How to Upgrade Spring Security 2 to Spring Security 3

The short answer is you have to plunge into it head first.

The Problem
You have a working Spring Security 2.0.x setup and want to upgrade to the latest as of the time of this writing version 3.0.x. You did a (re)search on the Internet and found basically nothing. You are puzzled.

The Solution
You are not gonna like it but you have to get your hands dirty, figuratively speaking, and make it happen the hard way.

1. Remove the old libraries and drop in the new ones. You gotta get a lot of red in your IDE.
   
2. Make the red go away. The 3.x distro contains a file named class_mapping_from_2.0.x.txt. It can save you a search or two.
3. Update your Spring Security config files so that the schemaLocation ends with spring-security-3.0.xsd. If you have a validating XML editor you'll get a fair amount of red wavy lines right away.
4. Make the red go away. Refer to Security Namespace Configuration section of the manual.
5. If you happen to use an IDE that understands Java code in JSP pages, such as MyEclipse, hunt for the red there and exterminate it. Otherwise proceed to the next step.
6. Deploy your application. It'll blow up. That's OK. Have a look at the log. There was a lot of shuffling of the properties (defaultTargetUrl etc) among various classes between versions 2 and 3. Move the offending properties in your SS config file as needed.
7. Your application should now deploy fine. Run it and see if it bombs. It it is it may be because you didn't do a good job at step 5. Now you should have a good indication of where to look at. Have a look and resolve.
8. If you made it this far you are done. Congratulations!

The Rhetoric
Now when I'm done with the upgrade I keep asking myself the same question. How comes the supposedly best-of-breed enterprise-class software breaks backward compatibility in such an intricate, outrageous, in-your-face way?

Understandably Spring Security is the only game in town for the security-heavy shops on the EJB-less enterprise bandwagon. This is a classic vendor lock-in scenario in its uglier manifestation. A (re)design decision made by a few talanted developers is going to reverberate in the enterprise for years.

The enterprise is obsessed with compatibility and continuity. How can I recommend Spring Security to my next enterprise client with a straight face?

Don't Look a Gift Horse in the Mouth

In the rightful effort to disseminate the up-to-date Android technology Google has embarked on something officially called "device seeding program for top Android Market developers".

ActionComplete has been steadily approaching the 50000 downloads mark and has an average rating of 3.97 so here I am playing with a new toy.

Google couldn't go the straight way and decided to introduce an element of surprise by pseudo-randomly sending out Nexuses and Droids. It feels like developers in the US got Droids while other developers got Nexuses.

The Droid I got came with a complimentary one month of free Verizon service, both voice and data. A very smart move as that was the only way for them to make me try the Verizon network.

By now I've already used around 10 days of that free month and can report the initial findings.

The Phone
Fast. Functional. I always try to come up to a triad... This time it's going to be a dynamic duo.

I realized why it has that sunken chin. That's the only place where you can safely hold the phone in landscape without hitting the touch-sensitive buttons. Even with that in mind I still touch them a lot in very inappropriate moments. I'm yet to figure out why I keep sending empty emails now and then.

Oddly enough, the keyboard is less convenient than that on G1. The upper row is quite close to the slid-out top of the phone and you end up touching it a lot with your thumbs. The buttons are almost flat and the press response is minimal.

The good part is the phone is fast. And very functional. You can actually do what you are supposed to be able to and it usually works as advertised. You can get the directions to your lunch destination before you arrive there. You can view house prices in Zillow application for Android while driving at 40 mph. Believe it or not, but Droid in fact Does.

Which logically brings us to the the next review item - the network.

Verizon touts itself as the best network in the States (who doesn't?). Here in DC it might well be the case. The data network is always in 3G mode wherever I am. The connection is fast and reliable. The maps load promptly as you drive, voice-assisted navigation works well most of the time.

To keep its network fast Verizon puts some restrictions in place that are not typically found on other networks. You can't upload a video over 3G - it'll sit in the queue until you get a Wi-Fi connection.

The Conclusion
I found my attraction to the phone growing with every single day. Maybe it'll even become my primary phone after the free honeymoon is over. Who knows?

iPad First (and Last) Impression

In this post entitled starting with a lower case letter I'll talk about my first impression about the device that purportedly is the future of computing - iPad.

The best way to get a hands-on experience with the new Apple toy is to head to one of your local Best Buys as they tend to be less crowded than Apple Stores.

In my mind I was picturing an iPad as a laptop-screen-size device so it took me a while to find the demo stand featuring those puny things. The tablet is smaller that you might think it is.

But hey - it's not something to be upset about. It weighs way more than you expect! Take a 700-page book and you know what an iPad feels like in your hands.

The browser seems to be fairly limited even for what it officially supports, which does not include Flash.

The screen has a netbook-like resolution of 1024 x 768, which sits somewhere on the border between a smartphone and a computer, and does not always displays web applications correctly. Native applications have a clear edge over web applications on iPad - they generally look nicer and perform better.

I had high hopes that iPad would be a great device to run rich Internet applications... I have high hopes Chrome OS will give rise to great devices to run rich Internet applications.