Marco Mullner wrote:Hi!
Is it possible using Spring Security 5.0.0. with Spring Framework 4.3.11?
I have an XML configuration, due to previously migration from Security 3.2
Also I haven't a best practice doc about migration to Spring Security 5.0
Sorry for the short post, but I had opened it having only few free seconds... now I can upgrade it!
That application start with Spring Framework 4.3.11 and Security 3.2,
now I must upgrade just the second one, so I've referenced version 5.0.0 (build snapshot) into the POM.
I've also changed somethings into spring-security.xml and login.jsp, as I've read into a documentation about migration to Spring Security 3.x to 4.x.
Unfortunately I've not found much more recent migration docs.
Because into Spring Security Reference 5.0.0 I've read some hints about the Framework 4.x, I've assumed there was no compatibility issues using the binomial Framework 4.3.11 + Security 5.0.0.
So, I have no compilation problems on STS, no problem using Maven, but when I've tried to deploy the EAR into Weblogic 12c I got a BEA-160228, and no other messages inside the logs.
Into the Weblogic console I can just select the new installation button, then select the EAR, then I got an application access denied with three String index out of range: 17188
What I can try:
1) using the Spring Security configuration without the XML, but I can't because I must do the migration the least invasive possible;
2) using Spring Security 4.2.3, so sure I haven't compatibility issues with the framework, I'll try that and update that post when I'll have some news;
3) upgrade Spring Framework to 5, but I can't because I don't know how many changes will be necessary.
Spring Security builds against Spring Framework 5.0.0.RELEASE, but should work with 4.0.x. The problem that many users will have is that Spring Security’s transitive dependencies resolve Spring Framework 5.0.0.RELEASE which can cause strange classpath problems.
So, it should theoretically be possible to use Spring Security 5.0 with Spring Framework 4.x, but you will most likely get nasty dependency version problems that will be hard to fix.