Why does Spring Security Core RC4 require Grails 2.3?

0
votes

On the Spring Security Core plugin GitHub repo, I see that Graeme on May 21st upped the required version of Grails from 2.0 to 2.3 before the RC4 version was released a couple of months later, but I don't see any explanation for why. Was it mismatched dependencies, bug reports, etc?

I run a 2.2.4 app, and I would prefer not to upgrade at this point just to get the latest RC of spring security core. I understand if the upgrade to 3.2.0.RELEASE of spring security caused mismatched dependencies with older versions of Grails since I've run into the same issues before.

This originally came up due to a pull request on the spring security OAuth2 provider plugin that I maintain. The pull request upped the required version to 2.3, and the requester pointed me to the RC4 release of core as the reason.

Thanks for the good works as always!

1
grailsspring-securitygrails-plugin

1 Answers

1
votes

It's pure speculation on my part, but as far as I can tell, it has to do with the getNamespace() method introduced in the UrlMappingInfo interface in Grails 2.3.

The Spring Security Core plugin's class AnnotationFilterInvocationDefinition does check if it's dealing with Grails 2.3 or higher before it attempts to call getNamespace(), but in its current state it causes a compilation error (due to the missing method).

I suppose the class could resort to using the reflection API to get around this, making it possible to lower the requirement to Grails 2.2.0 (or keep it at 2.0.0)

String namespace = null;
try {          
    Method m = mapping.getClass().getDeclaredMethod("getNamespace", null);
    namespace = (String)m.invoke();
} catch(NoSuchMethodException e) { ... }