spring 4.x migration

pom.xml

@@ -78,10 +78,10 @@
 		<log4j.version>1.2.17</log4j.version>
 
 		<aspectj.version>1.7.2</aspectj.version>
-		<spring.framework.version>3.2.10.RELEASE</spring.framework.version>
-		<spring.security.version>3.2.1.RELEASE</spring.security.version>
+		<spring.framework.version>4.2.1.RELEASE</spring.framework.version>
+		<spring.security.version>4.0.2.RELEASE</spring.security.version>
 		<spring.security.oauth2.version>1.0.5.RELEASE</spring.security.oauth2.version>
-		<org.springframework.social-version>1.1.0.RELEASE</org.springframework.social-version>
+		<org.springframework.social-version>1.1.2.RELEASE</org.springframework.social-version>
 		<org.springframework.social-google-version>1.0.0.RELEASE</org.springframework.social-google-version>
 
 		<mysql.version>5.1.31</mysql.version>
@@ -270,7 +270,7 @@
 		<dependency>
 			<groupId>org.springframework.data</groupId>
 			<artifactId>spring-data-jpa</artifactId>
-			<version>1.6.2.RELEASE</version>
+			<version>1.9.0.RELEASE</version>
 		</dependency>
 
 		<!-- Hibernate dependencies -->
@@ -415,7 +415,7 @@
 		<dependency>
 			<groupId>org.springframework.data</groupId>
 			<artifactId>spring-data-elasticsearch</artifactId>
-			<version>1.0.4.RELEASE</version>
+			<version>1.3.0.RELEASE</version>
 		</dependency>
 
 

src/main/java/org/genesys2/spring/DefaultRolesPrefixPostProcessor.java

+package org.genesys2.spring;
+
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.config.BeanPostProcessor;
+import org.springframework.core.PriorityOrdered;
+import org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource;
+import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
+import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
+import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
+
+public class DefaultRolesPrefixPostProcessor implements BeanPostProcessor, PriorityOrdered {
+
+    @Override
+    public Object postProcessAfterInitialization(Object bean, String beanName)
+            throws BeansException {
+
+        if(bean instanceof Jsr250MethodSecurityMetadataSource) {
+            ((Jsr250MethodSecurityMetadataSource) bean).setDefaultRolePrefix(null);
+        }
+
+        if(bean instanceof DefaultMethodSecurityExpressionHandler) {
+            ((DefaultMethodSecurityExpressionHandler) bean).setDefaultRolePrefix(null);
+        }
+        if(bean instanceof DefaultWebSecurityExpressionHandler) {
+            ((DefaultWebSecurityExpressionHandler) bean).setDefaultRolePrefix(null);
+        }
+        if(bean instanceof SecurityContextHolderAwareRequestFilter) {
+            ((SecurityContextHolderAwareRequestFilter)bean).setRolePrefix("");
+        }
+        return bean;
+    }
+
+    @Override
+    public Object postProcessBeforeInitialization(Object bean, String beanName)
+            throws BeansException {
+        return bean;
+    }
+
+    @Override
+    public int getOrder() {
+        return PriorityOrdered.HIGHEST_PRECEDENCE;
+    }
+}
\ No newline at end of file

src/main/java/org/genesys2/spring/config/ApplicationConfig.java

@@ -18,6 +18,7 @@ package org.genesys2.spring.config;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.genesys2.spring.DefaultRolesPrefixPostProcessor;
 import org.genesys2.transifex.client.TransifexService;
 import org.genesys2.transifex.client.TransifexServiceImpl;
 import org.springframework.context.annotation.Bean;
@@ -37,4 +38,9 @@ public class ApplicationConfig {
 		return new TransifexServiceImpl();
 	}
 
+	@Bean
+	public DefaultRolesPrefixPostProcessor defaultRolesPrefixPostProcessor(){
+		return new DefaultRolesPrefixPostProcessor();
+	}
+
 }

src/main/java/org/springframework/web/context/request/ServletRequestAttributes.java

@@ -20,6 +20,7 @@ import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import org.springframework.util.Assert;
@@ -50,6 +51,8 @@ public class ServletRequestAttributes extends AbstractRequestAttributes {
 
 	private final HttpServletRequest request;
 
+	private HttpServletResponse response;
+
 	private volatile HttpSession session;
 
 	private final Map<String, Object> sessionAttributesToUpdate = new ConcurrentHashMap<String, Object>(1);
@@ -64,6 +67,15 @@ public class ServletRequestAttributes extends AbstractRequestAttributes {
 		this.request = request;
 	}
 
+	/**
+	 * Create a new ServletRequestAttributes instance for the given request.
+	 * @param request current HTTP request
+	 * @param response current HTTP response (for optional exposure)
+	 */
+	public ServletRequestAttributes(HttpServletRequest request, HttpServletResponse response) {
+		this(request);
+		this.response = response;
+	}
 
 	/**
 	 * Exposes the native {@link HttpServletRequest} that we're wrapping.
@@ -72,6 +84,13 @@ public class ServletRequestAttributes extends AbstractRequestAttributes {
 		return this.request;
 	}
 
+	/**
+	 * Exposes the native {@link HttpServletResponse} that we're wrapping (if any).
+	 */
+	public final HttpServletResponse getResponse() {
+		return this.response;
+	}
+
 	/**
 	 * Exposes the {@link HttpSession} that we're wrapping.
 	 * @param allowCreate whether to allow creation of a new session if none exists yet

src/main/webapp/WEB-INF/decorator/header.jsp

@@ -24,11 +24,11 @@
                                 <form role="form" method="post" action="<c:url value="/login-attempt" />">
                                     <div class="form-group">
                                         <label for="username"><spring:message code="login.username"/>:</label>
-                  						<input type="email" class="form-control" id="username" name="j_username" placeholder="<spring:message code="login.username"/>" />
+                  						<input type="email" class="form-control" id="username" name="username" placeholder="<spring:message code="login.username"/>" />
                                     </div>
                                     <div class="form-group">
                                         <label for="password"><spring:message code="login.password"/></label>
-                 						<input type="password" class="form-control" id="password" name="j_password" placeholder="<spring:message code="login.password"/>" />
+                 						<input type="password" class="form-control" id="password" name="password" placeholder="<spring:message code="login.password"/>" />
                                     </div>
                                     <div class="checkbox">
                                         <label>
@@ -60,7 +60,7 @@
 							<li><a href="<c:url value="/content" />"><spring:message code="user.pulldown.manage-content" /></a></li>
                             </security:authorize>
                             <li><a href="<c:url value="/profile/${user.username}" />"><spring:message code="user.pulldown.profile"/></a></li>
-                            <li><a id="logout" href="<c:url value="/logout" />"><spring:message code="user.pulldown.logout"/></a>
+                            <li><a id="logout1" href="#" onclick="document.getElementById('logoutForm').submit();"  ><spring:message code="user.pulldown.logout"/></a>
                             </li>
                         </ul>
                     </li>
@@ -92,7 +92,7 @@
       <div class="container">
         <a href="#" class="mobile-menu-show"><img src="<c:url value="/html/images/icon_mobile_menu.png" />" alt="" /></a>
         <a href="#" class="mobile-menu-hide"><img src="<c:url value="/html/images/icon_mobile_menu_back.png" />" alt="" /></a>
-        
+
         <ul class="nav navbar-nav navbar-right">
               <security:authorize access="isAnonymous()">
                     <li class="dropdown">
@@ -102,11 +102,11 @@
                                 <form role="form" method="post" action="<c:url value="/login-attempt" />">
                                     <div class="form-group">
                                         <label for="username"><spring:message code="login.username"/>:</label>
-                  						<input type="email" class="form-control" id="username" name="j_username" placeholder="<spring:message code="login.username"/>" />
+                  						<input type="email" class="form-control" id="username" name="username" placeholder="<spring:message code="login.username"/>" />
                                     </div>
                                     <div class="form-group">
                                         <label for="password"><spring:message code="login.password"/></label>
-                 						<input type="password" class="form-control" id="password" name="j_password" placeholder="<spring:message code="login.password"/>" />
+                 						<input type="password" class="form-control" id="password" name="password" placeholder="<spring:message code="login.password"/>" />
                                     </div>
                                     <div class="checkbox">
                                         <label>
@@ -137,7 +137,7 @@
 							<li><a href="<c:url value="/team" />"><spring:message code="user.pulldown.teams" /></a></li>
                             </security:authorize>
                             <li><a href="<c:url value="/profile/${user.username}" />"><spring:message code="user.pulldown.profile"/></a></li>
-                            <li><a id="logout" href="<c:url value="/logout" />"><spring:message code="user.pulldown.logout"/></a></li>
+                            <li><a id="logout2" href="#" onclick="document.getElementById('logoutForm').submit();"  ><spring:message code="user.pulldown.logout"/></a>
                         </ul>
                     </li>
                 </security:authorize>
@@ -159,8 +159,8 @@
           </li>
         </ul>
       </div>
-    </div> 
-    
+    </div>
+
     <form role="search" id="search" action="<c:url value="/acn/search" />">
       <div class="container">
         <div class="form-group">
@@ -172,3 +172,9 @@
     </form>
 
 </div> <!-- Mobile Header end -->
+
+<form id="logoutForm" action="/logout" method="post">
+    <input type="hidden"
+           name="${_csrf.parameterName}"
+           value="${_csrf.token}"/>
+</form>
\ No newline at end of file

src/main/webapp/WEB-INF/jsp/login.jsp

@@ -19,14 +19,14 @@
         <div class="form-group">
             <label for="j_username" class="col-lg-2 control-label"><spring:message code="login.username"/></label>
             <div class="col-lg-3">
-                <input type="text" id="j_username" name="j_username" class="form-control grabfocus" autofocus="autofocus" />
+                <input type="text" id="j_username" name="username" class="form-control grabfocus" autofocus="autofocus" />
             </div>
         </div>
 
         <div class="form-group">
             <label for="j_password"  class="col-lg-2 control-label"><spring:message code="login.password"/></label>
             <div class="col-lg-3">
-                <input type="password" id="j_password" name="j_password" class="form-control" />
+                <input type="password" id="j_password" name="password" class="form-control" />
             </div>
         </div>