Migrating from 2.0.0 to 3.0.0

To upgrade from v2.0 to v3.0:

move up to Java 17 (minimum)
update namespaces from javax to jakarta
if you are using the Shiro security module, this will need to choose a different security implementation.

This last point is discussed below.

Simple Security, Replacement for Shiro (CAUSEWAY-3698)

In 3.0.0, the Shiro modules are no longer distributed because Apache Shiro have not yet released a jakarta namespaced version of their framework.

There are several migration options:

first is to leverage Spring Security.

This can be extended in various ways, eg for OAuth2 support. It is commonly paired with SecMan for authorization
or, use SecMan for both authentication and authorization
or, use Simple Security which provides a programmatic approach for implementing an Authenticator and/or Authorizor.

It is broadly equivalent to the Shiro .ini realm.

We will revisit this as and when Apache Shiro release a suitable version of their framework.