SEC-777: The disabled status cannot be set in <user-service>

http://jira.springframework.org/browse/SEC-777. Added the disabled flag to the relax grammar file.

core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc

@@ -405,7 +405,9 @@ user.attlist &=
 user.attlist &=
 	  ## Can be set to "true" to mark an account as locked and unusable.
     attribute locked {boolean}?
-
+user.attlist &=
+	  ## Can be set to "true" to mark an account as disabled and unusable.
+    attribute disabled {boolean}?
 
 jdbc-user-service =
 	  ## Causes creation of a JDBC-based UserDetailsService.

core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd

@@ -1116,6 +1116,12 @@
         unusable.</xs:documentation>
       </xs:annotation>
     </xs:attribute>
+    <xs:attribute name="disabled" type="security:boolean">
+      <xs:annotation>
+        <xs:documentation>Can be set to "true" to mark an account as disabled and
+        unusable.</xs:documentation>
+      </xs:annotation>
+    </xs:attribute>
   </xs:attributeGroup>
   <xs:element name="jdbc-user-service" substitutionGroup="security:any-user-service">
     <xs:annotation>

core/src/test/java/org/springframework/security/config/UserServiceBeanDefinitionParserTests.java

@@ -1,6 +1,9 @@
 package org.springframework.security.config;
 
+import static org.junit.Assert.*;
+
 import org.springframework.security.util.InMemoryXmlApplicationContext;
+import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UserDetailsService;
 import org.springframework.context.support.AbstractXmlApplicationContext;
 import org.springframework.beans.FatalBeanException;
@@ -42,6 +45,21 @@ public class UserServiceBeanDefinitionParserTests {
         userService.loadUserByUsername("joe");
     }
 
+    @Test
+    public void disabledAndEmbeddedFlagsAreSupported() {
+        setContext(
+                "<user-service id='service'>" +
+                "    <user name='joe' password='joespassword' authorities='ROLE_A' locked='true'/>" +
+                "    <user name='bob' password='bobspassword' authorities='ROLE_A' disabled='true'/>" +
+                "</user-service>");
+        UserDetailsService userService = (UserDetailsService) appContext.getBean("service");
+        UserDetails joe = userService.loadUserByUsername("joe");
+        assertFalse(joe.isAccountNonLocked());
+        UserDetails bob = userService.loadUserByUsername("bob");
+        assertFalse(bob.isEnabled());
+    }
+    
+    
     @Test(expected=FatalBeanException.class)
     public void userWithBothPropertiesAndEmbeddedUsersThrowsException() {
         setContext(