Skip to content

Migration guide

Jump to bottom Edit New page
CAS in the cloud LELEU Jérôme edited this page Dec 16, 2022 · 9 revisions

-> 8.x

Version 6.x of pac4j and JDK 17 are now required.

-> 7.x

The pac4j-javaee / pac4j-jakartaee artifact is pulled instead of the pac4j-jee artifact: JEE components are now in the org.pac4j.jee package.

-> 6.1

The pac4j-jee artifact is pulled instead of the pac4j-core artifact.

-> 6.0

Version 5.x of pac4j is now required. JDK 11 is required too.

The multiProfile and saveInSession options are now removed from the filters and handled at the Client level.

The setConfigOnly/getConfigOnly methods are renamed as setConfig/getConfig.

-> 5.0

Version 4.x of pac4j is now required.

The setConfig and getConfig methods are now named setSharedConfig and getSharedConfig.

2.0 -> 3.0

The FilterHelper can be used to programmatically define filters and mappings, using an injected Config.

The WebContext and the ProfileManager are automatically produced by the Pac4jProducer and the HttpServletResponseProducer (based on JSF) and can be injected wherever they are needed.

1.3 - > 2.0

The ApplicationLogoutFilter has been renamed as LogoutFilter and now handles both the application and identity provider logouts.

1.2 - > 1.3

The RequiresAuthenticationFilter is now named SecurityFilter with the clients, authorizers and matchers parameters instead of the previous clientName, authorizerName and matcherName.

The ApplicationLogoutFilter behaviour has slightly changed: even without any url request parameter, the user will be redirected to the defaultUrl if it has been defined.

1.1 -> 1.2

Authorizations are now handled by the library so the ClientFactory can now longer be used and is replaced by a ConfigFactory which builds a Config which gathers clients (for authentication) and authorizers (for authorizations).

The isAjax parameter is no longer available as AJAX requests are now automatically detected. The stateless parameter is no longer available as the stateless nature is held by the client itself.

The requireAnyRole and requieAllRoles parameters are no longer available and authorizers must be used instead (with the authorizerName parameter).

The application logout process can be managed with the ApplicationLogoutFilter.

Add a custom footer
Add a custom sidebar
Clone this wiki locally