David Arnold (Migrated from SEC-1693) said:
In order to support newer and more robust EHCache releases, including distributed caches, Spring Security needs a bit of work. EHCache maven artifacts have been split up into modules, but 3.1.0.CI-SNAPSHOT compiles nicely against just net.sf.ehcache:ehcache-core:2.4.0. It does break unit tests, as the tests make assumptions about the behaviour of the default cache store that are no longer true (e.g., constructor behaviour, flush behaviour).
I had good results in EhCacheBasedAclCacheTests by doing
cacheManager.addCache(new Cache("ehcachebasedacltests", 1, true, false, 600, 300));
and adjusting the assertion to match a memory store of 1 element, instead of 0. Not sure what to do about the last few tests that would work against 1.4.2+ and 2.0.0+.
Luke Taylor said:
Could you clarify what you mean by "provide Ehcache 2.0.0+ support"? The original forum discussion was just about expanding the version range in the OSGi manifest. Is that still adequate? In practice we will generally build and compile against the same version as the Spring Framework, for consistency.
David Arnold said:
That's fine with me. Having looked at the modules that import the EHCache packages, it's only the unit tests that should pose a problem. The runtime modules use the basic interfaces, which haven't changed.
Ok. I've set the upper bound to be 2.5 (exclusive).