The spring Security 3.2.x and the spring 4.0.x maven dependency Management

Original link: Spring Security with Maven
Original date: April 24, 2013
Translation Date: June 29, 2014
Translators: Anchor

1. Overview

This article gives you an example of how to use Maven manages spring Security and spring dependenciesThe latest spring security release number can be found in the Maven central repository. The translator recommends visiting the Mvnrespotory org.springframework.security link.
This article is a sequel to using Maven to manage spring, so for other spring dependencies that are not spring Security, see the previous article.

2. Spring Security and Maven

2.1. Spring-security-core
Core support of Spring security-- Spring-security-core--Includes identity authentication (authentication) and access control features that support standalone (non-web) applications, method-level security, and JDBC:

<properties>    <org.springframework.security.version>3.2.3.release</ Org.springframework.security.version>    <org.springframework.version>4.0.4.release</ Org.springframework.version></properties><dependency>    <groupId> Org.springframework.security</groupid>    <artifactId>spring-security-core</artifactId>    <version>${org.springframework.security.version}</version></dependency>

Please note that the Spring security version number we are using is 3.2.x.release--and the publication Plan and version number of spring and spring security are not consistent, so there is no one by one corresponding version number relationship.

Assuming that you are using the old version number of spring--also need to understand this very not intuitive fact, spring Security 3.1.x also does not rely on the spring 3.1.x version number ! This is because spring Security 3.1.x was announced prior to spring 3.1. Spring plans to keep these dependencies as consistent as possible in a future version number, and want to know a lot of other information to take a look at their Jira plan, but this is certainly not the case now, and we'll look at the details below.

2.2. Spring-security-web
To join WEB support for Spring Security, you need to join Spring-security-webDepend on:

<dependency>    <groupId>org.springframework.security</groupId>    <artifactId> Spring-security-web</artifactid>    <version>${org.springframework.security.version}</version ></dependency>

It includes the filters (filter) and web-related security foundation classes required for URL access control in a servlet environment.

2.3. Spring Security and the old version of spring Core dependency issues
This new dependency also shows a problem with maven dependency graphs-As mentioned earlier, Spring Security's jar package is not dependent on the latest Spring core jar package (but the previous version number). This could lead to a classpath in today's old version numberThe Spring 4.x project (artifacts), which masks the new version number.
To understand why such a problem occurs, we need to look at how maven resolves conflicts-assuming a version number conflict occurs, MAVEN will prioritize the recent jar package from the root of the dependency tree (the root). In our sample, Spring-core is two places dependent: Spring-orm (4.x.release version number) and Spring-security-core (dependent on the old 3.2.8.RELEASE version), so in these two places, in our project The depth of spring-jdbc distance from root Pom is 1. Therefore, the order in which Spring-orm and spring-security-core are defined in our Pom file will be decisive-who first appears with priority, so we may finally get the jar package version number is not deterministic.
To solve the problem, we have to understand the definition of some spring dependencies instead of using Maven's implicit dependency resolution mechanism-we can customize the future by placing specific dependencies at a level of 0 in the Pom, guaranteeing priority. The following sections need to be placed in the same folder and need to be clearly defined, assuming that in a multi-module project, it needs to be placed under the dependencymanagement element of the parent project:

<dependency> <groupId>org.springframework</groupId> <artifactid>spring-core</ Artifactid> <version>${org.springframework.version}</version></dependency><dependency > <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <v Ersion>${org.springframework.version}</version></dependency><dependency> <groupId> Org.springframework</groupid> <artifactId>spring-jdbc</artifactId> <version>${ Org.springframework.version}</version></dependency><dependency> <groupId> Org.springframework</groupid> <artifactId>spring-beans</artifactId> <version>${ Org.springframework.version}</version></dependency><dependency> <groupId> Org.springframework</groupid> <artifactId>spring-aop</artifactId> <version>${ Org.springframework.Version}</version></dependency><dependency> <groupid>org.springframework</groupid > <artifactId>spring-tx</artifactId> <version>${org.springframework.version}</version ></dependency><dependency> <groupId>org.springframework</groupId> <artifactId> Spring-expression</artifactid> <version>${org.springframework.version}</version></ Dependency><dependency> <groupId>org.springframework</groupId> <artifactid>spring-web </artifactId> <version>${org.springframework.version}</version></dependency>

2.4. Spring-security-config and other jar packages

To use a rich spring Security XML namespace, you need to introduce Spring-security-config dependencies:

<dependency>    <groupId>org.springframework.security</groupId>    <artifactId> Spring-security-config</artifactid>    <version>${org.springframework.security.version}</ Version>    <scope>runtime</scope></dependency>

Since no application needs to rely on this jar package at compile time, its scope ( Scope) should be set to Runtime.
Finally, LDAP, ACLs, CAS, and OpenID support have their own dependencies on Spring security: Spring-security-ldap, Spring-security-acl, Spring-security-cas, and Spring-security-openid.

3. Use the snapshots and milestones version numbers
Spring Security's milestones (milestones, m1,m2.) and snapshots versions are available in spring's own Maven repository – see How to use the snapshots and Milestones editions for details on how to configure.

4. Summary

This article discusses the actual details of integrating Spring Security with Maven . The introduction of Maven dependency is of course the most basic part, and there are several technical points worth mentioning and places to wait. It's just a great starting point for using MAVEN to manage the spring project.

The spring Security 3.2.x and the spring 4.0.x maven dependency Management