SEC-1045: Added security-context-repository-ref attribute to <http>

2008-12-02 16:14:03 +00:00 · 2008-12-02 16:14:03 +00:00 · 3e2930d785
parent 6197668fa6
commit 3e2930d785
2 changed files with 14 additions and 2 deletions
--- a/core/src/main/resources/org/springframework/security/config/spring-security-2.5.rnc
+++ b/core/src/main/resources/org/springframework/security/config/spring-security-2.5.rnc
@ -226,8 +226,11 @@ http.attlist &=
 http.attlist &=
    use-expressions?
 http.attlist &=
-    ## Controls the eagerness with which an HTTP session is created. If not set, defaults to "ifRequired".
+    ## Controls the eagerness with which an HTTP session is created. If not set, defaults to "ifRequired". Note that if a custom SecurityContextRepository is set using security-context-repository-ref, then the only value which can be set is "always". Otherwise the session creation behaviour will be determined by the repository bean implementation.
    attribute create-session {"ifRequired" | "always" | "never" }?
+http.attlist &= 
+    ## A reference to a SecurityContextRepository bean. This can be used to customize the way the SecurityContext is stored between requests.
+    attribute security-context-repository-ref {xsd:string}?    
 http.attlist &=
    ## The path format used to define the paths in child elements.
    path-type?
--- a/core/src/main/resources/org/springframework/security/config/spring-security-2.5.xsd
+++ b/core/src/main/resources/org/springframework/security/config/spring-security-2.5.xsd
@ -787,7 +787,10 @@
    <xs:attribute name="create-session">
      <xs:annotation>
        <xs:documentation>Controls the eagerness with which an HTTP session is created. If not set,
-          defaults to "ifRequired".</xs:documentation>
+          defaults to "ifRequired". Note that if a custom SecurityContextRepository is set using
+          security-context-repository-ref, then the only value which can be set is "always".
+          Otherwise the session creation behaviour will be determined by the repository bean
+          implementation.</xs:documentation>
      </xs:annotation>
      <xs:simpleType>
        <xs:restriction base="xs:token">
@ -797,6 +800,12 @@
        </xs:restriction>
      </xs:simpleType>
    </xs:attribute>
+    <xs:attribute name="security-context-repository-ref" type="xs:string">
+      <xs:annotation>
+        <xs:documentation>A reference to a SecurityContextRepository bean. This can be used to
+          customize the way the SecurityContext is stored between requests.</xs:documentation>
+      </xs:annotation>
+    </xs:attribute>
    <xs:attribute name="path-type">
      <xs:annotation>
        <xs:documentation>Defines the type of pattern used to specify URL paths (either JDK