The migration was very easy except for 2 smaller issues (See further below). First, I updated web.xml to rename the security filter to Spring Security's one:
Also, since I am using my own "user service" to pull users and roles from the database, I had to rename a few imports in my classes to reflect the package names of Spring Security 2.0.
The biggest configuration change was updating the bean definition in my context configuration file which contains all the necessary XML to wire all the beans together. Spring Security 2.0 is now providing its own XML Namespaces, which drastically simplifies configuration.
Thsu, here is the final application context configuration file for Spring Security 2.0 as used by my project:
As mentioned above, I encountered two smaller issues. First, I am using the Jasypt library which I am using for digesting passwords. It provides a password encoder that plugs into ACEGI security. Unfortunately, it has not yet been updated to also work in conjunction of Spring Security 2.0. The aforementioned implemented password still uses the old package structure. Thanks to open source this is an easy fix :-)
Thus, I checked out Jasypt into my Eclipse Ide, updated the package reference and the pom to pull in the Spring Security 2.0 jars. I also created a ticked on the Jasypt project website and submitted a patch with the changes. Let's see whether it will find its way into the prokject soon.
My second problem had to do with the rolePrefix of Spring Security. Spring Security by default pre-fixes roles names with "ROLE_". Since my project does not use prefixes for role names I had created rolevoter bean that set the rolePrefix property.
Interestingly you can't do this configuration using namespaces. With the current version you need to fall back to the traditional bean configuration support which involves creating 3 additional beans: