diff --git a/config/src/main/resources/META-INF/spring.schemas b/config/src/main/resources/META-INF/spring.schemas
index ed3825e016..f75916867c 100644
--- a/config/src/main/resources/META-INF/spring.schemas
+++ b/config/src/main/resources/META-INF/spring.schemas
@@ -1,6 +1,2 @@
http\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-3.0.xsd
-http\://www.springframework.org/schema/security/spring-security-2.0.xsd=org/springframework/security/config/spring-security-2.0.xsd
-http\://www.springframework.org/schema/security/spring-security-2.0.1.xsd=org/springframework/security/config/spring-security-2.0.1.xsd
-http\://www.springframework.org/schema/security/spring-security-2.0.2.xsd=org/springframework/security/config/spring-security-2.0.2.xsd
-http\://www.springframework.org/schema/security/spring-security-2.0.4.xsd=org/springframework/security/config/spring-security-2.0.4.xsd
http\://www.springframework.org/schema/security/spring-security-3.0.xsd=org/springframework/security/config/spring-security-3.0.xsd
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.1.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-2.0.1.xsd
deleted file mode 100644
index 1d8830a073..0000000000
--- a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.1.xsd
+++ /dev/null
@@ -1,1335 +0,0 @@
-
-
-
-
-
- Defines the hashing algorithm used on user passwords. We recommend
- strongly against using MD4, as it is a very weak hashing algorithm.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Whether a string should be base64 encoded
-
-
-
-
-
-
-
-
-
-
-
-
- Defines the type of pattern used to specify URL paths (either JDK
- 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if
- unspecified.
-
-
-
-
-
-
-
-
-
-
-
-
- Specifies an IP port number. Used to configure an embedded LDAP server,
- for example.
-
-
-
-
-
-
- Specifies a URL.
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
-
-
- Defines a reference to a Spring bean Id.
-
-
-
-
-
-
- Defines a reference to a cache for use with a
- UserDetailsService.
-
-
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
-
- Defines a reference to a Spring bean Id.
-
-
-
-
- Defines the hashing algorithm used on user passwords. We recommend
- strongly against using MD4, as it is a very weak hashing algorithm.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Whether a string should be base64 encoded
-
-
-
-
-
-
-
-
-
-
-
-
- A property of the UserDetails object which will be used as salt by a
- password encoder. Typically something like "username" might be used.
-
-
-
-
-
-
- A single value that will be used as the salt for a password encoder.
-
-
-
-
-
-
-
-
-
-
-
-
-
- A non-empty string prefix that will be added to role strings loaded from
- persistent storage (e.g. "ROLE_").
-
-
-
-
-
- Defines an LDAP server location or starts an embedded server. The url
- indicates the location of a remote server. If no url is given, an embedded server will be
- started, listening on the supplied port number. The port is optional and defaults to 33389.
- A Spring LDAP ContextSource bean will be registered for the server with the id supplied.
-
-
-
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
- Specifies a URL.
-
-
-
-
- Specifies an IP port number. Used to configure an embedded LDAP server,
- for example.
-
-
-
-
- Username (DN) of the "manager" user identity which will be used to
- authenticate to a (non-embedded) LDAP server. If omitted, anonymous access will be used.
-
-
-
-
-
-
- Explicitly specifies an ldif file resource to load into an embedded LDAP
- server
-
-
-
-
- Optional root suffix for the embedded LDAP server. Default is
- "dc=springframework,dc=org"
-
-
-
-
-
-
- The optional server to use. If omitted, and a default LDAP server is
- registered (using <ldap-server> with no Id), that server will be used.
-
-
-
-
-
-
-
- Group search filter. Defaults to (uniqueMember={0}). The substituted
- parameter is the DN of the user.
-
-
-
-
-
-
- Search base for group membership searches. Defaults to
- "ou=groups".
-
-
-
-
-
-
-
-
-
- Search base for user searches. Defaults to "".
-
-
-
-
-
-
- The LDAP attribute name which contains the role name which will be used
- within Spring Security. Defaults to "cn".
-
-
-
-
-
-
- Allows the objectClass of the user entry to be specified. If set, the
- framework will attempt to load standard attributes for the defined class into the returned
- UserDetails object
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
- The optional server to use. If omitted, and a default LDAP server is
- registered (using <ldap-server> with no Id), that server will be used.
-
-
-
-
-
-
- Search base for user searches. Defaults to "".
-
-
-
-
- Group search filter. Defaults to (uniqueMember={0}). The substituted
- parameter is the DN of the user.
-
-
-
-
- Search base for group membership searches. Defaults to
- "ou=groups".
-
-
-
-
- The LDAP attribute name which contains the role name which will be used
- within Spring Security. Defaults to "cn".
-
-
-
-
- Defines a reference to a cache for use with a
- UserDetailsService.
-
-
-
-
- A non-empty string prefix that will be added to role strings loaded from
- persistent storage (e.g. "ROLE_").
-
-
-
-
- Allows the objectClass of the user entry to be specified. If set, the
- framework will attempt to load standard attributes for the defined class into the returned
- UserDetails object
-
-
-
-
-
-
-
-
-
-
-
- Sets up an ldap authentication provider
-
-
-
-
-
- Specifies that an LDAP provider should use an LDAP compare operation
- of the user's password to authenticate the user
-
-
-
-
-
- element which defines a password encoding strategy. Used by an
- authentication provider to convert submitted passwords to hashed versions, for
- example.
-
-
-
-
-
-
-
- A property of the UserDetails object which will be
- used as salt by a password encoder. Typically something like
- "username" might be used.
-
-
-
-
- A single value that will be used as the salt for a
- password encoder.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- The optional server to use. If omitted, and a default LDAP server is
- registered (using <ldap-server> with no Id), that server will be used.
-
-
-
-
-
- Search base for user searches. Defaults to "".
-
-
-
-
-
- Search base for group membership searches. Defaults to
- "ou=groups".
-
-
-
-
- Group search filter. Defaults to (uniqueMember={0}). The substituted
- parameter is the DN of the user.
-
-
-
-
- The LDAP attribute name which contains the role name which will be used
- within Spring Security. Defaults to "cn".
-
-
-
-
- A specific pattern used to build the user's DN, for example
- "uid={0},ou=people". The key "{0}" must be present and will be substituted with the
- username.
-
-
-
-
- A non-empty string prefix that will be added to role strings loaded from
- persistent storage (e.g. "ROLE_").
-
-
-
-
- Allows the objectClass of the user entry to be specified. If set, the
- framework will attempt to load standard attributes for the defined class into the returned
- UserDetails object
-
-
-
-
-
-
-
-
-
-
-
-
- The attribute in the directory which contains the user password. Defaults
- to "userPassword".
-
-
-
-
- Defines the hashing algorithm used on user passwords. We recommend
- strongly against using MD4, as it is a very weak hashing algorithm.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Can be used inside a bean definition to add a security interceptor to the
- bean and set up access configuration attributes for the bean's methods
-
-
-
-
-
-
-
-
-
-
-
- Optional AccessDecisionManager bean ID to be used by the created method
- security interceptor.
-
-
-
-
-
- Defines a protected method and the access control configuration attributes
- that apply to it. We strongly advise you NOT to mix "protect" declarations with any services
- provided "global-method-security".
-
-
-
-
-
-
-
-
- A method name
-
-
-
-
- Access configuration attributes list that applies to the method, e.g.
- "ROLE_A,ROLE_B".
-
-
-
-
-
- Provides method security for all beans registered in the Spring application
- context. Specifically, beans will be scanned for Spring Security annotations and/or matches
- with the ordered list of "protect-pointcut" sub-elements. Where there is a match, the beans
- will automatically be proxied and security authorization applied to the methods accordingly.
- If you use and enable all three sources of method security metadata (ie "protect-pointcut"
- declarations, @Secured and also JSR 250 security annotations), the metadata sources will be
- queried in that order. In practical terms, this enables you to use XML to override method
- security metadata expressed by way of @Secured annotations, with @Secured annotations
- overriding method security metadata expressed by JSR 250 annotations. It is perfectly
- acceptable to mix and match, with a given Java type using a combination of XML, @Secured and
- JSR 250 to express method security metadata (albeit on different
- methods).
-
-
-
-
-
- Defines a protected pointcut and the access control configuration
- attributes that apply to it. Every bean registered in the Spring application context
- that provides a method that matches the pointcut will receive security
- authorization.
-
-
-
-
-
-
-
-
-
-
-
-
- Specifies whether the use of Spring Security's @Secured annotations should
- be enabled for this application context. Please ensure you have the
- spring-security-tiger-xxx.jar on the classpath. Defaults to "disabled".
-
-
-
-
-
-
-
-
-
-
- Specifies whether JSR-250 style attributes are to be used (for example
- "RolesAllowed"). This will require the javax.annotation.security classes on the classpath.
- Defaults to "disabled".
-
-
-
-
-
-
-
-
-
-
- Optional AccessDecisionManager bean ID to override the default used for
- method security.
-
-
-
-
-
-
-
-
-
- An AspectJ expression, including the 'execution' keyword. For example,
- 'execution(int com.foo.TargetObject.countLength(String))' (without the
- quotes).
-
-
-
-
- Access configuration attributes list that applies to all methods matching
- the pointcut, e.g. "ROLE_A,ROLE_B"
-
-
-
-
-
- Container element for HTTP security configuration
-
-
-
-
-
- Specifies the access attributes and/or filter list for a particular
- set of URLs.
-
-
-
-
-
-
-
- Sets up a form login configuration for authentication with a username
- and password
-
-
-
-
-
-
-
-
- Adds support for X.509 client authentication.
-
-
-
-
-
-
-
- Adds support for basic authentication (this is an element to permit
- future expansion, such as supporting an "ignoreFailure" attribute)
-
-
-
-
-
- Incorporates a logout processing filter. Most web applications require
- a logout filter, although you may not require one if you write a controller to
- provider similar logic.
-
-
-
-
-
-
-
- Adds support for concurrent session control, allowing limits to be
- placed on the number of sessions a user can have.
-
-
-
-
-
-
-
-
-
-
-
-
- Adds support for automatically granting all anonymous web requests a
- particular principal identity and a corresponding granted
- authority.
-
-
-
-
-
-
-
- Defines the list of mappings between http and https ports for use in
- redirects
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Automatically registers a login form, BASIC authentication, anonymous
- authentication, logout services, remember-me and servlet-api-integration. If set to
- "true", all of these capabilities are added (although you can still customize the
- configuration of each by providing the respective element). If unspecified, defaults to
- "false".
-
-
-
-
- Controls the eagerness with which an HTTP session is created. If not set,
- defaults to "ifRequired".
-
-
-
-
-
-
-
-
-
-
-
- Defines the type of pattern used to specify URL paths (either JDK
- 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if
- unspecified.
-
-
-
-
-
-
-
-
-
-
- Whether test URLs should be converted to lower case prior to comparing
- with defined path patterns. If unspecified, defaults to "true".
-
-
-
-
- Provides versions of HttpServletRequest security methods such as
- isUserInRole() and getPrincipal() which are implemented by accessing the Spring
- SecurityContext. Defaults to "true".
-
-
-
-
- Optional attribute specifying the ID of the AccessDecisionManager
- implementation which should be used for authorizing HTTP requests.
-
-
-
-
- Optional attribute specifying the realm name that will be used for all
- authentication features that require a realm name (eg BASIC and Digest authentication). If
- unspecified, defaults to "Spring Security Application".
-
-
-
-
- Indicates whether an existing session should be invalidated when a user
- authenticates and a new session started. If set to "none" no change will be made.
- "newSession" will create a new empty session. "migrateSession" will create a new session
- and copy the session attributes to the new session. Defaults to
- "migrateSession".
-
-
-
-
-
-
-
-
-
-
-
- Allows a customized AuthenticationEntryPoint to be
- used.
-
-
-
-
- Corresponds to the observeOncePerRequest property of
- FilterSecurityInterceptor. Defaults to "true"
-
-
-
-
- Allows the access denied page to be set (the user will be redirected here
- if an AccessDeniedException is raised).
-
-
-
-
-
-
- The pattern which defines the URL path. The content will depend on the
- type set in the containing http element, so will default to ant path
- syntax.
-
-
-
-
- The access configuration attributes that apply for the configured
- path.
-
-
-
-
- The HTTP Method for which the access configuration attributes should
- apply. If not specified, the attributes will apply to any method.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- The filter list for the path. Currently can be set to "none" to remove a
- path from having any filters applied. The full filter stack (consisting of all defined
- filters, will be applied to any other paths).
-
-
-
-
-
-
-
-
-
- Used to specify that a URL must be accessed over http or
- https
-
-
-
-
-
-
-
-
-
-
-
-
-
- Specifies the URL that will cause a logout. Spring Security will
- initialize a filter that responds to this particular URL. Defaults to
- /j_spring_security_logout if unspecified.
-
-
-
-
- Specifies the URL to display once the user has logged out. If not
- specified, defaults to /.
-
-
-
-
- Specifies whether a logout also causes HttpSession invalidation, which is
- generally desirable. If unspecified, defaults to true.
-
-
-
-
-
-
- The URL that the login form is posted to. If unspecified, it defaults to
- /j_spring_security_check.
-
-
-
-
- The URL that will be redirected to after successful authentication, if the
- user's previous action could not be resumed. This generally happens if the user visits a
- login page without having first requested a secured operation that triggers
- authentication. If unspecified, defaults to the root of the
- application.
-
-
-
-
- Whether the user should always be redirected to the default-target-url
- after login.
-
-
-
-
- The URL for the login page. If no login URL is specified, Spring Security
- will automatically create a login URL at /spring_security_login and a corresponding filter
- to render that login URL when requested.
-
-
-
-
- The URL for the login failure page. If no login failure URL is specified,
- Spring Security will automatically create a failure login URL at
- /spring_security_login?login_error and a corresponding filter to render that login failure
- URL when requested.
-
-
-
-
-
- Sets up form login for authentication with an Open ID
- identity
-
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
-
- Used to explicitly configure a FilterChainProxy instance with a
- FilterChainMap
-
-
-
-
-
- Used within filter-chain-map to define a specific URL pattern and the
- list of filters which apply to the URLs matching that pattern. When multiple
- filter-chain elements are used within a filter-chain-map element, the most specific
- patterns must be placed at the top of the list, with most general ones at the
- bottom.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Used to explicitly configure a FilterInvocationDefinitionSource bean for use
- with a FilterSecurityInterceptor. Usually only needed if you are configuring a
- FilterChainProxy explicitly, rather than using the <http> element. The
- intercept-url elements used should only contain pattern, method and access attributes. Any
- others will result in a configuration error.
-
-
-
-
-
- Specifies the access attributes and/or filter list for a particular
- set of URLs.
-
-
-
-
-
-
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
- as for http element
-
-
-
-
- Defines the type of pattern used to specify URL paths (either JDK
- 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if
- unspecified.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Allows you to define an alias for the SessionRegistry bean in order to
- access it in your own configuration
-
-
-
-
-
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
-
- The key shared between the provider and filter. This generally does not
- need to be set. If unset, it will default to "doesNotMatter".
-
-
-
-
- The username that should be assigned to the anonymous request. This allows
- the principal to be identified, which may be important for logging and auditing. if unset,
- defaults to "anonymousUser".
-
-
-
-
- The granted authority that should be assigned to the anonymous request.
- Commonly this is used to assign the anonymous request particular roles, which can
- subsequently be used in authorization decisions. If unset, defaults to
- "ROLE_ANONYMOUS".
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- The regular expression used to obtain the username from the certificate's
- subject. Defaults to matching on the common name using the pattern
- "CN=(.*?),".
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
- If you are using namespace configuration with Spring Security, an
- AuthenticationManager will automatically be registered. This element simple allows you to
- define an alias to allow you to reference the authentication-manager in your own beans.
-
-
-
-
-
-
-
-
- The alias you wish to use for the AuthenticationManager
- bean
-
-
-
-
-
- Indicates that the contained user-service should be used as an
- authentication source.
-
-
-
-
-
-
- element which defines a password encoding strategy. Used by an
- authentication provider to convert submitted passwords to hashed versions, for
- example.
-
-
-
-
-
-
-
- A property of the UserDetails object which will be used as
- salt by a password encoder. Typically something like "username" might be
- used.
-
-
-
-
- A single value that will be used as the salt for a password
- encoder.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
-
-
-
- Creates an in-memory UserDetailsService from a properties file or a list of
- "user" child elements.
-
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
-
-
-
-
-
-
- Represents a user in the application.
-
-
-
-
-
-
-
-
- The username assigned to the user.
-
-
-
-
- The password assigned to the user. This may be hashed if the corresponding
- authentication provider supports hashing (remember to set the "hash" attribute of the
- "user-service" element).
-
-
-
-
- One of more authorities granted to the user. Separate authorities with a
- comma (but no space). For example, "ROLE_USER,ROLE_ADMINISTRATOR"
-
-
-
-
- Can be set to "true" to mark an account as locked and
- unusable.
-
-
-
-
- Can be set to "true" to mark an account as disabled and
- unusable.
-
-
-
-
-
- Causes creation of a JDBC-based UserDetailsService.
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
-
-
-
-
- The bean ID of the DataSource which provides the required
- tables.
-
-
-
-
- Defines a reference to a cache for use with a
- UserDetailsService.
-
-
-
-
- An SQL statement to query a username, password, and enabled status given a
- username
-
-
-
-
- An SQL statement to query for a user's granted authorities given a
- username.
-
-
-
-
- An SQL statement to query user's group authorities given a
- username.
-
-
-
-
- A non-empty string prefix that will be added to role strings loaded from
- persistent storage (e.g. "ROLE_").
-
-
-
-
-
-
-
-
-
-
-
- Used to indicate that a filter bean declaration should be incorporated into
- the security filter chain. If neither the 'after' or 'before' options are supplied, then the
- filter must implement the Ordered interface directly.
-
-
-
-
- The filter immediately after which the custom-filter should be placed in
- the chain. This feature will only be needed by advanced users who wish to mix their own
- filters into the security filter chain and have some knowledge of the standard Spring
- Security filters. The filter names map to specific Spring Security implementation
- filters.
-
-
-
-
- The filter immediately before which the custom-filter should be placed
- in the chain
-
-
-
-
- The explicit position at which the custom-filter should be placed in the
- chain. Use if you are replacing a standard filter.
-
-
-
-
-
-
-
- The filter immediately after which the custom-filter should be placed in
- the chain. This feature will only be needed by advanced users who wish to mix their own
- filters into the security filter chain and have some knowledge of the standard Spring
- Security filters. The filter names map to specific Spring Security implementation filters.
-
-
-
-
-
-
-
- The filter immediately before which the custom-filter should be placed in
- the chain
-
-
-
-
-
-
- The explicit position at which the custom-filter should be placed in the
- chain. Use if you are replacing a standard filter.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.2.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-2.0.2.xsd
deleted file mode 100644
index c80145e285..0000000000
--- a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.2.xsd
+++ /dev/null
@@ -1,1422 +0,0 @@
-
-
-
-
-
- Defines the hashing algorithm used on user passwords. We recommend
- strongly against using MD4, as it is a very weak hashing algorithm.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Whether a string should be base64 encoded
-
-
-
-
-
-
-
-
-
-
-
-
- Defines the type of pattern used to specify URL paths (either JDK
- 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if
- unspecified.
-
-
-
-
-
-
-
-
-
-
-
-
- Specifies an IP port number. Used to configure an embedded LDAP server,
- for example.
-
-
-
-
-
-
- Specifies a URL.
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
-
-
- Defines a reference to a Spring bean Id.
-
-
-
-
-
-
- Defines a reference to a cache for use with a
- UserDetailsService.
-
-
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
-
- A reference to a DataSource bean
-
-
-
-
-
-
- Defines a reference to a Spring bean Id.
-
-
-
-
- Defines the hashing algorithm used on user passwords. We recommend
- strongly against using MD4, as it is a very weak hashing algorithm.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Whether a string should be base64 encoded
-
-
-
-
-
-
-
-
-
-
-
-
- A property of the UserDetails object which will be used as salt by a
- password encoder. Typically something like "username" might be used.
-
-
-
-
-
-
- A single value that will be used as the salt for a password encoder.
-
-
-
-
-
-
-
-
-
-
-
-
-
- A non-empty string prefix that will be added to role strings loaded from
- persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the
- default is non-empty.
-
-
-
-
-
- Defines an LDAP server location or starts an embedded server. The url
- indicates the location of a remote server. If no url is given, an embedded server will be
- started, listening on the supplied port number. The port is optional and defaults to 33389.
- A Spring LDAP ContextSource bean will be registered for the server with the id supplied.
-
-
-
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
- Specifies a URL.
-
-
-
-
- Specifies an IP port number. Used to configure an embedded LDAP server,
- for example.
-
-
-
-
- Username (DN) of the "manager" user identity which will be used to
- authenticate to a (non-embedded) LDAP server. If omitted, anonymous access will be used.
-
-
-
-
-
-
- Explicitly specifies an ldif file resource to load into an embedded LDAP
- server
-
-
-
-
- Optional root suffix for the embedded LDAP server. Default is
- "dc=springframework,dc=org"
-
-
-
-
-
-
- The optional server to use. If omitted, and a default LDAP server is
- registered (using <ldap-server> with no Id), that server will be used.
-
-
-
-
-
-
-
- Group search filter. Defaults to (uniqueMember={0}). The substituted
- parameter is the DN of the user.
-
-
-
-
-
-
- Search base for group membership searches. Defaults to
- "ou=groups".
-
-
-
-
-
-
-
-
-
- Search base for user searches. Defaults to "".
-
-
-
-
-
-
- The LDAP attribute name which contains the role name which will be used
- within Spring Security. Defaults to "cn".
-
-
-
-
-
-
- Allows the objectClass of the user entry to be specified. If set, the
- framework will attempt to load standard attributes for the defined class into the returned
- UserDetails object
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
- The optional server to use. If omitted, and a default LDAP server is
- registered (using <ldap-server> with no Id), that server will be used.
-
-
-
-
-
-
- Search base for user searches. Defaults to "".
-
-
-
-
- Group search filter. Defaults to (uniqueMember={0}). The substituted
- parameter is the DN of the user.
-
-
-
-
- Search base for group membership searches. Defaults to
- "ou=groups".
-
-
-
-
- The LDAP attribute name which contains the role name which will be used
- within Spring Security. Defaults to "cn".
-
-
-
-
- Defines a reference to a cache for use with a
- UserDetailsService.
-
-
-
-
- A non-empty string prefix that will be added to role strings loaded from
- persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the
- default is non-empty.
-
-
-
-
- Allows the objectClass of the user entry to be specified. If set, the
- framework will attempt to load standard attributes for the defined class into the returned
- UserDetails object
-
-
-
-
-
-
-
-
-
-
-
- Sets up an ldap authentication provider
-
-
-
-
-
- Specifies that an LDAP provider should use an LDAP compare operation
- of the user's password to authenticate the user
-
-
-
-
-
- element which defines a password encoding strategy. Used by an
- authentication provider to convert submitted passwords to hashed versions, for
- example.
-
-
-
-
-
-
-
- A property of the UserDetails object which will be
- used as salt by a password encoder. Typically something like
- "username" might be used.
-
-
-
-
- A single value that will be used as the salt for a
- password encoder.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- The optional server to use. If omitted, and a default LDAP server is
- registered (using <ldap-server> with no Id), that server will be used.
-
-
-
-
-
- Search base for user searches. Defaults to "".
-
-
-
-
-
- Search base for group membership searches. Defaults to
- "ou=groups".
-
-
-
-
- Group search filter. Defaults to (uniqueMember={0}). The substituted
- parameter is the DN of the user.
-
-
-
-
- The LDAP attribute name which contains the role name which will be used
- within Spring Security. Defaults to "cn".
-
-
-
-
- A specific pattern used to build the user's DN, for example
- "uid={0},ou=people". The key "{0}" must be present and will be substituted with the
- username.
-
-
-
-
- A non-empty string prefix that will be added to role strings loaded from
- persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the
- default is non-empty.
-
-
-
-
- Allows the objectClass of the user entry to be specified. If set, the
- framework will attempt to load standard attributes for the defined class into the returned
- UserDetails object
-
-
-
-
-
-
-
-
-
-
-
-
- The attribute in the directory which contains the user password. Defaults
- to "userPassword".
-
-
-
-
- Defines the hashing algorithm used on user passwords. We recommend
- strongly against using MD4, as it is a very weak hashing algorithm.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Can be used inside a bean definition to add a security interceptor to the
- bean and set up access configuration attributes for the bean's methods
-
-
-
-
-
- Defines a protected method and the access control configuration
- attributes that apply to it. We strongly advise you NOT to mix "protect" declarations
- with any services provided "global-method-security".
-
-
-
-
-
-
-
-
-
-
-
-
- Optional AccessDecisionManager bean ID to be used by the created method
- security interceptor.
-
-
-
-
-
-
- A method name
-
-
-
-
- Access configuration attributes list that applies to the method, e.g.
- "ROLE_A,ROLE_B".
-
-
-
-
-
- Provides method security for all beans registered in the Spring application
- context. Specifically, beans will be scanned for Spring Security annotations and/or matches
- with the ordered list of "protect-pointcut" sub-elements. Where there is a match, the beans
- will automatically be proxied and security authorization applied to the methods accordingly.
- If you use and enable all three sources of method security metadata (ie "protect-pointcut"
- declarations, @Secured and also JSR 250 security annotations), the metadata sources will be
- queried in that order. In practical terms, this enables you to use XML to override method
- security metadata expressed by way of @Secured annotations, with @Secured annotations
- overriding method security metadata expressed by JSR 250 annotations. It is perfectly
- acceptable to mix and match, with a given Java type using a combination of XML, @Secured and
- JSR 250 to express method security metadata (albeit on different
- methods).
-
-
-
-
-
- Defines a protected pointcut and the access control configuration
- attributes that apply to it. Every bean registered in the Spring application context
- that provides a method that matches the pointcut will receive security
- authorization.
-
-
-
-
-
-
-
-
-
-
-
-
- Specifies whether the use of Spring Security's @Secured annotations should
- be enabled for this application context. Please ensure you have the
- spring-security-tiger-xxx.jar on the classpath. Defaults to "disabled".
-
-
-
-
-
-
-
-
-
-
- Specifies whether JSR-250 style attributes are to be used (for example
- "RolesAllowed"). This will require the javax.annotation.security classes on the classpath.
- Defaults to "disabled".
-
-
-
-
-
-
-
-
-
-
- Optional AccessDecisionManager bean ID to override the default used for
- method security.
-
-
-
-
-
-
-
-
-
- An AspectJ expression, including the 'execution' keyword. For example,
- 'execution(int com.foo.TargetObject.countLength(String))' (without the
- quotes).
-
-
-
-
- Access configuration attributes list that applies to all methods matching
- the pointcut, e.g. "ROLE_A,ROLE_B"
-
-
-
-
-
- Container element for HTTP security configuration
-
-
-
-
-
- Specifies the access attributes and/or filter list for a particular
- set of URLs.
-
-
-
-
-
-
-
- Sets up a form login configuration for authentication with a username
- and password
-
-
-
-
-
-
-
-
- Adds support for X.509 client authentication.
-
-
-
-
-
-
-
- Adds support for basic authentication (this is an element to permit
- future expansion, such as supporting an "ignoreFailure" attribute)
-
-
-
-
-
- Incorporates a logout processing filter. Most web applications require
- a logout filter, although you may not require one if you write a controller to
- provider similar logic.
-
-
-
-
-
-
-
- Adds support for concurrent session control, allowing limits to be
- placed on the number of sessions a user can have.
-
-
-
-
-
-
-
- Sets up remember-me authentication. If used with the "key" attribute
- (or no attributes) the cookie-only implementation will be used. Specifying
- "token-repository-ref" or "remember-me-data-source-ref" will use the more secure,
- persisten token approach.
-
-
-
-
-
-
-
- Adds support for automatically granting all anonymous web requests a
- particular principal identity and a corresponding granted
- authority.
-
-
-
-
-
-
-
- Defines the list of mappings between http and https ports for use in
- redirects
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Automatically registers a login form, BASIC authentication, anonymous
- authentication, logout services, remember-me and servlet-api-integration. If set to
- "true", all of these capabilities are added (although you can still customize the
- configuration of each by providing the respective element). If unspecified, defaults to
- "false".
-
-
-
-
- Controls the eagerness with which an HTTP session is created. If not set,
- defaults to "ifRequired".
-
-
-
-
-
-
-
-
-
-
-
- Defines the type of pattern used to specify URL paths (either JDK
- 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if
- unspecified.
-
-
-
-
-
-
-
-
-
-
- Whether test URLs should be converted to lower case prior to comparing
- with defined path patterns. If unspecified, defaults to "true".
-
-
-
-
- Provides versions of HttpServletRequest security methods such as
- isUserInRole() and getPrincipal() which are implemented by accessing the Spring
- SecurityContext. Defaults to "true".
-
-
-
-
- Optional attribute specifying the ID of the AccessDecisionManager
- implementation which should be used for authorizing HTTP requests.
-
-
-
-
- Optional attribute specifying the realm name that will be used for all
- authentication features that require a realm name (eg BASIC and Digest authentication). If
- unspecified, defaults to "Spring Security Application".
-
-
-
-
- Indicates whether an existing session should be invalidated when a user
- authenticates and a new session started. If set to "none" no change will be made.
- "newSession" will create a new empty session. "migrateSession" will create a new session
- and copy the session attributes to the new session. Defaults to
- "migrateSession".
-
-
-
-
-
-
-
-
-
-
-
- Allows a customized AuthenticationEntryPoint to be
- used.
-
-
-
-
- Corresponds to the observeOncePerRequest property of
- FilterSecurityInterceptor. Defaults to "true"
-
-
-
-
- Allows the access denied page to be set (the user will be redirected here
- if an AccessDeniedException is raised).
-
-
-
-
-
-
- The pattern which defines the URL path. The content will depend on the
- type set in the containing http element, so will default to ant path
- syntax.
-
-
-
-
- The access configuration attributes that apply for the configured
- path.
-
-
-
-
- The HTTP Method for which the access configuration attributes should
- apply. If not specified, the attributes will apply to any method.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- The filter list for the path. Currently can be set to "none" to remove a
- path from having any filters applied. The full filter stack (consisting of all filters
- created by the namespace configuration, and any added using 'custom-filter'), will be
- applied to any other paths.
-
-
-
-
-
-
-
-
-
- Used to specify that a URL must be accessed over http or
- https
-
-
-
-
-
-
-
-
-
-
-
-
-
- Specifies the URL that will cause a logout. Spring Security will
- initialize a filter that responds to this particular URL. Defaults to
- /j_spring_security_logout if unspecified.
-
-
-
-
- Specifies the URL to display once the user has logged out. If not
- specified, defaults to /.
-
-
-
-
- Specifies whether a logout also causes HttpSession invalidation, which is
- generally desirable. If unspecified, defaults to true.
-
-
-
-
-
-
- The URL that the login form is posted to. If unspecified, it defaults to
- /j_spring_security_check.
-
-
-
-
- The URL that will be redirected to after successful authentication, if the
- user's previous action could not be resumed. This generally happens if the user visits a
- login page without having first requested a secured operation that triggers
- authentication. If unspecified, defaults to the root of the
- application.
-
-
-
-
- Whether the user should always be redirected to the default-target-url
- after login.
-
-
-
-
- The URL for the login page. If no login URL is specified, Spring Security
- will automatically create a login URL at /spring_security_login and a corresponding filter
- to render that login URL when requested.
-
-
-
-
- The URL for the login failure page. If no login failure URL is specified,
- Spring Security will automatically create a failure login URL at
- /spring_security_login?login_error and a corresponding filter to render that login failure
- URL when requested.
-
-
-
-
-
- Sets up form login for authentication with an Open ID
- identity
-
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
-
- Used to explicitly configure a FilterChainProxy instance with a
- FilterChainMap
-
-
-
-
-
- Used within filter-chain-map to define a specific URL pattern and the
- list of filters which apply to the URLs matching that pattern. When multiple
- filter-chain elements are used within a filter-chain-map element, the most specific
- patterns must be placed at the top of the list, with most general ones at the
- bottom.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Used to explicitly configure a FilterInvocationDefinitionSource bean for use
- with a FilterSecurityInterceptor. Usually only needed if you are configuring a
- FilterChainProxy explicitly, rather than using the <http> element. The
- intercept-url elements used should only contain pattern, method and access attributes. Any
- others will result in a configuration error.
-
-
-
-
-
- Specifies the access attributes and/or filter list for a particular
- set of URLs.
-
-
-
-
-
-
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
- as for http element
-
-
-
-
- Defines the type of pattern used to specify URL paths (either JDK
- 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if
- unspecified.
-
-
-
-
-
-
-
-
-
-
-
-
-
- The URL a user will be redirected to if they attempt to use a session
- which has been "expired" by the concurrent session controller.
-
-
-
-
- Specifies that an exception should be raised when a user attempts to login
- twice. The default behaviour is to expire the original session.
-
-
-
-
- Allows you to define an alias for the SessionRegistry bean in order to
- access it in your own configuration
-
-
-
-
- A reference to an external SessionRegistry implementation which will be
- used in place of the standard one.
-
-
-
-
-
-
- The "key" used to identify cookies from a specific token-based remember-me
- application. You should set this to a unique value for your
- application.
-
-
-
-
- Reference to a PersistentTokenRepository bean for use with the persistent
- token remember-me implementation.
-
-
-
-
- A reference to a DataSource bean
-
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
- The period (in seconds) for which the remember-me cookie should be valid.
-
-
-
-
-
-
-
- Reference to a PersistentTokenRepository bean for use with the persistent
- token remember-me implementation.
-
-
-
-
-
-
- Allows a custom implementation of RememberMeServices to be used. Note that
- this implementation should return RememberMeAuthenticationToken instances with the same
- "key" value as specified in the remember-me element. Alternatively it should register its
- own AuthenticationProvider.
-
-
-
-
-
-
-
-
-
- The key shared between the provider and filter. This generally does not
- need to be set. If unset, it will default to "doesNotMatter".
-
-
-
-
- The username that should be assigned to the anonymous request. This allows
- the principal to be identified, which may be important for logging and auditing. if unset,
- defaults to "anonymousUser".
-
-
-
-
- The granted authority that should be assigned to the anonymous request.
- Commonly this is used to assign the anonymous request particular roles, which can
- subsequently be used in authorization decisions. If unset, defaults to
- "ROLE_ANONYMOUS".
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- The regular expression used to obtain the username from the certificate's
- subject. Defaults to matching on the common name using the pattern
- "CN=(.*?),".
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
- If you are using namespace configuration with Spring Security, an
- AuthenticationManager will automatically be registered. This element allows you to define an
- alias to allow you to reference the authentication-manager in your own beans.
-
-
-
-
-
-
-
-
-
- The alias you wish to use for the AuthenticationManager
- bean
-
-
-
-
- Allows the session controller to be set on the internal
- AuthenticationManager. This should not be used with the <concurrent-session-control
- /> element
-
-
-
-
-
- Indicates that the contained user-service should be used as an
- authentication source.
-
-
-
-
-
-
- element which defines a password encoding strategy. Used by an
- authentication provider to convert submitted passwords to hashed versions, for
- example.
-
-
-
-
-
-
-
- A property of the UserDetails object which will be used as
- salt by a password encoder. Typically something like "username" might be
- used.
-
-
-
-
- A single value that will be used as the salt for a password
- encoder.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
-
-
-
- Creates an in-memory UserDetailsService from a properties file or a list of
- "user" child elements.
-
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
-
-
-
-
-
-
- Represents a user in the application.
-
-
-
-
-
-
-
-
- The username assigned to the user.
-
-
-
-
- The password assigned to the user. This may be hashed if the corresponding
- authentication provider supports hashing (remember to set the "hash" attribute of the
- "user-service" element).
-
-
-
-
- One of more authorities granted to the user. Separate authorities with a
- comma (but no space). For example, "ROLE_USER,ROLE_ADMINISTRATOR"
-
-
-
-
- Can be set to "true" to mark an account as locked and
- unusable.
-
-
-
-
- Can be set to "true" to mark an account as disabled and
- unusable.
-
-
-
-
-
- Causes creation of a JDBC-based UserDetailsService.
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
-
-
-
-
- The bean ID of the DataSource which provides the required
- tables.
-
-
-
-
- Defines a reference to a cache for use with a
- UserDetailsService.
-
-
-
-
- An SQL statement to query a username, password, and enabled status given a
- username
-
-
-
-
- An SQL statement to query for a user's granted authorities given a
- username.
-
-
-
-
- An SQL statement to query user's group authorities given a
- username.
-
-
-
-
- A non-empty string prefix that will be added to role strings loaded from
- persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the
- default is non-empty.
-
-
-
-
-
-
-
-
-
-
-
- Used to indicate that a filter bean declaration should be incorporated into
- the security filter chain. If neither the 'after' or 'before' options are supplied, then the
- filter must implement the Ordered interface directly.
-
-
-
-
- The filter immediately after which the custom-filter should be placed in
- the chain. This feature will only be needed by advanced users who wish to mix their own
- filters into the security filter chain and have some knowledge of the standard Spring
- Security filters. The filter names map to specific Spring Security implementation
- filters.
-
-
-
-
- The filter immediately before which the custom-filter should be placed
- in the chain
-
-
-
-
- The explicit position at which the custom-filter should be placed in the
- chain. Use if you are replacing a standard filter.
-
-
-
-
-
-
-
- The filter immediately after which the custom-filter should be placed in
- the chain. This feature will only be needed by advanced users who wish to mix their own
- filters into the security filter chain and have some knowledge of the standard Spring
- Security filters. The filter names map to specific Spring Security implementation filters.
-
-
-
-
-
-
-
- The filter immediately before which the custom-filter should be placed in
- the chain
-
-
-
-
-
-
- The explicit position at which the custom-filter should be placed in the
- chain. Use if you are replacing a standard filter.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.4.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-2.0.4.xsd
deleted file mode 100644
index 34844f4a38..0000000000
--- a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.4.xsd
+++ /dev/null
@@ -1,1468 +0,0 @@
-
-
-
-
-
- Defines the hashing algorithm used on user passwords. We recommend
- strongly against using MD4, as it is a very weak hashing algorithm.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Whether a string should be base64 encoded
-
-
-
-
-
-
-
-
-
-
-
-
- Defines the type of pattern used to specify URL paths (either JDK
- 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if
- unspecified.
-
-
-
-
-
-
-
-
-
-
-
-
- Specifies an IP port number. Used to configure an embedded LDAP server,
- for example.
-
-
-
-
-
-
- Specifies a URL.
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
-
-
- Defines a reference to a Spring bean Id.
-
-
-
-
-
-
- Defines a reference to a cache for use with a
- UserDetailsService.
-
-
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
-
- A reference to a DataSource bean
-
-
-
-
-
-
- Defines a reference to a Spring bean Id.
-
-
-
-
- Defines the hashing algorithm used on user passwords. We recommend
- strongly against using MD4, as it is a very weak hashing algorithm.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Whether a string should be base64 encoded
-
-
-
-
-
-
-
-
-
-
-
-
- A property of the UserDetails object which will be used as salt by a
- password encoder. Typically something like "username" might be used.
-
-
-
-
-
-
- A single value that will be used as the salt for a password encoder.
-
-
-
-
-
-
-
-
-
-
-
-
-
- A non-empty string prefix that will be added to role strings loaded from
- persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the
- default is non-empty.
-
-
-
-
-
- Defines an LDAP server location or starts an embedded server. The url
- indicates the location of a remote server. If no url is given, an embedded server will be
- started, listening on the supplied port number. The port is optional and defaults to 33389.
- A Spring LDAP ContextSource bean will be registered for the server with the id supplied.
-
-
-
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
- Specifies a URL.
-
-
-
-
- Specifies an IP port number. Used to configure an embedded LDAP server,
- for example.
-
-
-
-
- Username (DN) of the "manager" user identity which will be used to
- authenticate to a (non-embedded) LDAP server. If omitted, anonymous access will be used.
-
-
-
-
-
- The password for the manager DN.
-
-
-
-
- Explicitly specifies an ldif file resource to load into an embedded LDAP
- server
-
-
-
-
- Optional root suffix for the embedded LDAP server. Default is
- "dc=springframework,dc=org"
-
-
-
-
-
-
- The optional server to use. If omitted, and a default LDAP server is
- registered (using <ldap-server> with no Id), that server will be used.
-
-
-
-
-
-
-
- Group search filter. Defaults to (uniqueMember={0}). The substituted
- parameter is the DN of the user.
-
-
-
-
-
-
- Search base for group membership searches. Defaults to
- "ou=groups".
-
-
-
-
-
-
- The LDAP filter used to search for users (optional). For example
- "(uid={0})". The substituted parameter is the user's login name.
-
-
-
-
-
-
- Search base for user searches. Defaults to "". Only used with a
- 'user-search-filter'.
-
-
-
-
-
-
- The LDAP attribute name which contains the role name which will be used
- within Spring Security. Defaults to "cn".
-
-
-
-
-
-
- Allows the objectClass of the user entry to be specified. If set, the
- framework will attempt to load standard attributes for the defined class into the returned
- UserDetails object
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
- The optional server to use. If omitted, and a default LDAP server is
- registered (using <ldap-server> with no Id), that server will be used.
-
-
-
-
-
- The LDAP filter used to search for users (optional). For example
- "(uid={0})". The substituted parameter is the user's login name.
-
-
-
-
- Search base for user searches. Defaults to "". Only used with a
- 'user-search-filter'.
-
-
-
-
- Group search filter. Defaults to (uniqueMember={0}). The substituted
- parameter is the DN of the user.
-
-
-
-
- Search base for group membership searches. Defaults to
- "ou=groups".
-
-
-
-
- The LDAP attribute name which contains the role name which will be used
- within Spring Security. Defaults to "cn".
-
-
-
-
- Defines a reference to a cache for use with a
- UserDetailsService.
-
-
-
-
- A non-empty string prefix that will be added to role strings loaded from
- persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the
- default is non-empty.
-
-
-
-
- Allows the objectClass of the user entry to be specified. If set, the
- framework will attempt to load standard attributes for the defined class into the returned
- UserDetails object
-
-
-
-
-
-
-
-
-
-
-
- Sets up an ldap authentication provider
-
-
-
-
-
- Specifies that an LDAP provider should use an LDAP compare operation
- of the user's password to authenticate the user
-
-
-
-
-
- element which defines a password encoding strategy. Used by an
- authentication provider to convert submitted passwords to hashed versions, for
- example.
-
-
-
-
-
- Password salting strategy. A system-wide constant or a
- property from the UserDetails object can be used.
-
-
-
-
- A property of the UserDetails object which will be
- used as salt by a password encoder. Typically something like
- "username" might be used.
-
-
-
-
- A single value that will be used as the salt for a
- password encoder.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- The optional server to use. If omitted, and a default LDAP server is
- registered (using <ldap-server> with no Id), that server will be used.
-
-
-
-
-
- Search base for user searches. Defaults to "". Only used with a
- 'user-search-filter'.
-
-
-
-
- The LDAP filter used to search for users (optional). For example
- "(uid={0})". The substituted parameter is the user's login name.
-
-
-
-
- Search base for group membership searches. Defaults to
- "ou=groups".
-
-
-
-
- Group search filter. Defaults to (uniqueMember={0}). The substituted
- parameter is the DN of the user.
-
-
-
-
- The LDAP attribute name which contains the role name which will be used
- within Spring Security. Defaults to "cn".
-
-
-
-
- A specific pattern used to build the user's DN, for example
- "uid={0},ou=people". The key "{0}" must be present and will be substituted with the
- username.
-
-
-
-
- A non-empty string prefix that will be added to role strings loaded from
- persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the
- default is non-empty.
-
-
-
-
- Allows the objectClass of the user entry to be specified. If set, the
- framework will attempt to load standard attributes for the defined class into the returned
- UserDetails object
-
-
-
-
-
-
-
-
-
-
-
-
- The attribute in the directory which contains the user password. Defaults
- to "userPassword".
-
-
-
-
- Defines the hashing algorithm used on user passwords. We recommend
- strongly against using MD4, as it is a very weak hashing algorithm.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Can be used inside a bean definition to add a security interceptor to the
- bean and set up access configuration attributes for the bean's methods
-
-
-
-
-
- Defines a protected method and the access control configuration
- attributes that apply to it. We strongly advise you NOT to mix "protect" declarations
- with any services provided "global-method-security".
-
-
-
-
-
-
-
-
-
-
-
-
- Optional AccessDecisionManager bean ID to be used by the created method
- security interceptor.
-
-
-
-
-
-
- A method name
-
-
-
-
- Access configuration attributes list that applies to the method, e.g.
- "ROLE_A,ROLE_B".
-
-
-
-
-
- Provides method security for all beans registered in the Spring application
- context. Specifically, beans will be scanned for Spring Security annotations and/or matches
- with the ordered list of "protect-pointcut" sub-elements. Where there is a match, the beans
- will automatically be proxied and security authorization applied to the methods accordingly.
- If you use and enable all three sources of method security metadata (ie "protect-pointcut"
- declarations, @Secured and also JSR 250 security annotations), the metadata sources will be
- queried in that order. In practical terms, this enables you to use XML to override method
- security metadata expressed by way of @Secured annotations, with @Secured annotations
- overriding method security metadata expressed by JSR 250 annotations. It is perfectly
- acceptable to mix and match, with a given Java type using a combination of XML, @Secured and
- JSR 250 to express method security metadata (albeit on different
- methods).
-
-
-
-
-
- Defines a protected pointcut and the access control configuration
- attributes that apply to it. Every bean registered in the Spring application context
- that provides a method that matches the pointcut will receive security
- authorization.
-
-
-
-
-
-
-
-
-
-
-
-
- Specifies whether the use of Spring Security's @Secured annotations should
- be enabled for this application context. Please ensure you have the
- spring-security-tiger-xxx.jar on the classpath. Defaults to "disabled".
-
-
-
-
-
-
-
-
-
-
- Specifies whether JSR-250 style attributes are to be used (for example
- "RolesAllowed"). This will require the javax.annotation.security classes on the classpath.
- Defaults to "disabled".
-
-
-
-
-
-
-
-
-
-
- Optional AccessDecisionManager bean ID to override the default used for
- method security.
-
-
-
-
-
- Used to decorate an AfterInvocationProvider to specify that it should be
- used with method security.
-
-
-
-
-
-
- An AspectJ expression, including the 'execution' keyword. For example,
- 'execution(int com.foo.TargetObject.countLength(String))' (without the
- quotes).
-
-
-
-
- Access configuration attributes list that applies to all methods matching
- the pointcut, e.g. "ROLE_A,ROLE_B"
-
-
-
-
-
- Container element for HTTP security configuration
-
-
-
-
-
- Specifies the access attributes and/or filter list for a particular
- set of URLs.
-
-
-
-
-
-
-
- Sets up a form login configuration for authentication with a username
- and password
-
-
-
-
-
-
-
-
- Adds support for X.509 client authentication.
-
-
-
-
-
-
-
- Adds support for basic authentication (this is an element to permit
- future expansion, such as supporting an "ignoreFailure" attribute)
-
-
-
-
-
- Incorporates a logout processing filter. Most web applications require
- a logout filter, although you may not require one if you write a controller to
- provider similar logic.
-
-
-
-
-
-
-
- Adds support for concurrent session control, allowing limits to be
- placed on the number of sessions a user can have.
-
-
-
-
-
-
-
- Sets up remember-me authentication. If used with the "key" attribute
- (or no attributes) the cookie-only implementation will be used. Specifying
- "token-repository-ref" or "remember-me-data-source-ref" will use the more secure,
- persisten token approach.
-
-
-
-
-
-
-
- Adds support for automatically granting all anonymous web requests a
- particular principal identity and a corresponding granted
- authority.
-
-
-
-
-
-
-
- Defines the list of mappings between http and https ports for use in
- redirects
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Automatically registers a login form, BASIC authentication, anonymous
- authentication, logout services, remember-me and servlet-api-integration. If set to
- "true", all of these capabilities are added (although you can still customize the
- configuration of each by providing the respective element). If unspecified, defaults to
- "false".
-
-
-
-
- Controls the eagerness with which an HTTP session is created. If not set,
- defaults to "ifRequired".
-
-
-
-
-
-
-
-
-
-
-
- Defines the type of pattern used to specify URL paths (either JDK
- 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if
- unspecified.
-
-
-
-
-
-
-
-
-
-
- Whether test URLs should be converted to lower case prior to comparing
- with defined path patterns. If unspecified, defaults to "true".
-
-
-
-
- Provides versions of HttpServletRequest security methods such as
- isUserInRole() and getPrincipal() which are implemented by accessing the Spring
- SecurityContext. Defaults to "true".
-
-
-
-
- Optional attribute specifying the ID of the AccessDecisionManager
- implementation which should be used for authorizing HTTP requests.
-
-
-
-
- Optional attribute specifying the realm name that will be used for all
- authentication features that require a realm name (eg BASIC and Digest authentication). If
- unspecified, defaults to "Spring Security Application".
-
-
-
-
- Indicates whether an existing session should be invalidated when a user
- authenticates and a new session started. If set to "none" no change will be made.
- "newSession" will create a new empty session. "migrateSession" will create a new session
- and copy the session attributes to the new session. Defaults to
- "migrateSession".
-
-
-
-
-
-
-
-
-
-
-
- Allows a customized AuthenticationEntryPoint to be
- used.
-
-
-
-
- Corresponds to the observeOncePerRequest property of
- FilterSecurityInterceptor. Defaults to "true"
-
-
-
-
- Allows the access denied page to be set (the user will be redirected here
- if an AccessDeniedException is raised).
-
-
-
-
-
-
- The pattern which defines the URL path. The content will depend on the
- type set in the containing http element, so will default to ant path
- syntax.
-
-
-
-
- The access configuration attributes that apply for the configured
- path.
-
-
-
-
- The HTTP Method for which the access configuration attributes should
- apply. If not specified, the attributes will apply to any method.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- The filter list for the path. Currently can be set to "none" to remove a
- path from having any filters applied. The full filter stack (consisting of all filters
- created by the namespace configuration, and any added using 'custom-filter'), will be
- applied to any other paths.
-
-
-
-
-
-
-
-
-
- Used to specify that a URL must be accessed over http or https, or that
- there is no preference.
-
-
-
-
-
-
-
-
-
-
-
-
-
- Specifies the URL that will cause a logout. Spring Security will
- initialize a filter that responds to this particular URL. Defaults to
- /j_spring_security_logout if unspecified.
-
-
-
-
- Specifies the URL to display once the user has logged out. If not
- specified, defaults to /.
-
-
-
-
- Specifies whether a logout also causes HttpSession invalidation, which is
- generally desirable. If unspecified, defaults to true.
-
-
-
-
-
-
- The URL that the login form is posted to. If unspecified, it defaults to
- /j_spring_security_check.
-
-
-
-
- The URL that will be redirected to after successful authentication, if the
- user's previous action could not be resumed. This generally happens if the user visits a
- login page without having first requested a secured operation that triggers
- authentication. If unspecified, defaults to the root of the
- application.
-
-
-
-
- Whether the user should always be redirected to the default-target-url
- after login.
-
-
-
-
- The URL for the login page. If no login URL is specified, Spring Security
- will automatically create a login URL at /spring_security_login and a corresponding filter
- to render that login URL when requested.
-
-
-
-
- The URL for the login failure page. If no login failure URL is specified,
- Spring Security will automatically create a failure login URL at
- /spring_security_login?login_error and a corresponding filter to render that login failure
- URL when requested.
-
-
-
-
-
- Sets up form login for authentication with an Open ID
- identity
-
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
-
- Used to explicitly configure a FilterChainProxy instance with a
- FilterChainMap
-
-
-
-
-
- Used within filter-chain-map to define a specific URL pattern and the
- list of filters which apply to the URLs matching that pattern. When multiple
- filter-chain elements are used within a filter-chain-map element, the most specific
- patterns must be placed at the top of the list, with most general ones at the
- bottom.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Used to explicitly configure a FilterInvocationDefinitionSource bean for use
- with a FilterSecurityInterceptor. Usually only needed if you are configuring a
- FilterChainProxy explicitly, rather than using the <http> element. The
- intercept-url elements used should only contain pattern, method and access attributes. Any
- others will result in a configuration error.
-
-
-
-
-
- Specifies the access attributes and/or filter list for a particular
- set of URLs.
-
-
-
-
-
-
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
- as for http element
-
-
-
-
- Defines the type of pattern used to specify URL paths (either JDK
- 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if
- unspecified.
-
-
-
-
-
-
-
-
-
-
-
-
- The maximum number of sessions a single user can have open at the same
- time. Defaults to "1".
-
-
-
-
- The URL a user will be redirected to if they attempt to use a session
- which has been "expired" by the concurrent session controller because they have logged in
- again.
-
-
-
-
- Specifies that an exception should be raised when a user attempts to login
- when they already have the maximum configured sessions open. The default behaviour is to
- expire the original session.
-
-
-
-
- Allows you to define an alias for the SessionRegistry bean in order to
- access it in your own configuration
-
-
-
-
- A reference to an external SessionRegistry implementation which will be
- used in place of the standard one.
-
-
-
-
-
-
- The "key" used to identify cookies from a specific token-based remember-me
- application. You should set this to a unique value for your
- application.
-
-
-
-
- Reference to a PersistentTokenRepository bean for use with the persistent
- token remember-me implementation.
-
-
-
-
- A reference to a DataSource bean
-
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
- The period (in seconds) for which the remember-me cookie should be valid.
-
-
-
-
-
-
-
- Reference to a PersistentTokenRepository bean for use with the persistent
- token remember-me implementation.
-
-
-
-
-
-
- Allows a custom implementation of RememberMeServices to be used. Note that
- this implementation should return RememberMeAuthenticationToken instances with the same
- "key" value as specified in the remember-me element. Alternatively it should register its
- own AuthenticationProvider.
-
-
-
-
-
-
-
-
-
- The key shared between the provider and filter. This generally does not
- need to be set. If unset, it will default to "doesNotMatter".
-
-
-
-
- The username that should be assigned to the anonymous request. This allows
- the principal to be identified, which may be important for logging and auditing. if unset,
- defaults to "anonymousUser".
-
-
-
-
- The granted authority that should be assigned to the anonymous request.
- Commonly this is used to assign the anonymous request particular roles, which can
- subsequently be used in authorization decisions. If unset, defaults to
- "ROLE_ANONYMOUS".
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- The regular expression used to obtain the username from the certificate's
- subject. Defaults to matching on the common name using the pattern
- "CN=(.*?),".
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
- If you are using namespace configuration with Spring Security, an
- AuthenticationManager will automatically be registered. This element allows you to define an
- alias to allow you to reference the authentication-manager in your own beans.
-
-
-
-
-
-
-
-
-
- The alias you wish to use for the AuthenticationManager
- bean
-
-
-
-
- Allows the session controller to be set on the internal
- AuthenticationManager. This should not be used with the <concurrent-session-control
- /> element
-
-
-
-
-
- Indicates that the contained user-service should be used as an
- authentication source.
-
-
-
-
-
-
- element which defines a password encoding strategy. Used by an
- authentication provider to convert submitted passwords to hashed versions, for
- example.
-
-
-
-
-
- Password salting strategy. A system-wide constant or a property
- from the UserDetails object can be used.
-
-
-
-
- A property of the UserDetails object which will be used as
- salt by a password encoder. Typically something like "username" might be
- used.
-
-
-
-
- A single value that will be used as the salt for a password
- encoder.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
- Element used to decorate an AuthenticationProvider bean to add it to the
- internal AuthenticationManager maintained by the namespace.
-
-
-
-
-
- Creates an in-memory UserDetailsService from a properties file or a list of
- "user" child elements.
-
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
-
-
-
-
-
-
- Represents a user in the application.
-
-
-
-
-
-
-
-
- The username assigned to the user.
-
-
-
-
- The password assigned to the user. This may be hashed if the corresponding
- authentication provider supports hashing (remember to set the "hash" attribute of the
- "user-service" element).
-
-
-
-
- One of more authorities granted to the user. Separate authorities with a
- comma (but no space). For example, "ROLE_USER,ROLE_ADMINISTRATOR"
-
-
-
-
- Can be set to "true" to mark an account as locked and
- unusable.
-
-
-
-
- Can be set to "true" to mark an account as disabled and
- unusable.
-
-
-
-
-
- Causes creation of a JDBC-based UserDetailsService.
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
-
-
-
-
- The bean ID of the DataSource which provides the required
- tables.
-
-
-
-
- Defines a reference to a cache for use with a
- UserDetailsService.
-
-
-
-
- An SQL statement to query a username, password, and enabled status given a
- username
-
-
-
-
- An SQL statement to query for a user's granted authorities given a
- username.
-
-
-
-
- An SQL statement to query user's group authorities given a
- username.
-
-
-
-
- A non-empty string prefix that will be added to role strings loaded from
- persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the
- default is non-empty.
-
-
-
-
-
-
-
-
-
-
-
- Used to indicate that a filter bean declaration should be incorporated into
- the security filter chain. If neither the 'after' or 'before' options are supplied, then the
- filter must implement the Ordered interface directly.
-
-
-
-
- The filter immediately after which the custom-filter should be placed in
- the chain. This feature will only be needed by advanced users who wish to mix their own
- filters into the security filter chain and have some knowledge of the standard Spring
- Security filters. The filter names map to specific Spring Security implementation
- filters.
-
-
-
-
- The filter immediately before which the custom-filter should be placed
- in the chain
-
-
-
-
- The explicit position at which the custom-filter should be placed in the
- chain. Use if you are replacing a standard filter.
-
-
-
-
-
-
-
- The filter immediately after which the custom-filter should be placed in
- the chain. This feature will only be needed by advanced users who wish to mix their own
- filters into the security filter chain and have some knowledge of the standard Spring
- Security filters. The filter names map to specific Spring Security implementation filters.
-
-
-
-
-
-
-
- The filter immediately before which the custom-filter should be placed in
- the chain
-
-
-
-
-
-
- The explicit position at which the custom-filter should be placed in the
- chain. Use if you are replacing a standard filter.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
deleted file mode 100644
index 1106f7a78a..0000000000
--- a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
+++ /dev/null
@@ -1,1251 +0,0 @@
-
-
-
-
-
- Defines the hashing algorithm used on user passwords. We recommend
- strongly against using MD4, as it is a very weak hashing algorithm.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Whether a string should be base64 encoded
-
-
-
-
-
-
-
-
-
-
-
-
- Defines the type of pattern used to specify URL paths (either JDK
- 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if
- unspecified.
-
-
-
-
-
-
-
-
-
-
-
-
- Specifies an IP port number. Used to configure an embedded LDAP server,
- for example.
-
-
-
-
-
-
- Specifies a URL.
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
-
-
- Defines a reference to a Spring bean Id.
-
-
-
-
-
-
- Defines a reference to a cache for use with a
- UserDetailsService.
-
-
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
-
- Defines a reference to a Spring bean Id.
-
-
-
-
- Defines the hashing algorithm used on user passwords. We recommend
- strongly against using MD4, as it is a very weak hashing algorithm.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Whether a string should be base64 encoded
-
-
-
-
-
-
-
-
-
-
-
-
- A property of the UserDetails object which will be used as salt by a
- password encoder. Typically something like "username" might be used.
-
-
-
-
-
-
- A single value that will be used as the salt for a password encoder.
-
-
-
-
-
-
-
-
-
-
-
-
- Defines an LDAP server location or starts an embedded server. The url
- indicates the location of a remote server. If no url is given, an embedded server will be
- started, listening on the supplied port number. The port is optional and defaults to 33389.
- A Spring LDAP ContextSource bean will be registered for the server with the id supplied.
-
-
-
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
- Specifies a URL.
-
-
-
-
- Specifies an IP port number. Used to configure an embedded LDAP server,
- for example.
-
-
-
-
- Username (DN) of the "manager" user identity which will be used to
- authenticate to a (non-embedded) LDAP server. If omitted, anonymous access will be used.
-
-
-
-
-
-
- Explicitly specifies an ldif file resource to load into an embedded LDAP
- server
-
-
-
-
- Optional root suffix for the embedded LDAP server. Default is
- "dc=springframework,dc=org"
-
-
-
-
-
-
- The optional server to use. If omitted, and a default LDAP server is
- registered (using <ldap-server> with no Id), that server will be used.
-
-
-
-
-
-
-
- Group search filter. Defaults to (uniqueMember={0}). The substituted
- parameter is the DN of the user.
-
-
-
-
-
-
- Search base for group membership searches. Defaults to
- "" (searching from the root).
-
-
-
-
-
-
-
-
-
- Search base for user searches. Defaults to "".
-
-
-
-
-
-
- The LDAP attribute name which contains the role name which will be used
- within Spring Security. Defaults to "cn".
-
-
-
-
-
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
- The optional server to use. If omitted, and a default LDAP server is
- registered (using <ldap-server> with no Id), that server will be used.
-
-
-
-
-
-
-
- Group search filter. Defaults to (uniqueMember={0}). The substituted
- parameter is the DN of the user.
-
-
-
-
- Search base for group membership searches. Defaults to
- "ou=groups".
-
-
-
-
- The LDAP attribute name which contains the role name which will be used
- within Spring Security. Defaults to "cn".
-
-
-
-
- Defines a reference to a cache for use with a
- UserDetailsService.
-
-
-
-
-
- Sets up an ldap authentication provider
-
-
-
-
-
- Specifies that an LDAP provider should use an LDAP compare operation
- of the user's password to authenticate the user
-
-
-
-
-
- element which defines a password encoding strategy. Used by an
- authentication provider to convert submitted passwords to hashed versions, for
- example.
-
-
-
-
-
-
-
- A property of the UserDetails object which will be
- used as salt by a password encoder. Typically something like
- "username" might be used.
-
-
-
-
- A single value that will be used as the salt for a
- password encoder.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- The optional server to use. If omitted, and a default LDAP server is
- registered (using <ldap-server> with no Id), that server will be used.
-
-
-
-
-
-
-
- Search base for group membership searches. Defaults to
- "ou=groups".
-
-
-
-
- Group search filter. Defaults to (uniqueMember={0}). The substituted
- parameter is the DN of the user.
-
-
-
-
- The LDAP attribute name which contains the role name which will be used
- within Spring Security. Defaults to "cn".
-
-
-
-
- A specific pattern used to build the user's DN, for example
- "uid={0},ou=people". The key "{0}" must be present and will be substituted with the
- username.
-
-
-
-
-
-
- The attribute in the directory which contains the user password. Defaults
- to "userPassword".
-
-
-
-
- Defines the hashing algorithm used on user passwords. We recommend
- strongly against using MD4, as it is a very weak hashing algorithm.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Can be used inside a bean definition to add a security interceptor to the
- bean and set up access configuration attributes for the bean's methods
-
-
-
-
-
-
-
-
-
-
-
- Optional AccessDecisionManager bean ID to be used by the created method
- security interceptor.
-
-
-
-
-
- Defines a protected method and the access control configuration attributes
- that apply to it. We strongly advise you NOT to mix "protect" declarations with any services
- provided "global-method-security".
-
-
-
-
-
-
-
-
- A method name
-
-
-
-
- Access configuration attributes list that applies to the method, e.g.
- "ROLE_A,ROLE_B".
-
-
-
-
-
- Provides method security for all beans registered in the Spring application
- context. Specifically, beans will be scanned for Spring Security annotations and/or matches
- with the ordered list of "protect-pointcut" sub-elements. Where there is a match, the beans
- will automatically be proxied and security authorization applied to the methods accordingly.
- If you use and enable all three sources of method security metadata (ie "protect-pointcut"
- declarations, @Secured and also JSR 250 security annotations), the metadata sources will be
- queried in that order. In practical terms, this enables you to use XML to override method
- security metadata expressed by way of @Secured annotations, with @Secured annotations
- overriding method security metadata expressed by JSR 250 annotations. It is perfectly
- acceptable to mix and match, with a given Java type using a combination of XML, @Secured and
- JSR 250 to express method security metadata (albeit on different
- methods).
-
-
-
-
-
- Defines a protected pointcut and the access control configuration
- attributes that apply to it. Every bean registered in the Spring application context
- that provides a method that matches the pointcut will receive security
- authorization.
-
-
-
-
-
-
-
-
-
-
-
-
- Specifies whether the use of Spring Security's @Secured annotations should
- be enabled for this application context. Please ensure you have the
- spring-security-tiger-xxx.jar on the classpath. Defaults to "disabled".
-
-
-
-
-
-
-
-
-
-
- Specifies whether JSR-250 style attributes are to be used (for example
- "RolesAllowed"). This will require the javax.annotation.security classes on the classpath.
- Defaults to "disabled".
-
-
-
-
-
-
-
-
-
-
- Optional AccessDecisionManager bean ID to override the default used for
- method security.
-
-
-
-
-
-
- An AspectJ expression, including the 'execution' keyword. For example,
- 'execution(int com.foo.TargetObject.countLength(String))' (without the
- quotes).
-
-
-
-
- Access configuration attributes list that applies to all methods matching
- the pointcut, e.g. "ROLE_A,ROLE_B"
-
-
-
-
-
- Container element for HTTP security configuration
-
-
-
-
-
- Specifies the access attributes and/or filter list for a particular
- set of URLs.
-
-
-
-
-
-
-
- Sets up a form login configuration for authentication with a username
- and password
-
-
-
-
-
-
-
-
- Adds support for X.509 client authentication.
-
-
-
-
-
-
-
- Adds support for basic authentication (this is an element to permit
- future expansion, such as supporting an "ignoreFailure" attribute)
-
-
-
-
-
- Incorporates a logout processing filter. Most web applications require
- a logout filter, although you may not require one if you write a controller to
- provider similar logic.
-
-
-
-
-
-
-
- Adds support for concurrent session control, allowing limits to be
- placed on the number of sessions a user can have.
-
-
-
-
-
-
-
-
-
-
-
-
- Adds support for automatically granting all anonymous web requests a
- particular principal identity and a corresponding granted
- authority.
-
-
-
-
-
-
-
- Defines the list of mappings between http and https ports for use in
- redirects
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Automatically registers a login form, BASIC authentication, anonymous
- authentication, logout services, remember-me and servlet-api-integration. If set to
- "true", all of these capabilities are added (although you can still customize the
- configuration of each by providing the respective element). If unspecified, defaults to
- "false".
-
-
-
-
- Controls the eagerness with which an HTTP session is created. If not set,
- defaults to "ifRequired".
-
-
-
-
-
-
-
-
-
-
-
- Defines the type of pattern used to specify URL paths (either JDK
- 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if
- unspecified.
-
-
-
-
-
-
-
-
-
-
- Whether test URLs should be converted to lower case prior to comparing
- with defined path patterns. If unspecified, defaults to "true".
-
-
-
-
- Provides versions of HttpServletRequest security methods such as
- isUserInRole() and getPrincipal() which are implemented by accessing the Spring
- SecurityContext. Defaults to "true".
-
-
-
-
- Optional attribute specifying the ID of the AccessDecisionManager
- implementation which should be used for authorizing HTTP requests.
-
-
-
-
- Optional attribute specifying the realm name that will be used for all
- authentication features that require a realm name (eg BASIC and Digest authentication). If
- unspecified, defaults to "Spring Security Application".
-
-
-
-
- Indicates whether an existing session should be invalidated when a user
- authenticates and a new session started. If set to "none" no change will be made.
- "newSession" will create a new empty session. "migrateSession" will create a new session
- and copy the session attributes to the new session. Defaults to
- "migrateSession".
-
-
-
-
-
-
-
-
-
-
-
- Allows a customized AuthenticationEntryPoint to be
- used.
-
-
-
-
- Corresponds to the observeOncePerRequest property of
- FilterSecurityInterceptor. Defaults to "false"
-
-
-
-
- Allows the access denied page to be set (the user will be redirected here
- if an AccessDeniedException is raised).
-
-
-
-
-
-
- The pattern which defines the URL path. The content will depend on the
- type set in the containing http element, so will default to ant path
- syntax.
-
-
-
-
- The access configuration attributes that apply for the configured
- path.
-
-
-
-
- The HTTP Method for which the access configuration attributes should
- apply. If not specified, the attributes will apply to any method.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- The filter list for the path. Currently can be set to "none" to remove a
- path from having any filters applied. The full filter stack (consisting of all defined
- filters, will be applied to any other paths).
-
-
-
-
-
-
-
-
-
- Used to specify that a URL must be accessed over http or
- https
-
-
-
-
-
-
-
-
-
-
-
-
-
- Specifies the URL that will cause a logout. Spring Security will
- initialize a filter that responds to this particular URL. Defaults to
- /j_spring_security_logout if unspecified.
-
-
-
-
- Specifies the URL to display once the user has logged out. If not
- specified, defaults to /.
-
-
-
-
- Specifies whether a logout also causes HttpSession invalidation, which is
- generally desirable. If unspecified, defaults to true.
-
-
-
-
-
-
- The URL that the login form is posted to. If unspecified, it defaults to
- /j_spring_security_check.
-
-
-
-
- The URL that will be redirected to after successful authentication, if the
- user's previous action could not be resumed. This generally happens if the user visits a
- login page without having first requested a secured operation that triggers
- authentication. If unspecified, defaults to the root of the
- application.
-
-
-
-
- Whether the user should always be redirected to the default-target-url
- after login.
-
-
-
-
- The URL for the login page. If no login URL is specified, Spring Security
- will automatically create a login URL at /spring_security_login and a corresponding filter
- to render that login URL when requested.
-
-
-
-
- The URL for the login failure page. If no login failure URL is specified,
- Spring Security will automatically create a failure login URL at
- /spring_security_login?login_error and a corresponding filter to render that login failure
- URL when requested.
-
-
-
-
-
- Sets up form login for authentication with an Open ID
- identity
-
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
-
- Used to explicitly configure a FilterChainProxy instance with a
- FilterChainMap
-
-
-
-
-
- Used within filter-chain-map to define a specific URL pattern and the
- list of filters which apply to the URLs matching that pattern. When multiple
- filter-chain elements are used within a filter-chain-map element, the most specific
- patterns must be placed at the top of the list, with most general ones at the
- bottom.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Used to explicitly configure a FilterInvocationDefinitionSource bean for use
- with a FilterSecurityInterceptor. Usually only needed if you are configuring a
- FilterChainProxy explicitly, rather than using the <http> element. The
- intercept-url elements used should only contain pattern, method and access attributes. Any
- others will result in a configuration error.
-
-
-
-
-
- Specifies the access attributes and/or filter list for a particular
- set of URLs.
-
-
-
-
-
-
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
- as for http element
-
-
-
-
- Defines the type of pattern used to specify URL paths (either JDK
- 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if
- unspecified.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Allows you to define an alias for the SessionRegistry bean in order to
- access it in your own configuration
-
-
-
-
-
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
-
- The key shared between the provider and filter. This generally does not
- need to be set. If unset, it will default to "doesNotMatter".
-
-
-
-
- The username that should be assigned to the anonymous request. This allows
- the principal to be identified, which may be important for logging and auditing. if unset,
- defaults to "anonymousUser".
-
-
-
-
- The granted authority that should be assigned to the anonymous request.
- Commonly this is used to assign the anonymous request particular roles, which can
- subsequently be used in authorization decisions. If unset, defaults to
- "ROLE_ANONYMOUS".
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- The regular expression used to obtain the username from the certificate's
- subject. Defaults to matching on the common name using the pattern
- "CN=(.*?),".
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
- If you are using namespace configuration with Spring Security, an
- AuthenticationManager will automatically be registered. This element simple allows you to
- define an alias to allow you to reference the authentication-manager in your own beans.
-
-
-
-
-
-
-
-
- The alias you wish to use for the AuthenticationManager
- bean
-
-
-
-
-
- Indicates that the contained user-service should be used as an
- authentication source.
-
-
-
-
-
-
- element which defines a password encoding strategy. Used by an
- authentication provider to convert submitted passwords to hashed versions, for
- example.
-
-
-
-
-
-
-
- A property of the UserDetails object which will be used as
- salt by a password encoder. Typically something like "username" might be
- used.
-
-
-
-
- A single value that will be used as the salt for a password
- encoder.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- A reference to a user-service (or UserDetailsService bean)
- Id
-
-
-
-
-
-
-
-
- Creates an in-memory UserDetailsService from a properties file or a list of
- "user" child elements.
-
-
-
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
-
-
-
-
-
-
- Represents a user in the application.
-
-
-
-
-
-
-
-
- The username assigned to the user.
-
-
-
-
- The password assigned to the user. This may be hashed if the corresponding
- authentication provider supports hashing (remember to set the "hash" attribute of the
- "user-service" element).
-
-
-
-
- One of more authorities granted to the user. Separate authorities with a
- comma (but no space). For example, "ROLE_USER,ROLE_ADMINISTRATOR"
-
-
-
-
- Can be set to "true" to mark an account as locked and
- unusable.
-
-
-
-
-
- Causes creation of a JDBC-based UserDetailsService.
-
-
-
-
- A bean identifier, used for referring to the bean elsewhere in the
- context.
-
-
-
-
-
-
-
-
- The bean ID of the DataSource which provides the required
- tables.
-
-
-
-
- Defines a reference to a cache for use with a
- UserDetailsService.
-
-
-
-
- An SQL statement to query a username, password, and enabled status given a
- username
-
-
-
-
- An SQL statement to query for a user's granted authorities given a
- username.
-
-
-
-
- An SQL statement to query user's group authorities given a
- username.
-
-
-
-
-
-
-
-
-
-
-
- Used to indicate that a filter bean declaration should be incorporated into
- the security filter chain. If neither the 'after' or 'before' options are supplied, then the
- filter must implement the Ordered interface directly.
-
-
-
-
- The filter immediately after which the custom-filter should be placed in
- the chain. This feature will only be needed by advanced users who wish to mix their own
- filters into the security filter chain and have some knowledge of the standard Spring
- Security filters. The filter names map to specific Spring Security implementation
- filters.
-
-
-
-
- The filter immediately before which the custom-filter should be placed
- in the chain
-
-
-
-
- The explicit position at which the custom-filter should be placed in the
- chain. Use if you are replacing a standard filter.
-
-
-
-
-
-
-
- The filter immediately after which the custom-filter should be placed in
- the chain. This feature will only be needed by advanced users who wish to mix their own
- filters into the security filter chain and have some knowledge of the standard Spring
- Security filters. The filter names map to specific Spring Security implementation filters.
-
-
-
-
-
-
-
- The filter immediately before which the custom-filter should be placed in
- the chain
-
-
-
-
-
-
- The explicit position at which the custom-filter should be placed in the
- chain. Use if you are replacing a standard filter.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-