,8 +23,8 @@
  */
 package hudson.security;
 
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint;
 
 import javax.servlet.ServletException;
 import javax.servlet.ServletOutputStream;
Index: core/src/main/java/hudson/security/DeferredCreationLdapAuthoritiesPopulator.java
===================================================================
--- core/src/main/java/hudson/security/DeferredCreationLdapAuthoritiesPopulator.java (revision 24493)
+++ core/src/main/java/hudson/security/DeferredCreationLdapAuthoritiesPopulator.java (working copy)
@@ -26,12 +26,12 @@
  */
 package hudson.security;
 
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.ldap.InitialDirContextFactory;
-import org.acegisecurity.ldap.LdapDataAccessException;
-import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
-import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator;
-import org.acegisecurity.userdetails.ldap.LdapUserDetails;
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.ldap.InitialDirContextFactory;
+import org.springframework.security.ldap.LdapAuthoritiesPopulator;
+import org.springframework.security.ldap.SpringSecurityContextSource;
+import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
 import hudson.security.SecurityRealm.SecurityComponents;
 
 /**
@@ -55,7 +55,7 @@
      * An initial context factory is only required if searching for groups is
      * required.
      */
-    private InitialDirContextFactory initialDirContextFactory = null;
+    private SpringSecurityContextSource contextSource = null;
 
     /**
      * Controls used to determine whether group searches should be performed
@@ -86,21 +86,20 @@
     /**
      * Constructor.
      *
-     * @param initialDirContextFactory
+     * @param contextSource
      *            supplies the contexts used to search for user roles.
      * @param groupSearchBase
      *            if this is an empty string the search will be performed from
      *            the root DN of the context factory.
      */
     public DeferredCreationLdapAuthoritiesPopulator(
-            InitialDirContextFactory initialDirContextFactory, String groupSearchBase) {
-        this.setInitialDirContextFactory(initialDirContextFactory);
+            SpringSecurityContextSource sprintSecurityContextSource, String groupSearchBase) {
+        this.setSpringSecurityContextSource(sprintSecurityContextSource);
         this.setGroupSearchBase(groupSearchBase);
     }
 
-    public GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails)
-            throws LdapDataAccessException {
-        return create().getGrantedAuthorities(userDetails);
+    public GrantedAuthority[] getGrantedAuthorities(DirContextOperations userData, String username) {
+        return create().getGrantedAuthorities(userData, username);
     }
 
     public void setConvertToUpperCase(boolean convertToUpperCase) {
@@ -123,8 +122,8 @@
         this.groupSearchFilter = groupSearchFilter;
     }
 
-    public void setInitialDirContextFactory(InitialDirContextFactory initialDirContextFactory) {
-        this.initialDirContextFactory = initialDirContextFactory;
+    public void setSpringSecurityContextSource(SpringSecurityContextSource initialDirContextFactory) {
+        this.contextSource = initialDirContextFactory;
     }
 
     public void setRolePrefix(String rolePrefix) {
@@ -142,7 +141,7 @@
      */
     private DefaultLdapAuthoritiesPopulator create() {
         DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(
-                initialDirContextFactory, groupSearchBase);
+                contextSource, groupSearchBase);
         populator.setConvertToUpperCase(convertToUpperCase);
         if (defaultRole != null) {
             populator.setDefaultRole(defaultRole);
@@ -154,4 +153,5 @@
         return populator;
     }
 
+
 }
Index: core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java
===================================================================
--- core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java (revision 24493)
+++ core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java (working copy)
@@ -4,13 +4,13 @@
 import hudson.model.Hudson;
 import hudson.tasks.MailAddressResolver;
 import hudson.util.spring.BeanBuilder;
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.userdetails.UsernameNotFoundException;
 import org.springframework.dao.DataAccessException;
 import org.springframework.web.context.WebApplicationContext;
 
Index: core/src/main/java/hudson/util/FormFieldValidator.java
===================================================================
--- core/src/main/java/hudson/util/FormFieldValidator.java (revision 24493)
+++ core/src/main/java/hudson/util/FormFieldValidator.java (working copy)
@@ -46,7 +46,7 @@
 
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
-import org.acegisecurity.AccessDeniedException;
+import org.springframework.security.AccessDeniedException;
 import org.kohsuke.stapler.Stapler;
 
 /**
Index: core/src/main/java/hudson/model/MyViewsProperty.java
===================================================================
--- core/src/main/java/hudson/model/MyViewsProperty.java (revision 24493)
+++ core/src/main/java/hudson/model/MyViewsProperty.java (working copy)
@@ -44,7 +44,7 @@
 
 import net.sf.json.JSONObject;
 
-import org.acegisecurity.AccessDeniedException;
+import org.springframework.security.AccessDeniedException;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.HttpRedirect;
 import org.kohsuke.stapler.HttpResponse;
Index: core/src/main/java/hudson/model/Hudson.java
===================================================================
--- core/src/main/java/hudson/model/Hudson.java (revision 24493)
+++ core/src/main/java/hudson/model/Hudson.java (working copy)
@@ -126,14 +126,14 @@
 import hudson.util.IOUtils;
 import hudson.widgets.Widget;
 import net.sf.json.JSONObject;
-import org.acegisecurity.AccessDeniedException;
-import org.acegisecurity.AcegiSecurityException;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.GrantedAuthorityImpl;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
-import org.acegisecurity.ui.AbstractProcessingFilter;
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.SpringSecurityException;
+import org.springframework.security.Authentication;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
+import org.springframework.security.ui.AbstractProcessingFilter;
 import org.apache.commons.jelly.JellyException;
 import org.apache.commons.jelly.Script;
 import org.apache.commons.logging.LogFactory;
@@ -1755,7 +1755,7 @@
             }
         } catch (ServletException e) {
             // for binary compatibility, this method cannot throw a checked exception
-            throw new AcegiSecurityException("Failed to configure filter",e) {};
+            throw new SpringSecurityException("Failed to configure filter",e) {};
         }
     }
 
@@ -2669,7 +2669,7 @@
             return;
         }
 
-        String url = AbstractProcessingFilter.obtainFullRequestUrl(req);
+        String url = AbstractProcessingFilter.obtainFullSavedRequestUrl(req);
         if(url!=null) {
             // if the login redirect is initiated by Acegi
             // this should send the user back to where s/he was from.
Index: core/src/main/java/hudson/model/AsyncPeriodicWork.java
===================================================================
--- core/src/main/java/hudson/model/AsyncPeriodicWork.java (revision 24493)
+++ core/src/main/java/hudson/model/AsyncPeriodicWork.java (working copy)
@@ -9,7 +9,7 @@
 import java.io.IOException;
 import java.util.logging.Level;
 
-import org.acegisecurity.context.SecurityContextHolder;
+import org.springframework.security.context.SecurityContextHolder;
 
 /**
  * {@link PeriodicWork} that takes a long time to run.
Index: core/src/main/java/hudson/model/UpdateCenter.java
===================================================================
--- core/src/main/java/hudson/model/UpdateCenter.java (revision 24493)
+++ core/src/main/java/hudson/model/UpdateCenter.java (working copy)
@@ -42,7 +42,7 @@
 import hudson.util.IOException2;
 import hudson.util.PersistedList;
 import hudson.util.XStream2;
-import org.acegisecurity.Authentication;
+import org.springframework.security.Authentication;
 import org.apache.commons.io.input.CountingInputStream;
 import org.apache.commons.io.output.NullOutputStream;
 import org.kohsuke.stapler.StaplerResponse;
Index: core/src/main/java/hudson/model/User.java
===================================================================
--- core/src/main/java/hudson/model/User.java (revision 24493)
+++ core/src/main/java/hudson/model/User.java (working copy)
@@ -39,8 +39,8 @@
 import hudson.util.XStream2;
 import net.sf.json.JSONObject;
 
-import org.acegisecurity.Authentication;
-import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
+import org.springframework.security.Authentication;
+import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
 import org.kohsuke.stapler.export.Exported;
Index: core/src/main/java/hudson/model/Queue.java
===================================================================
--- core/src/main/java/hudson/model/Queue.java (revision 24493)
+++ core/src/main/java/hudson/model/Queue.java (working copy)
@@ -75,7 +75,7 @@
 import javax.management.timer.Timer;
 import javax.servlet.ServletException;
 
-import org.acegisecurity.AccessDeniedException;
+import org.springframework.security.AccessDeniedException;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
 import org.kohsuke.stapler.export.Exported;
Index: core/src/main/java/hudson/model/Executor.java
===================================================================
--- core/src/main/java/hudson/model/Executor.java (revision 24493)
+++ core/src/main/java/hudson/model/Executor.java (working copy)
@@ -33,7 +33,7 @@
 import org.kohsuke.stapler.StaplerResponse;
 import org.kohsuke.stapler.export.ExportedBean;
 import org.kohsuke.stapler.export.Exported;
-import org.acegisecurity.context.SecurityContextHolder;
+import org.springframework.security.context.SecurityContextHolder;
 
 import javax.servlet.ServletException;
 import java.io.IOException;
Index: core/src/main/java/hudson/cli/CliManagerImpl.java
===================================================================
--- core/src/main/java/hudson/cli/CliManagerImpl.java (revision 24493)
+++ core/src/main/java/hudson/cli/CliManagerImpl.java (working copy)
@@ -25,8 +25,8 @@
 
 import hudson.remoting.Channel;
 import hudson.model.Hudson;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.context.SecurityContextHolder;
+import org.springframework.security.Authentication;
+import org.springframework.security.context.SecurityContextHolder;
 import org.apache.commons.discovery.resource.ClassLoaders;
 import org.apache.commons.discovery.resource.classes.DiscoverClasses;
 import org.apache.commons.discovery.resource.names.DiscoverServiceNames;
Index: core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator2.java
===================================================================
--- core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator2.java (revision 24493)
+++ core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator2.java (working copy)
@@ -1,62 +0,0 @@
-/*
- * The MIT License
- *
- * Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-package org.acegisecurity.providers.ldap.authenticator;
-
-import org.acegisecurity.ldap.InitialDirContextFactory;
-import org.acegisecurity.userdetails.ldap.LdapUserDetails;
-
-import java.util.logging.Logger;
-import java.util.logging.Level;
-
-/**
- * {@link BindAuthenticator} with improved diagnostics.
- *
- * @author Kohsuke Kawaguchi
- */
-public class BindAuthenticator2 extends BindAuthenticator {
-    /**
-     * If we ever had a successful authentication,
-     */
-    private boolean hadSuccessfulAuthentication;
-
-    public BindAuthenticator2(InitialDirContextFactory initialDirContextFactory) {
-        super(initialDirContextFactory);
-    }
-
-    @Override
-    public LdapUserDetails authenticate(String username, String password) {
-        LdapUserDetails user = super.authenticate(username, password);
-        hadSuccessfulAuthentication = true;
-        return user;
-    }
-
-    @Override
-    void handleBindException(String userDn, String username, Throwable cause) {
-        LOGGER.log(hadSuccessfulAuthentication? Level.FINE : Level.WARNING,
-            "Failed to bind to LDAP: userDn"+userDn+"  username="+username,cause);
-        super.handleBindException(userDn, username, cause);
-    }
-
-    private static final Logger LOGGER = Logger.getLogger(BindAuthenticator2.class.getName());
-}
Index: core/src/main/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticator2.java
===================================================================
--- core/src/main/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticator2.java (revision 0)
+++ core/src/main/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticator2.java (working copy)
@@ -21,13 +21,13 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
-package org.acegisecurity.providers.ldap.authenticator;
+package org.springframework.security.providers.ldap.authenticator;
 
-import org.acegisecurity.ldap.InitialDirContextFactory;
-import org.acegisecurity.userdetails.ldap.LdapUserDetails;
-
 import java.util.logging.Logger;
 import java.util.logging.Level;
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.Authentication;
+import org.springframework.security.ldap.SpringSecurityContextSource;
 
 /**
  * {@link BindAuthenticator} with improved diagnostics.
@@ -40,19 +40,20 @@
      */
     private boolean hadSuccessfulAuthentication;
 
-    public BindAuthenticator2(InitialDirContextFactory initialDirContextFactory) {
+
+    public BindAuthenticator2(SpringSecurityContextSource initialDirContextFactory) {
         super(initialDirContextFactory);
     }
 
     @Override
-    public LdapUserDetails authenticate(String username, String password) {
-        LdapUserDetails user = super.authenticate(username, password);
+    public DirContextOperations authenticate(Authentication authentication) {
+        DirContextOperations user = super.authenticate(authentication);
         hadSuccessfulAuthentication = true;
         return user;
     }
 
     @Override
-    void handleBindException(String userDn, String username, Throwable cause) {
+    protected void handleBindException(String userDn, String username, Throwable cause) {
         LOGGER.log(hadSuccessfulAuthentication? Level.FINE : Level.WARNING,
             "Failed to bind to LDAP: userDn"+userDn+"  username="+username,cause);
         super.handleBindException(userDn, username, cause);
Index: core/pom.xml
===================================================================
--- core/pom.xml (revision 24493)
+++ core/pom.xml (working copy)
@@ -560,21 +560,6 @@
       <version>1.1-hudson-20090709</version>
     </dependency>
     <dependency>
-      <groupId>org.acegisecurity</groupId>
-      <artifactId>acegi-security</artifactId>
-      <version>1.0.5</version>
-      <exclusions>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-remoting</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-support</artifactId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
       <groupId>org.codehaus.groovy</groupId>
       <artifactId>groovy-all</artifactId>
       <version>1.6.0</version>
@@ -749,6 +734,36 @@
       <scope>system</scope>
       <systemPath>/usr/local/yjp/lib/yjp.jar</systemPath>
     </dependency-->
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-acl</artifactId>
+      <version>2.0.5.RELEASE</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-core-tiger</artifactId>
+      <version>2.0.5.RELEASE</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-core</artifactId>
+      <version>2.0.5.RELEASE</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-taglibs</artifactId>
+      <version>2.0.5.RELEASE</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-openid</artifactId>
+      <version>2.0.5.RELEASE</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.ldap</groupId>
+      <artifactId>spring-ldap-core</artifactId>
+      <version>1.3.0.RELEASE</version>
+    </dependency>
   </dependencies>
 
   <reporting>
@@ -767,7 +782,15 @@
         <configuration>
           <dependencyLocationsEnabled>false</dependencyLocationsEnabled>
         </configuration>
-      </plugin>
+      </plugin>
     </plugins>
   </reporting>
 </project>
+
+
+
+
+
+
+
+

signature.asc (268 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: upgrade to spring security 2.0.5 from acegisecurity

Alan Harder-2
I applied the patch.. needed simple import edits in 2 more files
(GlobalMatrixAuthorizationStrategy.java and
LegacyAuthorizationStrategy.java) to compile.
Got groovy errors at startup.. made simple import edits in all the
war/resources/WEB-INF/security/*.groovy files.

Now this line at the bottom of BasicAuthenticationFilter.java:
private static final GrantedAuthorityImpl[] EMPTY_AUTHORITIES = {new
GrantedAuthorityImpl("")};

gets this exception at startup:
 java.lang.IllegalArgumentException: A granted authority textual
representation is required
        at org.springframework.util.Assert.hasText(Assert.java:162)
        at
org.springframework.security.GrantedAuthorityImpl.<init>(GrantedAuthorityImpl.java:44)
        at
hudson.security.BasicAuthenticationFilter.<clinit>(BasicAuthenticationFilter.java:167)





Robert Collins wrote:

> This should work, but I don't have ldap etc environments to test in.
>
> In principle a lot of things could be upgraded from the comments made
> about the upgrade, but I've only met acegi today, so I have no idea
> about that :)
>
> The main reason to do this is that openid support is bundled in with
> spring security, so rather than try to glue openid4java into hudson
> as-is, if we do this upgrade first it should make doing open id closer
> to trivial (just need to write a UI to specify limits some folk may
> want) & UI glue.
>
> I'm running tests on it now, but as its nearly entirely mechanical
> thought I'd send it in as-is.
>
> -Rob
>  


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: upgrade to spring security 2.0.5 from acegisecurity

Alan Harder-2
I noticed that EMPTY_AUTHORITIES is private and unused, so I just
removed it.
Now I got:

org.springframework.beans.TypeMismatchException: Failed to convert
property value of type [java.lang.String] to required type
[org.springframework.security.userdetails.memory.UserAttribute] for
property 'userAttribute'; nested exception is
java.lang.IllegalArgumentException: A granted authority textual
representation is required

which comes from war/resources/WEB-INF/security/SecurityFilters.groovy,
userAttribute = "anonymous,"
in bean(AnonymousProcessingFilter)

I'm not sure how that was converted to a UserAttribute object in
acegisecurity 1.0.5 (maybe via setAuthoritiesAsString method?  though
for some reason that still takes a List parameter), but it seems this
will need some reworking for spring security 2.0.5.

    - Alan



Alan Harder wrote:

> I applied the patch.. needed simple import edits in 2 more files
> (GlobalMatrixAuthorizationStrategy.java and
> LegacyAuthorizationStrategy.java) to compile.
> Got groovy errors at startup.. made simple import edits in all the
> war/resources/WEB-INF/security/*.groovy files.
>
> Now this line at the bottom of BasicAuthenticationFilter.java:
> private static final GrantedAuthorityImpl[] EMPTY_AUTHORITIES = {new
> GrantedAuthorityImpl("")};
>
> gets this exception at startup:
> java.lang.IllegalArgumentException: A granted authority textual
> representation is required
>        at org.springframework.util.Assert.hasText(Assert.java:162)
>        at
> org.springframework.security.GrantedAuthorityImpl.<init>(GrantedAuthorityImpl.java:44)
>
>        at
> hudson.security.BasicAuthenticationFilter.<clinit>(BasicAuthenticationFilter.java:167)
>
>
>
>
>
>
> Robert Collins wrote:
>> This should work, but I don't have ldap etc environments to test in.
>>
>> In principle a lot of things could be upgraded from the comments made
>> about the upgrade, but I've only met acegi today, so I have no idea
>> about that :)
>>
>> The main reason to do this is that openid support is bundled in with
>> spring security, so rather than try to glue openid4java into hudson
>> as-is, if we do this upgrade first it should make doing open id closer
>> to trivial (just need to write a UI to specify limits some folk may
>> want) & UI glue.
>>
>> I'm running tests on it now, but as its nearly entirely mechanical
>> thought I'd send it in as-is.
>>
>> -Rob
>>  
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: upgrade to spring security 2.0.5 from acegisecurity

Robert Collins
In reply to this post by Alan Harder-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alan Harder wrote:
> I applied the patch.. needed simple import edits in 2 more files
> (GlobalMatrixAuthorizationStrategy.java and
> LegacyAuthorizationStrategy.java) to compile.

Sorry about that; silly IDE :(.

> Got groovy errors at startup.. made simple import edits in all the
> war/resources/WEB-INF/security/*.groovy files.

Cool; minor note - would have saved me a little time if you had attached
those changes to your mail. Anyhow, I see your other reply too, and I'll
investigate that.

- -Rob
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAksgGQkACgkQ42zgmrPGrq7l+gCfZSZvKf5YG5eQFfA1DC1k8GXd
+JkAnAt+KpVPC7HamZRGEFI+iN6garVK
=SH+X
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: upgrade to spring security 2.0.5 from acegisecurity

Robert Collins
In reply to this post by Alan Harder-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alan Harder wrote:

> I noticed that EMPTY_AUTHORITIES is private and unused, so I just
> removed it.
> Now I got:
>
> org.springframework.beans.TypeMismatchException: Failed to convert
> property value of type [java.lang.String] to required type
> [org.springframework.security.userdetails.memory.UserAttribute] for
> property 'userAttribute'; nested exception is
> java.lang.IllegalArgumentException: A granted authority textual
> representation is required
>
> which comes from war/resources/WEB-INF/security/SecurityFilters.groovy,
> userAttribute = "anonymous,"
> in bean(AnonymousProcessingFilter)
>
> I'm not sure how that was converted to a UserAttribute object in
> acegisecurity 1.0.5 (maybe via setAuthoritiesAsString method?  though
> for some reason that still takes a List parameter), but it seems this
> will need some reworking for spring security 2.0.5.
>

Kohsuke has suggested:
08:37 <@kohsuke> Try reverting your patch and set the breakpoint of
                 AnonymousProcessingFilter.setUserAttribute(...)
08:38 <@kohsuke> see what instance of UserAttribute you get in there for
userAttribute="anonymous"
08:38 <+lifeless> thanks, thats a great suggestion.
08:38 <@kohsuke> and if you report that, I suspect Alan can take it from
there

I'm just doing the groovy changes etc myself, but shall poke at this
shortly.

- -Rob
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAksgGd8ACgkQ42zgmrPGrq4o4ACgpKzDGMsRmPB8ZHoMp3U4Xnu8
WsEAn1lvshBXH4MK9t0NzvWyl7nLvQ0M
=N90/
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: upgrade to spring security 2.0.5 from acegisecurity

Robert Collins
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert Collins wrote:

> Kohsuke has suggested:
> 08:37 <@kohsuke> Try reverting your patch and set the breakpoint of
>                  AnonymousProcessingFilter.setUserAttribute(...)
> 08:38 <@kohsuke> see what instance of UserAttribute you get in there for
> userAttribute="anonymous"
> 08:38 <+lifeless> thanks, thats a great suggestion.
> 08:38 <@kohsuke> and if you report that, I suspect Alan can take it from
> there
>
> I'm just doing the groovy changes etc myself, but shall poke at this
> shortly.


org.acegisecurity.userdetails.memory.UserAttribute
  authorities[0] = GrantedAuthorityImpl role=""
  password = "anonymous"
  enabled=true

from

org.netbeans.modules.viewmodel.TreeModelNode@796fe74f[Name=,
displayName=AnonymousProcessingFilter.setUserAttribute:179]
org.netbeans.modules.viewmodel.TreeModelNode@21bb31d2[Name=,
displayName=Hidden Source Calls]
org.netbeans.modules.viewmodel.TreeModelNode@8c3e34b[Name=,
displayName=BeanWrapperImpl.setPropertyValue:844]
org.netbeans.modules.viewmodel.TreeModelNode@747f556b[Name=,
displayName=BeanWrapperImpl.setPropertyValue:655]
org.netbeans.modules.viewmodel.TreeModelNode@53c11f8d[Name=,
displayName=AbstractPropertyAccessor.setPropertyValues:78]
org.netbeans.modules.viewmodel.TreeModelNode@2bfe8cf0[Name=,
displayName=AbstractPropertyAccessor.setPropertyValues:59]
org.netbeans.modules.viewmodel.TreeModelNode@54d6f720[Name=,
displayName=AbstractAutowireCapableBeanFactory.applyPropertyValues:1300]
org.netbeans.modules.viewmodel.TreeModelNode@6cfa8163[Name=,
displayName=AbstractAutowireCapableBeanFactory.populateBean:1042]
org.netbeans.modules.viewmodel.TreeModelNode@403bf15e[Name=,
displayName=AbstractAutowireCapableBeanFactory.doCreateBean:539]
org.netbeans.modules.viewmodel.TreeModelNode@1f637344[Name=,
displayName=AbstractAutowireCapableBeanFactory$1.run:485]
org.netbeans.modules.viewmodel.TreeModelNode@3a248575[Name=,
displayName=Hidden Source Calls]
org.netbeans.modules.viewmodel.TreeModelNode@33b5e225[Name=,
displayName=AbstractAutowireCapableBeanFactory.createBean:455]
org.netbeans.modules.viewmodel.TreeModelNode@6a1205a8[Name=,
displayName=BeanDefinitionValueResolver.resolveInnerBean:219]
org.netbeans.modules.viewmodel.TreeModelNode@45318eff[Name=,
displayName=BeanDefinitionValueResolver.resolveValueIfNecessary:122]
org.netbeans.modules.viewmodel.TreeModelNode@38a32ad6[Name=,
displayName=BeanDefinitionValueResolver.resolveManagedList:286]
org.netbeans.modules.viewmodel.TreeModelNode@605164a6[Name=,
displayName=BeanDefinitionValueResolver.resolveValueIfNecessary:126]
org.netbeans.modules.viewmodel.TreeModelNode@7fa6ffb0[Name=,
displayName=AbstractAutowireCapableBeanFactory.applyPropertyValues:1274]
org.netbeans.modules.viewmodel.TreeModelNode@2cdcbd49[Name=,
displayName=AbstractAutowireCapableBeanFactory.populateBean:1042]
org.netbeans.modules.viewmodel.TreeModelNode@500f1aa1[Name=,
displayName=AbstractAutowireCapableBeanFactory.doCreateBean:539]
org.netbeans.modules.viewmodel.TreeModelNode@f9d6917[Name=,
displayName=AbstractAutowireCapableBeanFactory$1.run:485]
org.netbeans.modules.viewmodel.TreeModelNode@275e6d03[Name=,
displayName=Hidden Source Calls]
org.netbeans.modules.viewmodel.TreeModelNode@2846f426[Name=,
displayName=AbstractAutowireCapableBeanFactory.createBean:455]
org.netbeans.modules.viewmodel.TreeModelNode@4a46ff72[Name=,
displayName=AbstractBeanFactory$1.getObject:251]
org.netbeans.modules.viewmodel.TreeModelNode@7b2cbb76[Name=,
displayName=DefaultSingletonBeanRegistry.getSingleton:169]
org.netbeans.modules.viewmodel.TreeModelNode@35c77f27[Name=,
displayName=AbstractBeanFactory.getBean:248]
org.netbeans.modules.viewmodel.TreeModelNode@3c6cf506[Name=,
displayName=AbstractBeanFactory.getBean:170]
org.netbeans.modules.viewmodel.TreeModelNode@154a7be8[Name=,
displayName=DefaultListableBeanFactory.preInstantiateSingletons:413]
org.netbeans.modules.viewmodel.TreeModelNode@4d0cc743[Name=,
displayName=AbstractApplicationContext.finishBeanFactoryInitialization:735]
org.netbeans.modules.viewmodel.TreeModelNode@1ee273a[Name=,
displayName=AbstractApplicationContext.refresh:369]
org.netbeans.modules.viewmodel.TreeModelNode@3a5151d3[Name=,
displayName=DefaultRuntimeSpringConfiguration.getApplicationContext:94]
org.netbeans.modules.viewmodel.TreeModelNode@30d3118e[Name=,
displayName=BeanBuilder.createApplicationContext:388]
org.netbeans.modules.viewmodel.TreeModelNode@71259aac[Name=,
displayName=SecurityRealm.createFilter:368]
org.netbeans.modules.viewmodel.TreeModelNode@5bcdcc3c[Name=,
displayName=HudsonFilter.reset:140]
org.netbeans.modules.viewmodel.TreeModelNode@241ba63a[Name=,
displayName=Hudson.setSecurityRealm:1753]
org.netbeans.modules.viewmodel.TreeModelNode@133e3c5b[Name=,
displayName=Hudson.doConfigSubmit:2243]

Cheers,
Rob
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAksgKHcACgkQ42zgmrPGrq47cQCfTcjwkCaTIJqIuupwntPanZjF
DVQAoJyff7ulrkibI8J1Xh0P0C7IhIYb
=U6/d
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: upgrade to spring security 2.0.5 from acegisecurity

Robert Collins
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert Collins wrote:

> Robert Collins wrote:
>> Kohsuke has suggested:
>> 08:37 <@kohsuke> Try reverting your patch and set the breakpoint of
>>                  AnonymousProcessingFilter.setUserAttribute(...)
>> 08:38 <@kohsuke> see what instance of UserAttribute you get in there for
>> userAttribute="anonymous"
>> 08:38 <+lifeless> thanks, thats a great suggestion.
>> 08:38 <@kohsuke> and if you report that, I suspect Alan can take it from
>> there
>
>> I'm just doing the groovy changes etc myself, but shall poke at this
>> shortly.

There's something wrong in the http filter stack, but this error is fixed:

in securityFilters.groovy:
@@ -44,7 +44,7 @@
     return [
         bean(AnonymousProcessingFilter) {
             key = "anonymous" // must match with the AnonymousProvider
- -            userAttribute = "anonymous,"
+            userAttribute = "anonymous,ROLE_ANONYMOUS" //password,
attributes

- -Rob
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAksgT70ACgkQ42zgmrPGrq7ijgCgwMJuemKP6LO+wgCqLeF/mHVe
Fh0AniMO0Y0BiJZtinkPUaTm8dVNHmkK
=Tg8T
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: upgrade to spring security 2.0.5 from acegisecurity

Robert Collins
Robert Collins wrote:

> Robert Collins wrote:
>> Robert Collins wrote:
>>> Kohsuke has suggested:
>>> 08:37 <@kohsuke> Try reverting your patch and set the breakpoint of
>>>                  AnonymousProcessingFilter.setUserAttribute(...)
>>> 08:38 <@kohsuke> see what instance of UserAttribute you get in there for
>>> userAttribute="anonymous"
>>> 08:38 <+lifeless> thanks, thats a great suggestion.
>>> 08:38 <@kohsuke> and if you report that, I suspect Alan can take it from
>>> there
>>> I'm just doing the groovy changes etc myself, but shall poke at this
>>> shortly.
>
> There's something wrong in the http filter stack, but this error is fixed:
And that was a trivially bad super call.

I'd like a little confirmation that this works for others, and then I'll
land it, as its 99% mechanical I think its fairly low risk.

-Rob




Index: core/src/main/java/hudson/Functions.java
===================================================================
--- core/src/main/java/hudson/Functions.java (revision 24522)
+++ core/src/main/java/hudson/Functions.java (working copy)
@@ -62,7 +62,7 @@
 import hudson.util.Iterators;
 import hudson.scm.SCM;
 import hudson.scm.SCMDescriptor;
-import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
+import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
 import org.apache.commons.jelly.JellyContext;
 import org.apache.commons.jelly.JellyTagException;
 import org.apache.commons.jelly.Script;
Index: core/src/main/java/hudson/triggers/SafeTimerTask.java
===================================================================
--- core/src/main/java/hudson/triggers/SafeTimerTask.java (revision 24522)
+++ core/src/main/java/hudson/triggers/SafeTimerTask.java (working copy)
@@ -23,7 +23,7 @@
  */
 package hudson.triggers;
 
-import org.acegisecurity.context.SecurityContextHolder;
+import org.springframework.security.context.SecurityContextHolder;
 
 import java.util.Timer;
 import java.util.TimerTask;
Index: core/src/main/java/hudson/ExpressionFactory2.java
===================================================================
--- core/src/main/java/hudson/ExpressionFactory2.java (revision 24522)
+++ core/src/main/java/hudson/ExpressionFactory2.java (working copy)
@@ -1,6 +1,6 @@
 package hudson;
 
-import org.acegisecurity.AcegiSecurityException;
+import org.springframework.security.SpringSecurityException;
 import org.apache.commons.jelly.JellyContext;
 import org.apache.commons.jelly.JellyException;
 import org.apache.commons.jelly.expression.Expression;
@@ -70,7 +70,7 @@
                 CURRENT_CONTEXT.set(context);
                 JexlContext jexlContext = new JellyJexlContext( context );
                 return expression.evaluate(jexlContext);
-            } catch (AcegiSecurityException e) {
+            } catch (SpringSecurityException e) {
                 // let the security exception pass through
                 throw e;
             } catch (Exception e) {
Index: core/src/main/java/hudson/security/ACL.java
===================================================================
--- core/src/main/java/hudson/security/ACL.java (revision 24522)
+++ core/src/main/java/hudson/security/ACL.java (working copy)
@@ -23,11 +23,11 @@
  */
 package hudson.security;
 
-import org.acegisecurity.AccessDeniedException;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.acegisecurity.acls.sid.PrincipalSid;
-import org.acegisecurity.acls.sid.Sid;
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.Authentication;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.acls.sid.PrincipalSid;
+import org.springframework.security.acls.sid.Sid;
 import hudson.model.Hudson;
 import hudson.model.Executor;
 
Index: core/src/main/java/hudson/security/SidACL.java
===================================================================
--- core/src/main/java/hudson/security/SidACL.java (revision 24522)
+++ core/src/main/java/hudson/security/SidACL.java (working copy)
@@ -23,11 +23,11 @@
  */
 package hudson.security;
 
-import org.acegisecurity.Authentication;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.acls.sid.PrincipalSid;
-import org.acegisecurity.acls.sid.GrantedAuthoritySid;
-import org.acegisecurity.acls.sid.Sid;
+import org.springframework.security.Authentication;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.acls.sid.PrincipalSid;
+import org.springframework.security.acls.sid.GrantedAuthoritySid;
+import org.springframework.security.acls.sid.Sid;
 
 import java.util.logging.Logger;
 import static java.util.logging.Level.FINE;
Index: core/src/main/java/hudson/security/GroupDetails.java
===================================================================
--- core/src/main/java/hudson/security/GroupDetails.java (revision 24522)
+++ core/src/main/java/hudson/security/GroupDetails.java (working copy)
@@ -23,7 +23,7 @@
  */
 package hudson.security;
 
-import org.acegisecurity.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetails;
 
 /**
  * Represents the details of a group.
Index: core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java
===================================================================
--- core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java (revision 24522)
+++ core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java (working copy)
@@ -31,8 +31,8 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
 
 /**
  * {@link AuthenticationProcessingFilter} with a change for Hudson so that
Index: core/src/main/java/hudson/security/HudsonFilter.java
===================================================================
--- core/src/main/java/hudson/security/HudsonFilter.java (revision 24522)
+++ core/src/main/java/hudson/security/HudsonFilter.java (working copy)
@@ -37,9 +37,9 @@
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.ui.rememberme.RememberMeServices;
-import org.acegisecurity.userdetails.UserDetailsService;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.ui.rememberme.RememberMeServices;
+import org.springframework.security.userdetails.UserDetailsService;
 
 /**
  * {@link Filter} that Hudson uses to implement security support.
Index: core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java
===================================================================
--- core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java (revision 24522)
+++ core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java (working copy)
@@ -23,9 +23,9 @@
  */
 package hudson.security;
 
-import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.Authentication;
+import org.springframework.security.ui.rememberme.TokenBasedRememberMeServices;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.Authentication;
 import org.apache.commons.codec.digest.DigestUtils;
 
 /**
@@ -40,9 +40,9 @@
  */
 public class TokenBasedRememberMeServices2 extends TokenBasedRememberMeServices {
     @Override
-    protected String makeTokenSignature(long tokenExpiryTime, UserDetails userDetails) {
-        String expectedTokenSignature = DigestUtils.md5Hex(userDetails.getUsername() + ":" + tokenExpiryTime + ":"
-                + "N/A" + ":" + getKey());
+    protected String makeTokenSignature(long tokenExpiryTime, String username, String password) {
+        String expectedTokenSignature = DigestUtils.md5Hex(username + ":" +
+            tokenExpiryTime + ":" + "N/A" + ":" + getKey());
         return expectedTokenSignature;
     }
 
Index: core/src/main/java/hudson/security/UserMayOrMayNotExistException.java
===================================================================
--- core/src/main/java/hudson/security/UserMayOrMayNotExistException.java (revision 24522)
+++ core/src/main/java/hudson/security/UserMayOrMayNotExistException.java (working copy)
@@ -23,8 +23,8 @@
  */
 package hudson.security;
 
-import org.acegisecurity.userdetails.UsernameNotFoundException;
-import org.acegisecurity.userdetails.UserDetailsService;
+import org.springframework.security.userdetails.UsernameNotFoundException;
+import org.springframework.security.userdetails.UserDetailsService;
 
 /**
  * Thrown from {@link UserDetailsService#loadUserByUsername(String)}
Index: core/src/main/java/hudson/security/AuthenticationManagerProxy.java
===================================================================
--- core/src/main/java/hudson/security/AuthenticationManagerProxy.java (revision 24522)
+++ core/src/main/java/hudson/security/AuthenticationManagerProxy.java (working copy)
@@ -23,10 +23,10 @@
  */
 package hudson.security;
 
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.DisabledException;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.DisabledException;
 
 /**
  * {@link AuthenticationManager} proxy that delegates to another instance.
Index: core/src/main/java/hudson/security/csrf/DefaultCrumbIssuer.java
===================================================================
--- core/src/main/java/hudson/security/csrf/DefaultCrumbIssuer.java (revision 24522)
+++ core/src/main/java/hudson/security/csrf/DefaultCrumbIssuer.java (working copy)
@@ -19,7 +19,7 @@
 
 import net.sf.json.JSONObject;
 
-import org.acegisecurity.Authentication;
+import org.springframework.security.Authentication;
 import org.kohsuke.stapler.StaplerRequest;
 
 /**
Index: core/src/main/java/hudson/security/SparseACL.java
===================================================================
--- core/src/main/java/hudson/security/SparseACL.java (revision 24522)
+++ core/src/main/java/hudson/security/SparseACL.java (working copy)
@@ -23,8 +23,8 @@
  */
 package hudson.security;
 
-import org.acegisecurity.Authentication;
-import org.acegisecurity.acls.sid.Sid;
+import org.springframework.security.Authentication;
+import org.springframework.security.acls.sid.Sid;
 
 import java.util.ArrayList;
 import java.util.List;
Index: core/src/main/java/hudson/security/AuthorizationStrategy.java
===================================================================
--- core/src/main/java/hudson/security/AuthorizationStrategy.java (revision 24522)
+++ core/src/main/java/hudson/security/AuthorizationStrategy.java (working copy)
@@ -45,7 +45,7 @@
 
 import net.sf.json.JSONObject;
 
-import org.acegisecurity.Authentication;
+import org.springframework.security.Authentication;
 import org.kohsuke.stapler.StaplerRequest;
 
 /**
Index: core/src/main/java/hudson/security/HttpSessionContextIntegrationFilter2.java
===================================================================
--- core/src/main/java/hudson/security/HttpSessionContextIntegrationFilter2.java (revision 24522)
+++ core/src/main/java/hudson/security/HttpSessionContextIntegrationFilter2.java (working copy)
@@ -23,9 +23,9 @@
  */
 package hudson.security;
 
-import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
-import org.acegisecurity.context.SecurityContext;
-import org.acegisecurity.Authentication;
+import org.springframework.security.context.HttpSessionContextIntegrationFilter;
+import org.springframework.security.context.SecurityContext;
+import org.springframework.security.Authentication;
 
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
@@ -34,6 +34,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 import java.io.IOException;
+import javax.servlet.http.HttpServletResponse;
 
 /**
  * Erases the {@link SecurityContext} persisted in {@link HttpSession}
@@ -43,26 +44,27 @@
  */
 public class HttpSessionContextIntegrationFilter2 extends HttpSessionContextIntegrationFilter {
     public HttpSessionContextIntegrationFilter2() throws ServletException {
-        setContext(NotSerilizableSecurityContext.class);
+        setContextClass(NotSerilizableSecurityContext.class);
     }
 
-    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
+    @Override
+    public void doFilterHttp(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws IOException, ServletException {
         HttpSession session = ((HttpServletRequest) req).getSession(false);
         if(session!=null) {
-            SecurityContext o = (SecurityContext)session.getAttribute(ACEGI_SECURITY_CONTEXT_KEY);
+            SecurityContext o = (SecurityContext)session.getAttribute(SPRING_SECURITY_CONTEXT_KEY);
             if(o!=null) {
                 Authentication a = o.getAuthentication();
                 if(a!=null) {
                     if (a.getPrincipal() instanceof InvalidatableUserDetails) {
                         InvalidatableUserDetails ud = (InvalidatableUserDetails) a.getPrincipal();
                         if(ud.isInvalid())
-                            // don't let Acegi see invalid security context
-                            session.setAttribute(ACEGI_SECURITY_CONTEXT_KEY,null);
+                            // don't let spring security see invalid security context
+                            session.setAttribute(SPRING_SECURITY_CONTEXT_KEY,null);
                     }
                 }
             }
         }
 
-        super.doFilter(req, res, chain);
+        super.doFilterHttp(req, res, chain);
     }
 }
Index: core/src/main/java/hudson/security/PAMSecurityRealm.java
===================================================================
--- core/src/main/java/hudson/security/PAMSecurityRealm.java (revision 24522)
+++ core/src/main/java/hudson/security/PAMSecurityRealm.java (working copy)
@@ -31,18 +31,18 @@
 import hudson.os.PosixAPI;
 import hudson.util.FormValidation;
 import hudson.util.spring.BeanBuilder;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.BadCredentialsException;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.GrantedAuthorityImpl;
-import org.acegisecurity.providers.AuthenticationProvider;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.User;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.BadCredentialsException;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.providers.AuthenticationProvider;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.userdetails.UsernameNotFoundException;
+import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.User;
 import org.jvnet.libpam.PAM;
 import org.jvnet.libpam.PAMException;
 import org.jvnet.libpam.UnixUser;
Index: core/src/main/java/hudson/security/AccessControlled.java
===================================================================
--- core/src/main/java/hudson/security/AccessControlled.java (revision 24522)
+++ core/src/main/java/hudson/security/AccessControlled.java (working copy)
@@ -23,7 +23,7 @@
  */
 package hudson.security;
 
-import org.acegisecurity.AccessDeniedException;
+import org.springframework.security.AccessDeniedException;
 
 /**
  * Object that has an {@link ACL}
Index: core/src/main/java/hudson/security/SecurityRealm.java
===================================================================
--- core/src/main/java/hudson/security/SecurityRealm.java (revision 24522)
+++ core/src/main/java/hudson/security/SecurityRealm.java (working copy)
@@ -35,17 +35,17 @@
 import hudson.util.DescriptorList;
 import hudson.util.PluginServletFilter;
 import hudson.util.spring.BeanBuilder;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.GrantedAuthorityImpl;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.context.SecurityContext;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.acegisecurity.ui.rememberme.RememberMeServices;
-import static org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.context.SecurityContext;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.ui.rememberme.RememberMeServices;
+import static org.springframework.security.ui.rememberme.TokenBasedRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY;
+import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UsernameNotFoundException;
 import org.kohsuke.stapler.Stapler;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
@@ -226,7 +226,7 @@
         SecurityContextHolder.clearContext();
 
         // reset remember-me cookie
-        Cookie cookie = new Cookie(ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,"");
+        Cookie cookie = new Cookie(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,"");
         cookie.setPath(req.getContextPath().length()>0 ? req.getContextPath() : "/");
         rsp.addCookie(cookie);
 
Index: core/src/main/java/hudson/security/LDAPSecurityRealm.java
===================================================================
--- core/src/main/java/hudson/security/LDAPSecurityRealm.java (revision 24522)
+++ core/src/main/java/hudson/security/LDAPSecurityRealm.java (working copy)
@@ -35,25 +35,22 @@
 import hudson.util.FormValidation;
 import hudson.util.Scrambler;
 import hudson.util.spring.BeanBuilder;
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.AcegiSecurityException;
-import org.acegisecurity.ldap.InitialDirContextFactory;
-import org.acegisecurity.ldap.LdapDataAccessException;
-import org.acegisecurity.ldap.LdapTemplate;
-import org.acegisecurity.ldap.LdapUserSearch;
-import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch;
-import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
-import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
-import org.acegisecurity.userdetails.ldap.LdapUserDetails;
-import org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.SpringSecurityException;
+import org.springframework.security.ldap.LdapDataAccessException;
+import org.springframework.security.ldap.LdapUserSearch;
+import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
+import org.springframework.security.ldap.LdapAuthoritiesPopulator;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.userdetails.UsernameNotFoundException;
+import org.springframework.security.userdetails.ldap.LdapUserDetails;
+import org.springframework.security.userdetails.ldap.LdapUserDetailsImpl;
+import org.springframework.dao.DataAccessException;
+import org.springframework.web.context.WebApplicationContext;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.QueryParameter;
-import org.springframework.dao.DataAccessException;
-import org.springframework.web.context.WebApplicationContext;
 
 import javax.naming.Context;
 import javax.naming.NamingException;
@@ -72,6 +69,10 @@
 import java.util.logging.Logger;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.ldap.SpringSecurityContextSource;
+import org.springframework.security.ldap.SpringSecurityLdapTemplate;
+import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
 
 
 /**
@@ -271,7 +272,7 @@
     /**
      * Created in {@link #createSecurityComponents()}. Can be used to connect to LDAP.
      */
-    private transient LdapTemplate ldapTemplate;
+    private transient SpringSecurityLdapTemplate ldapTemplate;
 
     @DataBoundConstructor
     public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String managerDN, String managerPassword) {
@@ -339,7 +340,7 @@
         builder.parse(Hudson.getInstance().servletContext.getResourceAsStream("/WEB-INF/security/LDAPBindSecurityRealm.groovy"),binding);
         final WebApplicationContext appContext = builder.createApplicationContext();
 
-        ldapTemplate = new LdapTemplate(findBean(InitialDirContextFactory.class, appContext));
+        ldapTemplate = new SpringSecurityLdapTemplate(findBean(SpringSecurityContextSource.class, appContext));
 
         return new SecurityComponents(
             findBean(AuthenticationManager.class, appContext),
@@ -393,18 +394,17 @@
         }
         public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
             try {
-                LdapUserDetails ldapUser = ldapSearch.searchForUser(username);
+                DirContextOperations ldapUser = ldapSearch.searchForUser(username);
                 // LdapUserSearch does not populate granted authorities (group search).
                 // Add those, as done in LdapAuthenticationProvider.createUserDetails().
-                if (ldapUser != null) {
-                    LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence(ldapUser);
-                    GrantedAuthority[] extraAuthorities = authoritiesPopulator.getGrantedAuthorities(ldapUser);
-                    for (int i = 0; i < extraAuthorities.length; i++) {
-                        user.addAuthority(extraAuthorities[i]);
-                    }
-                    ldapUser = user.createUserDetails();
+                if (null == ldapUser)
+                    return null;
+                LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence(ldapUser);
+                GrantedAuthority[] extraAuthorities = authoritiesPopulator.getGrantedAuthorities(ldapUser, username);
+                for (int i = 0; i < extraAuthorities.length; i++) {
+                    user.addAuthority(extraAuthorities[i]);
                 }
-                return ldapUser;
+                return user.createUserDetails();
             } catch (LdapDataAccessException e) {
                 LOGGER.log(Level.WARNING, "Failed to search LDAP for username="+username,e);
                 throw new UserMayOrMayNotExistException(e.getMessage(),e);
@@ -436,7 +436,7 @@
             } catch (NamingException e) {
                 LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address",e);
                 return null;
-            } catch (AcegiSecurityException e) {
+            } catch (SpringSecurityException e) {
                 LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address",e);
                 return null;
             }
@@ -450,15 +450,15 @@
         // Make these available (private in parent class and no get methods!)
         String rolePrefix;
         boolean convertToUpperCase;
-        public AuthoritiesPopulatorImpl(InitialDirContextFactory initialDirContextFactory, String groupSearchBase) {
-            super(initialDirContextFactory, fixNull(groupSearchBase));
+        public AuthoritiesPopulatorImpl(SpringSecurityContextSource springSecurityContextSource, String groupSearchBase) {
+            super(springSecurityContextSource, fixNull(groupSearchBase));
             // These match the defaults in acegi 1.0.5; set again to store in non-private fields:
             setRolePrefix("ROLE_");
             setConvertToUpperCase(true);
         }
 
         @Override
-        protected Set getAdditionalRoles(LdapUserDetails ldapUser) {
+        protected Set getAdditionalRoles(DirContextOperations user, String username) {
             return Collections.singleton(AUTHENTICATED_AUTHORITY);
         }
 
Index: core/src/main/java/hudson/security/UnwrapSecurityExceptionFilter.java
===================================================================
--- core/src/main/java/hudson/security/UnwrapSecurityExceptionFilter.java (revision 24522)
+++ core/src/main/java/hudson/security/UnwrapSecurityExceptionFilter.java (working copy)
@@ -24,8 +24,8 @@
 package hudson.security;
 
 import org.apache.commons.jelly.JellyTagException;
-import org.acegisecurity.AcegiSecurityException;
-import org.acegisecurity.ui.ExceptionTranslationFilter;
+import org.springframework.security.SpringSecurityException;
+import org.springframework.security.ui.ExceptionTranslationFilter;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterConfig;
@@ -54,8 +54,8 @@
             if (t instanceof JellyTagException) {
                 JellyTagException jte = (JellyTagException) t;
                 Throwable cause = jte.getCause();
-                if (cause instanceof AcegiSecurityException) {
-                    AcegiSecurityException se = (AcegiSecurityException) cause;
+                if (cause instanceof SpringSecurityException) {
+                    SpringSecurityException se = (SpringSecurityException) cause;
                     throw new ServletException(se);
                 }
             }
Index: core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java
===================================================================
--- core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java (revision 24522)
+++ core/src/main/java/hudson/security/AccessDeniedHandlerImpl.java (working copy)
@@ -24,8 +24,8 @@
 package hudson.security;
 
 import hudson.model.Hudson;
-import org.acegisecurity.AccessDeniedException;
-import org.acegisecurity.ui.AccessDeniedHandler;
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.ui.AccessDeniedHandler;
 import org.kohsuke.stapler.Stapler;
 
 import javax.servlet.ServletException;
Index: core/src/main/java/hudson/security/InvalidatableUserDetails.java
===================================================================
--- core/src/main/java/hudson/security/InvalidatableUserDetails.java (revision 24522)
+++ core/src/main/java/hudson/security/InvalidatableUserDetails.java (working copy)
@@ -23,9 +23,9 @@
  */
 package hudson.security;
 
-import org.acegisecurity.Authentication;
-import org.acegisecurity.context.SecurityContext;
-import org.acegisecurity.userdetails.UserDetails;
+import org.springframework.security.Authentication;
+import org.springframework.security.context.SecurityContext;
+import org.springframework.security.userdetails.UserDetails;
 
 import javax.servlet.http.HttpSession;
 
Index: core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
===================================================================
--- core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java (revision 24522)
+++ core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java (working copy)
@@ -39,16 +39,16 @@
 import hudson.util.Scrambler;
 import hudson.util.spring.BeanBuilder;
 import net.sf.json.JSONObject;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.acegisecurity.providers.encoding.PasswordEncoder;
-import org.acegisecurity.providers.encoding.ShaPasswordEncoder;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.providers.encoding.PasswordEncoder;
+import org.springframework.security.providers.encoding.ShaPasswordEncoder;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.userdetails.UsernameNotFoundException;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.Stapler;
 import org.kohsuke.stapler.StaplerRequest;
Index: core/src/main/java/hudson/security/UserDetailsServiceProxy.java
===================================================================
--- core/src/main/java/hudson/security/UserDetailsServiceProxy.java (revision 24522)
+++ core/src/main/java/hudson/security/UserDetailsServiceProxy.java (working copy)
@@ -23,9 +23,9 @@
  */
 package hudson.security;
 
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.userdetails.UsernameNotFoundException;
 import org.springframework.dao.DataAccessException;
 
 /**
Index: core/src/main/java/hudson/security/LegacyAuthorizationStrategy.java
===================================================================
--- core/src/main/java/hudson/security/LegacyAuthorizationStrategy.java (revision 24522)
+++ core/src/main/java/hudson/security/LegacyAuthorizationStrategy.java (working copy)
@@ -26,7 +26,7 @@
 import hudson.model.Descriptor;
 import hudson.model.Hudson;
 import hudson.Extension;
-import org.acegisecurity.acls.sid.GrantedAuthoritySid;
+import org.springframework.security.acls.sid.GrantedAuthoritySid;
 import org.kohsuke.stapler.StaplerRequest;
 import net.sf.json.JSONObject;
 
Index: core/src/main/java/hudson/security/AccessDeniedException2.java
===================================================================
--- core/src/main/java/hudson/security/AccessDeniedException2.java (revision 24522)
+++ core/src/main/java/hudson/security/AccessDeniedException2.java (working copy)
@@ -1,7 +1,7 @@
 package hudson.security;
 
-import org.acegisecurity.AccessDeniedException;
-import org.acegisecurity.Authentication;
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.Authentication;
 
 /**
  * {@link AccessDeniedException} with more information.
Index: core/src/main/java/hudson/security/LegacySecurityRealm.java
===================================================================
--- core/src/main/java/hudson/security/LegacySecurityRealm.java (revision 24522)
+++ core/src/main/java/hudson/security/LegacySecurityRealm.java (working copy)
@@ -23,9 +23,9 @@
  */
 package hudson.security;
 
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationException;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationException;
 import org.springframework.web.context.WebApplicationContext;
 import org.kohsuke.stapler.StaplerRequest;
 import groovy.lang.Binding;
Index: core/src/main/java/hudson/security/ContainerAuthentication.java
===================================================================
--- core/src/main/java/hudson/security/ContainerAuthentication.java (revision 24522)
+++ core/src/main/java/hudson/security/ContainerAuthentication.java (working copy)
@@ -23,9 +23,9 @@
  */
 package hudson.security;
 
-import org.acegisecurity.Authentication;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.GrantedAuthorityImpl;
+import org.springframework.security.Authentication;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.GrantedAuthorityImpl;
 
 import javax.servlet.http.HttpServletRequest;
 import java.security.Principal;
Index: core/src/main/java/hudson/security/NotSerilizableSecurityContext.java
===================================================================
--- core/src/main/java/hudson/security/NotSerilizableSecurityContext.java (revision 24522)
+++ core/src/main/java/hudson/security/NotSerilizableSecurityContext.java (working copy)
@@ -14,10 +14,10 @@
  */
 package hudson.security;
 
-import org.acegisecurity.context.SecurityContext;
-import org.acegisecurity.context.SecurityContextImpl;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.userdetails.UserDetails;
+import org.springframework.security.context.SecurityContext;
+import org.springframework.security.context.SecurityContextImpl;
+import org.springframework.security.Authentication;
+import org.springframework.security.userdetails.UserDetails;
 
 import javax.servlet.http.HttpSession;
 
Index: core/src/main/java/hudson/security/RememberMeServicesProxy.java
===================================================================
--- core/src/main/java/hudson/security/RememberMeServicesProxy.java (revision 24522)
+++ core/src/main/java/hudson/security/RememberMeServicesProxy.java (working copy)
@@ -23,8 +23,8 @@
  */
 package hudson.security;
 
-import org.acegisecurity.ui.rememberme.RememberMeServices;
-import org.acegisecurity.Authentication;
+import org.springframework.security.ui.rememberme.RememberMeServices;
+import org.springframework.security.Authentication;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
Index: core/src/main/java/hudson/security/BasicAuthenticationFilter.java
===================================================================
--- core/src/main/java/hudson/security/BasicAuthenticationFilter.java (revision 24522)
+++ core/src/main/java/hudson/security/BasicAuthenticationFilter.java (working copy)
@@ -25,10 +25,7 @@
 
 import hudson.model.Hudson;
 import hudson.util.Scrambler;
-import org.acegisecurity.GrantedAuthorityImpl;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.kohsuke.stapler.StaplerRequest;
-import org.kohsuke.stapler.StaplerResponse;
+import org.springframework.security.context.SecurityContextHolder;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -147,22 +144,6 @@
         d.include(req,rsp);
     }
 
-    //public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-    //    HttpServletRequest req = (HttpServletRequest) request;
-    //    String authorization = req.getHeader("Authorization");
-    //
-    //    String path = req.getServletPath();
-    //    if(authorization==null || req.getUserPrincipal()!=null || path.startsWith("/secured/")) {
-    //        chain.doFilter(request,response);
-    //    } else {
-    //        if(req.getQueryString()!=null)
-    //            path += req.getQueryString();
-    //        ((HttpServletResponse)response).sendRedirect(req.getContextPath()+"/secured"+path);
-    //    }
-    //}
-
     public void destroy() {
     }
-
-    private static final GrantedAuthorityImpl[] EMPTY_AUTHORITIES = {new GrantedAuthorityImpl("")};
 }
Index: core/src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java
===================================================================
--- core/src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java (revision 24522)
+++ core/src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java (working copy)
@@ -37,8 +37,8 @@
 import hudson.Functions;
 import hudson.Extension;
 import net.sf.json.JSONObject;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
-import org.acegisecurity.acls.sid.Sid;
+import org.springframework.security.userdetails.UsernameNotFoundException;
+import org.springframework.security.acls.sid.Sid;
 import org.kohsuke.stapler.Stapler;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.QueryParameter;
Index: core/src/main/java/hudson/security/AuthorizationMatrixProperty.java
===================================================================
--- core/src/main/java/hudson/security/AuthorizationMatrixProperty.java (revision 24522)
+++ core/src/main/java/hudson/security/AuthorizationMatrixProperty.java (working copy)
@@ -47,7 +47,7 @@
 
 import net.sf.json.JSONObject;
 
-import org.acegisecurity.acls.sid.Sid;
+import org.springframework.security.acls.sid.Sid;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.QueryParameter;
 import org.kohsuke.stapler.AncestorInPath;
Index: core/src/main/java/hudson/security/HudsonAuthenticationEntryPoint.java
===================================================================
--- core/src/main/java/hudson/security/HudsonAuthenticationEntryPoint.java (revision 24522)
+++ core/src/main/java/hudson/security/HudsonAuthenticationEntryPoint.java (working copy)
@@ -23,8 +23,8 @@
  */
 package hudson.security;
 
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint;
 
 import javax.servlet.ServletException;
 import javax.servlet.ServletOutputStream;
Index: core/src/main/java/hudson/security/DeferredCreationLdapAuthoritiesPopulator.java
===================================================================
--- core/src/main/java/hudson/security/DeferredCreationLdapAuthoritiesPopulator.java (revision 24522)
+++ core/src/main/java/hudson/security/DeferredCreationLdapAuthoritiesPopulator.java (working copy)
@@ -26,12 +26,12 @@
  */
 package hudson.security;
 
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.ldap.InitialDirContextFactory;
-import org.acegisecurity.ldap.LdapDataAccessException;
-import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
-import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator;
-import org.acegisecurity.userdetails.ldap.LdapUserDetails;
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.ldap.InitialDirContextFactory;
+import org.springframework.security.ldap.LdapAuthoritiesPopulator;
+import org.springframework.security.ldap.SpringSecurityContextSource;
+import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
 import hudson.security.SecurityRealm.SecurityComponents;
 
 /**
@@ -55,7 +55,7 @@
      * An initial context factory is only required if searching for groups is
      * required.
      */
-    private InitialDirContextFactory initialDirContextFactory = null;
+    private SpringSecurityContextSource contextSource = null;
 
     /**
      * Controls used to determine whether group searches should be performed
@@ -86,21 +86,20 @@
     /**
      * Constructor.
      *
-     * @param initialDirContextFactory
+     * @param contextSource
      *            supplies the contexts used to search for user roles.
      * @param groupSearchBase
      *            if this is an empty string the search will be performed from
      *            the root DN of the context factory.
      */
     public DeferredCreationLdapAuthoritiesPopulator(
-            InitialDirContextFactory initialDirContextFactory, String groupSearchBase) {
-        this.setInitialDirContextFactory(initialDirContextFactory);
+            SpringSecurityContextSource sprintSecurityContextSource, String groupSearchBase) {
+        this.setSpringSecurityContextSource(sprintSecurityContextSource);
         this.setGroupSearchBase(groupSearchBase);
     }
 
-    public GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails)
-            throws LdapDataAccessException {
-        return create().getGrantedAuthorities(userDetails);
+    public GrantedAuthority[] getGrantedAuthorities(DirContextOperations userData, String username) {
+        return create().getGrantedAuthorities(userData, username);
     }
 
     public void setConvertToUpperCase(boolean convertToUpperCase) {
@@ -123,8 +122,8 @@
         this.groupSearchFilter = groupSearchFilter;
     }
 
-    public void setInitialDirContextFactory(InitialDirContextFactory initialDirContextFactory) {
-        this.initialDirContextFactory = initialDirContextFactory;
+    public void setSpringSecurityContextSource(SpringSecurityContextSource initialDirContextFactory) {
+        this.contextSource = initialDirContextFactory;
     }
 
     public void setRolePrefix(String rolePrefix) {
@@ -142,7 +141,7 @@
      */
     private DefaultLdapAuthoritiesPopulator create() {
         DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(
-                initialDirContextFactory, groupSearchBase);
+                contextSource, groupSearchBase);
         populator.setConvertToUpperCase(convertToUpperCase);
         if (defaultRole != null) {
             populator.setDefaultRole(defaultRole);
@@ -154,4 +153,5 @@
         return populator;
     }
 
+
 }
Index: core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java
===================================================================
--- core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java (revision 24522)
+++ core/src/main/java/hudson/security/AbstractPasswordBasedSecurityRealm.java (working copy)
@@ -4,13 +4,13 @@
 import hudson.model.Hudson;
 import hudson.tasks.MailAddressResolver;
 import hudson.util.spring.BeanBuilder;
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.userdetails.UsernameNotFoundException;
 import org.springframework.dao.DataAccessException;
 import org.springframework.web.context.WebApplicationContext;
 
Index: core/src/main/java/hudson/util/FormFieldValidator.java
===================================================================
--- core/src/main/java/hudson/util/FormFieldValidator.java (revision 24522)
+++ core/src/main/java/hudson/util/FormFieldValidator.java (working copy)
@@ -46,7 +46,7 @@
 
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
-import org.acegisecurity.AccessDeniedException;
+import org.springframework.security.AccessDeniedException;
 import org.kohsuke.stapler.Stapler;
 
 /**
Index: core/src/main/java/hudson/model/MyViewsProperty.java
===================================================================
--- core/src/main/java/hudson/model/MyViewsProperty.java (revision 24522)
+++ core/src/main/java/hudson/model/MyViewsProperty.java (working copy)
@@ -44,7 +44,7 @@
 
 import net.sf.json.JSONObject;
 
-import org.acegisecurity.AccessDeniedException;
+import org.springframework.security.AccessDeniedException;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.HttpRedirect;
 import org.kohsuke.stapler.HttpResponse;
Index: core/src/main/java/hudson/model/Hudson.java
===================================================================
--- core/src/main/java/hudson/model/Hudson.java (revision 24522)
+++ core/src/main/java/hudson/model/Hudson.java (working copy)
@@ -126,14 +126,14 @@
 import hudson.util.IOUtils;
 import hudson.widgets.Widget;
 import net.sf.json.JSONObject;
-import org.acegisecurity.AccessDeniedException;
-import org.acegisecurity.AcegiSecurityException;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.GrantedAuthorityImpl;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
-import org.acegisecurity.ui.AbstractProcessingFilter;
+import org.springframework.security.AccessDeniedException;
+import org.springframework.security.SpringSecurityException;
+import org.springframework.security.Authentication;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
+import org.springframework.security.ui.AbstractProcessingFilter;
 import org.apache.commons.jelly.JellyException;
 import org.apache.commons.jelly.Script;
 import org.apache.commons.logging.LogFactory;
@@ -1755,7 +1755,7 @@
             }
         } catch (ServletException e) {
             // for binary compatibility, this method cannot throw a checked exception
-            throw new AcegiSecurityException("Failed to configure filter",e) {};
+            throw new SpringSecurityException("Failed to configure filter",e) {};
         }
     }
 
@@ -2669,7 +2669,7 @@
             return;
         }
 
-        String url = AbstractProcessingFilter.obtainFullRequestUrl(req);
+        String url = AbstractProcessingFilter.obtainFullSavedRequestUrl(req);
         if(url!=null) {
             // if the login redirect is initiated by Acegi
             // this should send the user back to where s/he was from.
Index: core/src/main/java/hudson/model/AsyncPeriodicWork.java
===================================================================
--- core/src/main/java/hudson/model/AsyncPeriodicWork.java (revision 24522)
+++ core/src/main/java/hudson/model/AsyncPeriodicWork.java (working copy)
@@ -9,7 +9,7 @@
 import java.io.IOException;
 import java.util.logging.Level;
 
-import org.acegisecurity.context.SecurityContextHolder;
+import org.springframework.security.context.SecurityContextHolder;
 
 /**
  * {@link PeriodicWork} that takes a long time to run.
Index: core/src/main/java/hudson/model/UpdateCenter.java
===================================================================
--- core/src/main/java/hudson/model/UpdateCenter.java (revision 24522)
+++ core/src/main/java/hudson/model/UpdateCenter.java (working copy)
@@ -42,7 +42,7 @@
 import hudson.util.IOException2;
 import hudson.util.PersistedList;
 import hudson.util.XStream2;
-import org.acegisecurity.Authentication;
+import org.springframework.security.Authentication;
 import org.apache.commons.io.input.CountingInputStream;
 import org.apache.commons.io.output.NullOutputStream;
 import org.kohsuke.stapler.StaplerResponse;
Index: core/src/main/java/hudson/model/User.java
===================================================================
--- core/src/main/java/hudson/model/User.java (revision 24522)
+++ core/src/main/java/hudson/model/User.java (working copy)
@@ -39,8 +39,8 @@
 import hudson.util.XStream2;
 import net.sf.json.JSONObject;
 
-import org.acegisecurity.Authentication;
-import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
+import org.springframework.security.Authentication;
+import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
 import org.kohsuke.stapler.export.Exported;
Index: core/src/main/java/hudson/model/Queue.java
===================================================================
--- core/src/main/java/hudson/model/Queue.java (revision 24522)
+++ core/src/main/java/hudson/model/Queue.java (working copy)
@@ -75,7 +75,7 @@
 import javax.management.timer.Timer;
 import javax.servlet.ServletException;
 
-import org.acegisecurity.AccessDeniedException;
+import org.springframework.security.AccessDeniedException;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
 import org.kohsuke.stapler.export.Exported;
Index: core/src/main/java/hudson/model/Executor.java
===================================================================
--- core/src/main/java/hudson/model/Executor.java (revision 24522)
+++ core/src/main/java/hudson/model/Executor.java (working copy)
@@ -33,7 +33,7 @@
 import org.kohsuke.stapler.StaplerResponse;
 import org.kohsuke.stapler.export.ExportedBean;
 import org.kohsuke.stapler.export.Exported;
-import org.acegisecurity.context.SecurityContextHolder;
+import org.springframework.security.context.SecurityContextHolder;
 
 import javax.servlet.ServletException;
 import java.io.IOException;
Index: core/src/main/java/hudson/cli/CliManagerImpl.java
===================================================================
--- core/src/main/java/hudson/cli/CliManagerImpl.java (revision 24522)
+++ core/src/main/java/hudson/cli/CliManagerImpl.java (working copy)
@@ -25,8 +25,8 @@
 
 import hudson.remoting.Channel;
 import hudson.model.Hudson;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.context.SecurityContextHolder;
+import org.springframework.security.Authentication;
+import org.springframework.security.context.SecurityContextHolder;
 import org.apache.commons.discovery.resource.ClassLoaders;
 import org.apache.commons.discovery.resource.classes.DiscoverClasses;
 import org.apache.commons.discovery.resource.names.DiscoverServiceNames;
Index: core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator2.java
===================================================================
--- core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator2.java (revision 24493)
+++ core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator2.java (working copy)
@@ -1,62 +0,0 @@
-/*
- * The MIT License
- *
- * Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-package org.acegisecurity.providers.ldap.authenticator;
-
-import org.acegisecurity.ldap.InitialDirContextFactory;
-import org.acegisecurity.userdetails.ldap.LdapUserDetails;
-
-import java.util.logging.Logger;
-import java.util.logging.Level;
-
-/**
- * {@link BindAuthenticator} with improved diagnostics.
- *
- * @author Kohsuke Kawaguchi
- */
-public class BindAuthenticator2 extends BindAuthenticator {
-    /**
-     * If we ever had a successful authentication,
-     */
-    private boolean hadSuccessfulAuthentication;
-
-    public BindAuthenticator2(InitialDirContextFactory initialDirContextFactory) {
-        super(initialDirContextFactory);
-    }
-
-    @Override
-    public LdapUserDetails authenticate(String username, String password) {
-        LdapUserDetails user = super.authenticate(username, password);
-        hadSuccessfulAuthentication = true;
-        return user;
-    }
-
-    @Override
-    void handleBindException(String userDn, String username, Throwable cause) {
-        LOGGER.log(hadSuccessfulAuthentication? Level.FINE : Level.WARNING,
-            "Failed to bind to LDAP: userDn"+userDn+"  username="+username,cause);
-        super.handleBindException(userDn, username, cause);
-    }
-
-    private static final Logger LOGGER = Logger.getLogger(BindAuthenticator2.class.getName());
-}
Index: core/src/main/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticator2.java
===================================================================
--- core/src/main/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticator2.java (revision 0)
+++ core/src/main/java/org/springframework/security/providers/ldap/authenticator/BindAuthenticator2.java (working copy)
@@ -21,10 +21,11 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
-package org.acegisecurity.providers.ldap.authenticator;
+package org.springframework.security.providers.ldap.authenticator;
 
-import org.acegisecurity.ldap.InitialDirContextFactory;
-import org.acegisecurity.userdetails.ldap.LdapUserDetails;
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.Authentication;
+import org.springframework.security.ldap.SpringSecurityContextSource;
 
 import java.util.logging.Logger;
 import java.util.logging.Level;
@@ -40,19 +41,19 @@
      */
     private boolean hadSuccessfulAuthentication;
 
-    public BindAuthenticator2(InitialDirContextFactory initialDirContextFactory) {
+    public BindAuthenticator2(SpringSecurityContextSource initialDirContextFactory) {
         super(initialDirContextFactory);
     }
 
     @Override
-    public LdapUserDetails authenticate(String username, String password) {
-        LdapUserDetails user = super.authenticate(username, password);
+    public DirContextOperations authenticate(Authentication authentication) {
+        DirContextOperations user = super.authenticate(authentication);
         hadSuccessfulAuthentication = true;
         return user;
     }
 
     @Override
-    void handleBindException(String userDn, String username, Throwable cause) {
+    protected void handleBindException(String userDn, String username, Throwable cause) {
         LOGGER.log(hadSuccessfulAuthentication? Level.FINE : Level.WARNING,
             "Failed to bind to LDAP: userDn"+userDn+"  username="+username,cause);
         super.handleBindException(userDn, username, cause);
Index: core/pom.xml
===================================================================
--- core/pom.xml (revision 24522)
+++ core/pom.xml (working copy)
@@ -560,21 +560,6 @@
       <version>1.1-hudson-20090709</version>
     </dependency>
     <dependency>
-      <groupId>org.acegisecurity</groupId>
-      <artifactId>acegi-security</artifactId>
-      <version>1.0.5</version>
-      <exclusions>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-remoting</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-support</artifactId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
       <groupId>org.codehaus.groovy</groupId>
       <artifactId>groovy-all</artifactId>
       <version>1.6.0</version>
@@ -749,6 +734,36 @@
       <scope>system</scope>
       <systemPath>/usr/local/yjp/lib/yjp.jar</systemPath>
     </dependency-->
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-acl</artifactId>
+      <version>2.0.5.RELEASE</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-core-tiger</artifactId>
+      <version>2.0.5.RELEASE</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-core</artifactId>
+      <version>2.0.5.RELEASE</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-taglibs</artifactId>
+      <version>2.0.5.RELEASE</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-openid</artifactId>
+      <version>2.0.5.RELEASE</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.ldap</groupId>
+      <artifactId>spring-ldap-core</artifactId>
+      <version>1.3.0.RELEASE</version>
+    </dependency>
   </dependencies>
 
   <reporting>
@@ -767,7 +782,15 @@
         <configuration>
           <dependencyLocationsEnabled>false</dependencyLocationsEnabled>
         </configuration>
-      </plugin>
+      </plugin>
     </plugins>
   </reporting>
 </project>
+
+
+
+
+
+
+
+
Index: war/resources/WEB-INF/security/AbstractPasswordBasedSecurityRealm.groovy
===================================================================
--- war/resources/WEB-INF/security/AbstractPasswordBasedSecurityRealm.groovy (revision 24522)
+++ war/resources/WEB-INF/security/AbstractPasswordBasedSecurityRealm.groovy (working copy)
@@ -24,13 +24,13 @@
 /*
     Configure Hudson's own user database as the authentication realm.
 */
-import org.acegisecurity.providers.ProviderManager
+import org.springframework.security.providers.ProviderManager
 import hudson.security.HudsonPrivateSecurityRealm.HudsonUserDetailsService
-import org.acegisecurity.providers.dao.DaoAuthenticationProvider
-import org.acegisecurity.providers.dao.salt.SystemWideSaltSource
-import org.acegisecurity.providers.encoding.ShaPasswordEncoder
-import org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider
-import org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider
+import org.springframework.security.providers.dao.DaoAuthenticationProvider
+import org.springframework.security.providers.dao.salt.SystemWideSaltSource
+import org.springframework.security.providers.encoding.ShaPasswordEncoder
+import org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider
+import org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider
 import hudson.model.Hudson
 
 authenticationManager(ProviderManager) {
Index: war/resources/WEB-INF/security/SecurityFilters.groovy
===================================================================
--- war/resources/WEB-INF/security/SecurityFilters.groovy (revision 24522)
+++ war/resources/WEB-INF/security/SecurityFilters.groovy (working copy)
@@ -32,11 +32,11 @@
 import hudson.security.ChainedServletFilter
 import hudson.security.UnwrapSecurityExceptionFilter
 import hudson.security.HudsonAuthenticationEntryPoint
-import org.acegisecurity.providers.anonymous.AnonymousProcessingFilter
-import org.acegisecurity.ui.ExceptionTranslationFilter
-import org.acegisecurity.ui.basicauth.BasicProcessingFilter
-import org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint
-import org.acegisecurity.ui.rememberme.RememberMeProcessingFilter
+import org.springframework.security.providers.anonymous.AnonymousProcessingFilter
+import org.springframework.security.ui.ExceptionTranslationFilter
+import org.springframework.security.ui.basicauth.BasicProcessingFilter
+import org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint
+import org.springframework.security.ui.rememberme.RememberMeProcessingFilter
 import hudson.security.HttpSessionContextIntegrationFilter2
 
 // providers that apply to both patterns
@@ -44,7 +44,7 @@
     return [
         bean(AnonymousProcessingFilter) {
             key = "anonymous" // must match with the AnonymousProvider
-            userAttribute = "anonymous,"
+            userAttribute = "anonymous,ROLE_ANONYMOUS" //password, attributes
         },
         bean(ExceptionTranslationFilter) {
             accessDeniedHandler = new AccessDeniedHandlerImpl()
@@ -95,4 +95,4 @@
     // when using container-authentication we can't hit /login directly.
     // we first have to hit protected /loginEntry, then let the container
     // trap that into /login.
-}
\ No newline at end of file
+}
Index: war/resources/WEB-INF/security/HudsonPrivateSecurityRealm.groovy
===================================================================
--- war/resources/WEB-INF/security/HudsonPrivateSecurityRealm.groovy (revision 24522)
+++ war/resources/WEB-INF/security/HudsonPrivateSecurityRealm.groovy (working copy)
@@ -24,13 +24,13 @@
 /*
     Configure Hudson's own user database as the authentication realm.
 */
-import org.acegisecurity.providers.ProviderManager
+import org.springframework.security.providers.ProviderManager
 import hudson.security.HudsonPrivateSecurityRealm.HudsonUserDetailsService
-import org.acegisecurity.providers.dao.DaoAuthenticationProvider
-import org.acegisecurity.providers.dao.salt.SystemWideSaltSource
-import org.acegisecurity.providers.encoding.ShaPasswordEncoder
-import org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider
-import org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider
+import org.springframework.security.providers.dao.DaoAuthenticationProvider
+import org.springframework.security.providers.dao.salt.SystemWideSaltSource
+import org.springframework.security.providers.encoding.ShaPasswordEncoder
+import org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider
+import org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider
 import hudson.model.Hudson
 
 
Index: war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy
===================================================================
--- war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy (revision 24522)
+++ war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy (working copy)
@@ -21,13 +21,13 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
-import org.acegisecurity.providers.ProviderManager
-import org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider
-import org.acegisecurity.providers.ldap.LdapAuthenticationProvider
-import org.acegisecurity.providers.ldap.authenticator.BindAuthenticator2
-import org.acegisecurity.ldap.DefaultInitialDirContextFactory
-import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch
-import org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider
+import org.springframework.security.providers.ProviderManager
+import org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider
+import org.springframework.security.providers.ldap.LdapAuthenticationProvider
+import org.springframework.security.providers.ldap.authenticator.BindAuthenticator2
+import org.springframework.security.ldap.DefaultInitialDirContextFactory
+import org.springframework.security.ldap.search.FilterBasedLdapUserSearch
+import org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider
 import hudson.model.Hudson
 import hudson.security.LDAPSecurityRealm.AuthoritiesPopulatorImpl
 import hudson.Util
Index: war/resources/WEB-INF/security/PAMSecurityRealm.groovy
===================================================================
--- war/resources/WEB-INF/security/PAMSecurityRealm.groovy (revision 24522)
+++ war/resources/WEB-INF/security/PAMSecurityRealm.groovy (working copy)
@@ -25,10 +25,10 @@
     Configure Unix authentication realm.
     The 'instance' object refers to the instance of PAMSecurityRealm.
 */
-import org.acegisecurity.providers.ProviderManager
+import org.springframework.security.providers.ProviderManager
 import hudson.security.PAMSecurityRealm.PAMAuthenticationProvider
-import org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider
-import org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider
+import org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider
+import org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider
 import hudson.model.Hudson
 
 authenticationManager(ProviderManager) {

signature.asc (268 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: upgrade to spring security 2.0.5 from acegisecurity

Robert Collins
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert Collins wrote:

> I'd like a little confirmation that this works for others, and then I'll
> land it, as its 99% mechanical I think its fairly low risk.


I should note that this doesn't cleanup all use of deprecated methods,
nor does it start using a DelegatingFilterProxy - I don't know enough
yet to predict the impact of adding that, and Hudson seems to have
rolled its own dynamic facilities similar to those that have made
spring-security nicer the acegi in the first place.

- -Rob
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAksgWUoACgkQ42zgmrPGrq5TSACgsNdES5CokKvZXI3RBIPb9eev
HrkAoM7hm5/6s0BlaUppagXTBDXX7/4a
=B7Se
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: upgrade to spring security 2.0.5 from acegisecurity

Robert Collins
In reply to this post by Robert Collins
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert Collins wrote:
> I'd like a little confirmation that this works for others, and then I'll
> land it, as its 99% mechanical I think its fairly low risk.

One last (heh, I hope) note - looks like the API break that acegi
security did from 1.0.7 to 2.0.0 will impact plugins, as plugins import
the acegi types directly (e.g. active_directory).

I'm not sure how best to handle this - land a patch at the same time
presumably, but how to both stop users that are using 1.336 (or whatever
version is the last acegi version) installing an auth plugin that needs
1.337 and stop users of 1.337 installing a plugin that hasn't been updated?

- -Rob
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAksgbKIACgkQ42zgmrPGrq7CigCfV3V6piVnH07AM+Q3KMhIPWDM
uGUAnjW4V1StXOeIOUwT0q1nE8cb0TmM
=eMLK
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: upgrade to spring security 2.0.5 from acegisecurity

Alan Harder-2
yes, need to consider plugin compatibility.

My feedback on the patch:
- You can remove all the blank lines at the bottom of core/pom.xml
- I successfully logged in with HudsonPrivate and LDAP security realms.
- remember-me with LDAP did NOT work, got this:

java.lang.IllegalArgumentException: username must not be null
        at org.springframework.util.Assert.notNull(Assert.java:112)
        at org.springframework.security.userdetails.ldap.LdapUserDetailsImpl$Essence.createUserDetails(LdapUserDetailsImpl.java:181)
        at hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:407)
        at org.springframework.security.ui.rememberme.TokenBasedRememberMeServices.processAutoLoginCookie(TokenBasedRememberMeServices.java:112)
        at org.springframework.security.ui.rememberme.AbstractRememberMeServices.autoLogin(AbstractRememberMeServices.java:85)
        at org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:74)
        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)

- I do not use, so I did not test, LDAP groups.. would be good to verify
  that works, and the default settings for role-prefix and convert-to-uppercase.
  I added some help about this in core/src/main/resources/hudson/security/GlobalMatrixAuthorizationStrategy/help-user-group.html
  so this should be updated if 2.0.5 has different default behavior.

Thanks,

        - Alan






Robert Collins wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Robert Collins wrote:
>  
>> I'd like a little confirmation that this works for others, and then I'll
>> land it, as its 99% mechanical I think its fairly low risk.
>>    
>
> One last (heh, I hope) note - looks like the API break that acegi
> security did from 1.0.7 to 2.0.0 will impact plugins, as plugins import
> the acegi types directly (e.g. active_directory).
>
> I'm not sure how best to handle this - land a patch at the same time
> presumably, but how to both stop users that are using 1.336 (or whatever
> version is the last acegi version) installing an auth plugin that needs
> 1.337 and stop users of 1.337 installing a plugin that hasn't been updated?
>
> - -Rob
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAksgbKIACgkQ42zgmrPGrq7CigCfV3V6piVnH07AM+Q3KMhIPWDM
> uGUAnjW4V1StXOeIOUwT0q1nE8cb0TmM
> =eMLK
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>  


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

attn: authentication plugin authors Re: upgrade to spring security 2.0.5 from acegisecurity

Robert Collins
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alan Harder wrote:
> yes, need to consider plugin compatibility.

Doing a patch to batch update them shouldn't be hard. I'm fiddling with
an openid plugin now based on this upgrade patch.

However, it would be a good idea for plugin authors to test their
plugins - e.g. active directory, sfee etc support.

> My feedback on the patch:
> - You can remove all the blank lines at the bottom of core/pom.xml

heh, thats probably netbeans; will fix.

> - I successfully logged in with HudsonPrivate and LDAP security realms.

Great.

> - remember-me with LDAP did NOT work, got this:
>
> java.lang.IllegalArgumentException: username must not be null
>     at org.springframework.util.Assert.notNull(Assert.java:112)
>     at
> org.springframework.security.userdetails.ldap.LdapUserDetailsImpl$Essence.createUserDetails(LdapUserDetailsImpl.java:181)
>
>     at
> hudson.security.LDAPSecurityRealm$LDAPUserDetailsService.loadUserByUsername(LDAPSecurityRealm.java:407)
>
>     at
> org.springframework.security.ui.rememberme.TokenBasedRememberMeServices.processAutoLoginCookie(TokenBasedRememberMeServices.java:112)
>
>     at
> org.springframework.security.ui.rememberme.AbstractRememberMeServices.autoLogin(AbstractRememberMeServices.java:85)
>
>     at
> org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:74)
>
>     at
> org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)

That suggests something glitching in
org.springframework.security.ui.rememberme.TokenBasedRememberMeServices.processAutoLoginCookie(TokenBasedRememberMeServices.java:112)
to me. Perhaps the cookie format changed or some such ?

> - I do not use, so I did not test, LDAP groups.. would be good to verify
>  that works, and the default settings for role-prefix and
> convert-to-uppercase.
>  I added some help about this in
> core/src/main/resources/hudson/security/GlobalMatrixAuthorizationStrategy/help-user-group.html

AFAICT this should be the same.

- -Rob
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAksgrzIACgkQ42zgmrPGrq683ACgwhtgp/dHMxDKqM92Ab+5iO2c
ds0AoLJqL9W9bjfUmmHmtxgZOjIo9lIf
=Z7NH
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: upgrade to spring security 2.0.5 from acegisecurity

Kohsuke Kawaguchi
Administrator
In reply to this post by Robert Collins
Hmm, impact to plugins are rather problematic. Generally, we need to
retain binary compatibility with existing plugins out there.

Patching them concurrently doesn't really help users, as they don't
update in sync. Plus there are plugins people have developed in house
that we can't change.

2009/12/9 Robert Collins <[hidden email]>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Robert Collins wrote:
>> I'd like a little confirmation that this works for others, and then I'll
>> land it, as its 99% mechanical I think its fairly low risk.
>
> One last (heh, I hope) note - looks like the API break that acegi
> security did from 1.0.7 to 2.0.0 will impact plugins, as plugins import
> the acegi types directly (e.g. active_directory).
>
> I'm not sure how best to handle this - land a patch at the same time
> presumably, but how to both stop users that are using 1.336 (or whatever
> version is the last acegi version) installing an auth plugin that needs
> 1.337 and stop users of 1.337 installing a plugin that hasn't been updated?
>
> - -Rob
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAksgbKIACgkQ42zgmrPGrq7CigCfV3V6piVnH07AM+Q3KMhIPWDM
> uGUAnjW4V1StXOeIOUwT0q1nE8cb0TmM
> =eMLK
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>



--
Kohsuke Kawaguchi

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: upgrade to spring security 2.0.5 from acegisecurity

Robert Collins
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kohsuke Kawaguchi wrote:
> Hmm, impact to plugins are rather problematic. Generally, we need to
> retain binary compatibility with existing plugins out there.
>
> Patching them concurrently doesn't really help users, as they don't
> update in sync. Plus there are plugins people have developed in house
> that we can't change.

Any suggestions then ? Spring security is about to release 3.0 - 1.0.5
is very old, and its going to get progressively harder to utilise newer
features.

I guess we could look at all the acegi things that are imported by known
plugins, and ship a stub forwarding version of acegi that forwards to
the new spring versions ?

Rob
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkshZN8ACgkQ42zgmrPGrq5X2ACgj1wIV+42f2E2DFaf5QqxgEXP
xjMAoKNXLBpyae6WAujIrvjaOqO/gnqW
=1Cje
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: upgrade to spring security 2.0.5 from acegisecurity

Kohsuke Kawaguchi-2
Robert Collins wrote:

> Kohsuke Kawaguchi wrote:
>> Hmm, impact to plugins are rather problematic. Generally, we need to
>> retain binary compatibility with existing plugins out there.
>
>> Patching them concurrently doesn't really help users, as they don't
>> update in sync. Plus there are plugins people have developed in house
>> that we can't change.
>
> Any suggestions then ? Spring security is about to release 3.0 - 1.0.5
> is very old, and its going to get progressively harder to utilise newer
> features.

Normally this means we just can't upgrade to more recent versions of
Spring Security. I looked at what's new in Spring Security 2.0 [1], and
I don't think the list is convincing enough for the widespread binary
incompatibility, which affects such things like the Authentication
interface, which is used in plugins that merely perform authorization,
in addition to plugins that add a new security realm, etc. In my mind
it's way too disruptive.

OpenID support can be either backported, or we can use openid4java.


Now, I looked at the patch, and I see that most of the changes are
basically package renaming changes. So if we really badly want to
upgrade, perhaps we can tweak our ClassLoader implementation so that we
rename references to Acegi by references to SpringSecurity by some
mechanical class name translation.

In some places I see more substantial changes, like
AbstractProcessingFilter.obtainFullRequestUrl ->
AbstractProcessingFilter.obtainFullSavedRequestUrl, so maybe this is
intractable.

I'm sorry to say this, but from what I've seen so far, I don't think
we'll be upgrading. Also, I haven't seen what's new in 3.0. Is 3.0
another backward incompatible change?

> I guess we could look at all the acegi things that are imported by known
> plugins, and ship a stub forwarding version of acegi that forwards to
> the new spring versions ?

If this can be made to work, that's fine, but given that SPIs go both
ways, I suspect this is also practical intractable.


[1] http://www.acegisecurity.org/
--
Kohsuke Kawaguchi
Sun Microsystems                   http://weblogs.java.net/blog/kohsuke/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: upgrade to spring security 2.0.5 from acegisecurity

Robert Collins
On Mon, 2009-12-14 at 08:43 -0800, Kohsuke Kawaguchi wrote:
>
> Normally this means we just can't upgrade to more recent versions of
> Spring Security. I looked at what's new in Spring Security 2.0 [1],
> and
> I don't think the list is convincing enough for the widespread binary
> incompatibility, which affects such things like the Authentication
> interface, which is used in plugins that merely perform authorization,
> in addition to plugins that add a new security realm, etc. In my mind
> it's way too disruptive.

Do we have any assessment of how many private plugins there are out
there that can be disrupted? I mean: we can fix all the plugins in svn
with one commit.

> OpenID support can be either backported, or we can use openid4java.

AFAICT the openid support needs the interface changes, or for us to
subclass more of acegi to support null passwords. the openid support in
spring security builds on openid4java :)

> Now, I looked at the patch, and I see that most of the changes are
> basically package renaming changes. So if we really badly want to
> upgrade, perhaps we can tweak our ClassLoader implementation so that
> we
> rename references to Acegi by references to SpringSecurity by some
> mechanical class name translation.

Yes, the package renaming is the main issue. I don't think the api
changes affect any plugins, though I haven't done a call-by-call check
yet.

> In some places I see more substantial changes, like
> AbstractProcessingFilter.obtainFullRequestUrl ->
> AbstractProcessingFilter.obtainFullSavedRequestUrl, so maybe this is
> intractable.
>
> I'm sorry to say this, but from what I've seen so far, I don't think
> we'll be upgrading. Also, I haven't seen what's new in 3.0. Is 3.0
> another backward incompatible change?

I haven't looked either, but I'm concerned that if we don't upgrade
we're essentially taking full ownership for the acegi codebase, and
thats not really sensible.

> > I guess we could look at all the acegi things that are imported by
> known
> > plugins, and ship a stub forwarding version of acegi that forwards
> to
> > the new spring versions ?
>
> If this can be made to work, that's fine, but given that SPIs go both
> ways, I suspect this is also practical intractable.

Hudson core imports from plugins, is that what you mean?

-Rob

signature.asc (204 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: upgrade to spring security 2.0.5 from acegisecurity

Alan Harder-2
FYI-
I archived the work Robert and I did on this into:
https://svn.dev.java.net/svn/hudson/branches/springframework2

- Alan



Robert Collins wrote:

> On Mon, 2009-12-14 at 08:43 -0800, Kohsuke Kawaguchi wrote:
>  
>> Normally this means we just can't upgrade to more recent versions of
>> Spring Security. I looked at what's new in Spring Security 2.0 [1],
>> and
>> I don't think the list is convincing enough for the widespread binary
>> incompatibility, which affects such things like the Authentication
>> interface, which is used in plugins that merely perform authorization,
>> in addition to plugins that add a new security realm, etc. In my mind
>> it's way too disruptive.
>>    
>
> Do we have any assessment of how many private plugins there are out
> there that can be disrupted? I mean: we can fix all the plugins in svn
> with one commit.
>
>  
>> OpenID support can be either backported, or we can use openid4java.
>>    
>
> AFAICT the openid support needs the interface changes, or for us to
> subclass more of acegi to support null passwords. the openid support in
> spring security builds on openid4java :)
>
>  
>> Now, I looked at the patch, and I see that most of the changes are
>> basically package renaming changes. So if we really badly want to
>> upgrade, perhaps we can tweak our ClassLoader implementation so that
>> we
>> rename references to Acegi by references to SpringSecurity by some
>> mechanical class name translation.
>>    
>
> Yes, the package renaming is the main issue. I don't think the api
> changes affect any plugins, though I haven't done a call-by-call check
> yet.
>
>  
>> In some places I see more substantial changes, like
>> AbstractProcessingFilter.obtainFullRequestUrl ->
>> AbstractProcessingFilter.obtainFullSavedRequestUrl, so maybe this is
>> intractable.
>>
>> I'm sorry to say this, but from what I've seen so far, I don't think
>> we'll be upgrading. Also, I haven't seen what's new in 3.0. Is 3.0
>> another backward incompatible change?
>>    
>
> I haven't looked either, but I'm concerned that if we don't upgrade
> we're essentially taking full ownership for the acegi codebase, and
> thats not really sensible.
>
>  
>>> I guess we could look at all the acegi things that are imported by
>>>      
>> known
>>    
>>> plugins, and ship a stub forwarding version of acegi that forwards
>>>      
>> to
>>    
>>> the new spring versions ?
>>>      
>> If this can be made to work, that's fine, but given that SPIs go both
>> ways, I suspect this is also practical intractable.
>>    
>
> Hudson core imports from plugins, is that what you mean?
>
> -Rob
>  


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Glue stick in Bangalore

Superbrightengineering
This post has NOT been accepted by the mailing list yet.
In reply to this post by Alan Harder-2
We Super Bright Eng Co. are a leading, Distributors, supplier and exporter and Importers of an extensive range of Packaging products that have carved niche for themselves in the domain for their superior quality and durability.

Steel strapping and tools in Bangalore
Glue stick in Bangalore
Pneumatic Stapler and nailer in Bangalore
VCI in Bangalore
Anti Skid Tape in Bangalore
PVC Strip curtain in Bangalore


For more detail visit: http://www.sbe.co.in/strap.html