From 11a87d1fa0916bcff7f1056b52abce3cd9a3b443 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Sun, 19 Sep 2010 18:17:06 +0100 Subject: [PATCH] Switch to using xsd:boolean in schema file. --- .../security/config/spring-security-3.1.rnc | 38 ++++++------ .../security/config/spring-security-3.1.xsd | 62 +++++++------------ 2 files changed, 40 insertions(+), 60 deletions(-) diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc index 8b2294ce23..bb7e34c1a4 100644 --- a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc +++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc @@ -10,7 +10,7 @@ hash = attribute hash {"plaintext" | "sha" | "sha-256" | "md5" | "md4" | "{sha}" | "{ssha}"} base64 = ## Whether a string should be base64 encoded - attribute base64 {"true" | "false"} + attribute base64 {xsd:boolean} request-matcher = ## Supersedes the 'path-type' attribute. Defines the strategy use for matching incoming requests. Currently the options are 'ant' (for ant path patterns), 'regex' for regular expressions and 'iciRegex' for case-insensitive regular expressions. attribute request-matcher {"ant" | "regex" | "ciRegex"} @@ -63,15 +63,13 @@ system-wide = ## A single value that will be used as the salt for a password encoder. attribute system-wide {xsd:token} -boolean = "true" | "false" - role-prefix = ## A non-empty string prefix that will be added to role strings loaded from persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the default is non-empty. attribute role-prefix {xsd:token} use-expressions = ## Enables the use of expressions in the 'access' attributes in elements rather than the traditional list of configuration attributes. Defaults to 'false'. If enabled, each attribute should contain a single boolean expression. If the expression evaluates to 'true', access will be granted. - attribute use-expressions {boolean} + attribute use-expressions {xsd:boolean} ldap-server = ## Defines an LDAP server location or starts an embedded server. The url indicates the location of a remote server. If no url is given, an embedded server will be started, listening on the supplied port number. The port is optional and defaults to 33389. A Spring LDAP ContextSource bean will be registered for the server with the id supplied. @@ -221,7 +219,7 @@ global-method-security.attlist &= ## Allows the advice "order" to be set for the method security interceptor. attribute order {xsd:token}? global-method-security.attlist &= - attribute proxy-target-class {boolean}? + attribute proxy-target-class {xsd:boolean}? global-method-security.attlist &= ## Can be used to specify that AspectJ should be used instead of the default Spring AOP. If set, secured classes must be woven with the AnnotationSecurityAspect from the spring-security-aspects module. attribute mode {"aspectj"}? @@ -272,7 +270,7 @@ http.attlist &= http.attlist &= ## Automatically registers a login form, BASIC authentication, anonymous authentication, logout services, remember-me and servlet-api-integration. If set to "true", all of these capabilities are added (although you can still customize the configuration of each by providing the respective element). If unspecified, defaults to "false". - attribute auto-config {boolean}? + attribute auto-config {xsd:boolean}? http.attlist &= use-expressions? http.attlist &= @@ -288,10 +286,10 @@ http.attlist &= path-type? http.attlist &= ## Provides versions of HttpServletRequest security methods such as isUserInRole() and getPrincipal() which are implemented by accessing the Spring SecurityContext. Defaults to "true". - attribute servlet-api-provision {boolean}? + attribute servlet-api-provision {xsd:boolean}? http.attlist &= ## If available, runs the request as the Subject acquired from the JaasAuthenticationToken. Defaults to "false". - attribute jaas-api-provision {boolean}? + attribute jaas-api-provision {xsd:boolean}? http.attlist &= ## Optional attribute specifying the ID of the AccessDecisionManager implementation which should be used for authorizing HTTP requests. attribute access-decision-manager-ref {xsd:token}? @@ -303,13 +301,13 @@ http.attlist &= attribute entry-point-ref {xsd:token}? http.attlist &= ## Corresponds to the observeOncePerRequest property of FilterSecurityInterceptor. Defaults to "true" - attribute once-per-request {boolean}? + attribute once-per-request {xsd:boolean}? http.attlist &= ## Deprecated in favour of the access-denied-handler element. attribute access-denied-page {xsd:token}? http.attlist &= ## Prevents the jsessionid parameter from being added to rendered URLs. - attribute disable-url-rewriting {boolean}? + attribute disable-url-rewriting {xsd:boolean}? access-denied-handler = ## Defines the access-denied strategy that should be used. An access denied page can be defined or a reference to an AccessDeniedHandler instance. @@ -351,7 +349,7 @@ logout.attlist &= attribute logout-success-url {xsd:token}? logout.attlist &= ## Specifies whether a logout also causes HttpSession invalidation, which is generally desirable. If unspecified, defaults to true. - attribute invalidate-session {boolean}? + attribute invalidate-session {xsd:boolean}? logout.attlist &= ## A reference to a LogoutSuccessHandler implementation which will be used to determine the destination to which the user is taken after logging out. attribute success-handler-ref {xsd:token}? @@ -380,7 +378,7 @@ form-login.attlist &= attribute default-target-url {xsd:token}? form-login.attlist &= ## Whether the user should always be redirected to the default-target-url after login. - attribute always-use-default-target {boolean}? + attribute always-use-default-target {xsd:boolean}? form-login.attlist &= ## The URL for the login page. If no login URL is specified, Spring Security will automatically create a login URL at /spring_security_login and a corresponding filter to render that login URL when requested. attribute login-page {xsd:token}? @@ -418,7 +416,7 @@ openid-attribute.attlist &= openid-attribute.attlist &= attribute type {xsd:token} openid-attribute.attlist &= - attribute required {boolean}? + attribute required {xsd:boolean}? openid-attribute.attlist &= attribute count {xsd:int}? @@ -449,7 +447,7 @@ fsmds.attlist &= id? fsmds.attlist &= ## as for http element - attribute lowercase-comparisons {boolean}? + attribute lowercase-comparisons {xsd:boolean}? fsmds.attlist &= ## Deprecate. Use request-matcher instead. path-type? @@ -500,7 +498,7 @@ concurrency-control.attlist &= attribute expired-url {xsd:token}? concurrency-control.attlist &= ## Specifies that an unauthorized error should be reported when a user attempts to login when they already have the maximum configured sessions open. The default behaviour is to expire the original session. If the session-authentication-error-url attribute is set on the session-management URL, the user will be redirected to this URL. - attribute error-if-maximum-exceeded {boolean}? + attribute error-if-maximum-exceeded {xsd:boolean}? concurrency-control.attlist &= ## Allows you to define an alias for the SessionRegistry bean in order to access it in your own configuration. attribute session-registry-alias {xsd:token}? @@ -528,7 +526,7 @@ remember-me.attlist &= remember-me.attlist &= ## Determines whether the "secure" flag will be set on the remember-me cookie. If set to true, the cookie will only be submitted over HTTPS. Defaults to false. - attribute use-secure-cookie {boolean}? + attribute use-secure-cookie {xsd:boolean}? remember-me.attlist &= ## The period (in seconds) for which the remember-me cookie should be valid. @@ -558,7 +556,7 @@ anonymous.attlist &= attribute granted-authority {xsd:token}? anonymous.attlist &= ## With the default namespace setup, the anonymous "authentication" facility is automatically enabled. You can disable it using this property. - attribute enabled {boolean}? + attribute enabled {xsd:boolean}? port-mappings = @@ -605,7 +603,7 @@ authman.attlist &= attribute alias {xsd:ID}? authman.attlist &= ## If set to true, the AuthenticationManger will attempt to clear any credentials data in the returned Authentication object, once the user has been authenticated. - attribute erase-credentials {boolean}? + attribute erase-credentials {xsd:boolean}? authentication-provider = ## Indicates that the contained user-service should be used as an authentication source. @@ -637,10 +635,10 @@ user.attlist &= attribute authorities {xsd:token} user.attlist &= ## Can be set to "true" to mark an account as locked and unusable. - attribute locked {boolean}? + attribute locked {xsd:boolean}? user.attlist &= ## Can be set to "true" to mark an account as disabled and unusable. - attribute disabled {boolean}? + attribute disabled {xsd:boolean}? jdbc-user-service = ## Causes creation of a JDBC-based UserDetailsService. diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd index 9844c01e6e..5be13b9d65 100644 --- a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd +++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd @@ -19,16 +19,10 @@ - + Whether a string should be base64 encoded - - - - - - @@ -130,16 +124,10 @@ - + Whether a string should be base64 encoded - - - - - - @@ -157,12 +145,6 @@ - - - - - - @@ -171,7 +153,7 @@ - + Enables the use of expressions in the 'access' attributes in <intercept-url> elements rather than the traditional list of configuration attributes. Defaults to 'false'. If enabled, each attribute should contain a single boolean expression. If the expression evaluates to 'true', access will be granted. @@ -480,7 +462,7 @@ A bean identifier, used for referring to the bean elsewhere in the context. - + Enables the use of expressions in the 'access' attributes in <intercept-url> elements rather than the traditional list of configuration attributes. Defaults to 'false'. If enabled, each attribute should contain a single boolean expression. If the expression evaluates to 'true', access will be granted. @@ -576,7 +558,7 @@ Allows the advice "order" to be set for the method security interceptor. - + Can be used to specify that AspectJ should be used instead of the default Spring AOP. If set, secured classes must be woven with the AnnotationSecurityAspect from the spring-security-aspects module. @@ -706,12 +688,12 @@ - + Automatically registers a login form, BASIC authentication, anonymous authentication, logout services, remember-me and servlet-api-integration. If set to "true", all of these capabilities are added (although you can still customize the configuration of each by providing the respective element). If unspecified, defaults to "false". - + Enables the use of expressions in the 'access' attributes in <intercept-url> elements rather than the traditional list of configuration attributes. Defaults to 'false'. If enabled, each attribute should contain a single boolean expression. If the expression evaluates to 'true', access will be granted. @@ -754,12 +736,12 @@ - + Provides versions of HttpServletRequest security methods such as isUserInRole() and getPrincipal() which are implemented by accessing the Spring SecurityContext. Defaults to "true". - + If available, runs the request as the Subject acquired from the JaasAuthenticationToken. Defaults to "false". @@ -779,7 +761,7 @@ Allows a customized AuthenticationEntryPoint to be set on the ExceptionTranslationFilter. - + Corresponds to the observeOncePerRequest property of FilterSecurityInterceptor. Defaults to "true" @@ -789,7 +771,7 @@ Deprecated in favour of the access-denied-handler element. - + Prevents the jsessionid parameter from being added to rendered URLs. @@ -871,7 +853,7 @@ Specifies the URL to display once the user has logged out. If not specified, defaults to /. - + Specifies whether a logout also causes HttpSession invalidation, which is generally desirable. If unspecified, defaults to true. @@ -914,7 +896,7 @@ The URL that will be redirected to after successful authentication, if the user's previous action could not be resumed. This generally happens if the user visits a login page without having first requested a secured operation that triggers authentication. If unspecified, defaults to the root of the application. - + Whether the user should always be redirected to the default-target-url after login. @@ -967,7 +949,7 @@ - + @@ -1022,7 +1004,7 @@ - + Enables the use of expressions in the 'access' attributes in <intercept-url> elements rather than the traditional list of configuration attributes. Defaults to 'false'. If enabled, each attribute should contain a single boolean expression. If the expression evaluates to 'true', access will be granted. @@ -1032,7 +1014,7 @@ A bean identifier, used for referring to the bean elsewhere in the context. - + as for http element @@ -1125,7 +1107,7 @@ The URL a user will be redirected to if they attempt to use a session which has been "expired" because they have logged in again. - + Specifies that an unauthorized error should be reported when a user attempts to login when they already have the maximum configured sessions open. The default behaviour is to expire the original session. If the session-authentication-error-url attribute is set on the session-management URL, the user will be redirected to this URL. @@ -1169,7 +1151,7 @@ Exports the internally defined RememberMeServices as a bean alias, allowing it to be used by other beans in the application context. - + Determines whether the "secure" flag will be set on the remember-me cookie. If set to true, the cookie will only be submitted over HTTPS. Defaults to false. @@ -1214,7 +1196,7 @@ The granted authority that should be assigned to the anonymous request. Commonly this is used to assign the anonymous request particular roles, which can subsequently be used in authorization decisions. If unset, defaults to "ROLE_ANONYMOUS". - + With the default namespace setup, the anonymous "authentication" facility is automatically enabled. You can disable it using this property. @@ -1346,7 +1328,7 @@ The alias you wish to use for the AuthenticationManager bean - + If set to true, the AuthenticationManger will attempt to clear any credentials data in the returned Authentication object, once the user has been authenticated. @@ -1402,12 +1384,12 @@ One of more authorities granted to the user. Separate authorities with a comma (but no space). For example, "ROLE_USER,ROLE_ADMINISTRATOR" - + Can be set to "true" to mark an account as locked and unusable. - + Can be set to "true" to mark an account as disabled and unusable.