From c34d719004f07853cb57ce057f2477e2df38302d Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Tue, 29 Sep 2009 17:56:01 +0000 Subject: [PATCH] SEC-1252: Remove 2.0.x schemas from 3.0. Removed files and updated spring.schemas to remove 2.0.x versions --- .../main/resources/META-INF/spring.schemas | 4 - .../security/config/spring-security-2.0.1.xsd | 1335 --------------- .../security/config/spring-security-2.0.2.xsd | 1422 ---------------- .../security/config/spring-security-2.0.4.xsd | 1468 ----------------- .../security/config/spring-security-2.0.xsd | 1251 -------------- 5 files changed, 5480 deletions(-) delete mode 100644 config/src/main/resources/org/springframework/security/config/spring-security-2.0.1.xsd delete mode 100644 config/src/main/resources/org/springframework/security/config/spring-security-2.0.2.xsd delete mode 100644 config/src/main/resources/org/springframework/security/config/spring-security-2.0.4.xsd delete mode 100644 config/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd diff --git a/config/src/main/resources/META-INF/spring.schemas b/config/src/main/resources/META-INF/spring.schemas index ed3825e016..f75916867c 100644 --- a/config/src/main/resources/META-INF/spring.schemas +++ b/config/src/main/resources/META-INF/spring.schemas @@ -1,6 +1,2 @@ http\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-3.0.xsd -http\://www.springframework.org/schema/security/spring-security-2.0.xsd=org/springframework/security/config/spring-security-2.0.xsd -http\://www.springframework.org/schema/security/spring-security-2.0.1.xsd=org/springframework/security/config/spring-security-2.0.1.xsd -http\://www.springframework.org/schema/security/spring-security-2.0.2.xsd=org/springframework/security/config/spring-security-2.0.2.xsd -http\://www.springframework.org/schema/security/spring-security-2.0.4.xsd=org/springframework/security/config/spring-security-2.0.4.xsd http\://www.springframework.org/schema/security/spring-security-3.0.xsd=org/springframework/security/config/spring-security-3.0.xsd diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.1.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-2.0.1.xsd deleted file mode 100644 index 1d8830a073..0000000000 --- a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.1.xsd +++ /dev/null @@ -1,1335 +0,0 @@ - - - - - - Defines the hashing algorithm used on user passwords. We recommend - strongly against using MD4, as it is a very weak hashing algorithm. - - - - - - - - - - - - - - - - - Whether a string should be base64 encoded - - - - - - - - - - - - - Defines the type of pattern used to specify URL paths (either JDK - 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if - unspecified. - - - - - - - - - - - - - Specifies an IP port number. Used to configure an embedded LDAP server, - for example. - - - - - - - Specifies a URL. - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - - - Defines a reference to a Spring bean Id. - - - - - - - Defines a reference to a cache for use with a - UserDetailsService. - - - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - - Defines a reference to a Spring bean Id. - - - - - Defines the hashing algorithm used on user passwords. We recommend - strongly against using MD4, as it is a very weak hashing algorithm. - - - - - - - - - - - - - - - Whether a string should be base64 encoded - - - - - - - - - - - - - A property of the UserDetails object which will be used as salt by a - password encoder. Typically something like "username" might be used. - - - - - - - A single value that will be used as the salt for a password encoder. - - - - - - - - - - - - - - A non-empty string prefix that will be added to role strings loaded from - persistent storage (e.g. "ROLE_"). - - - - - - Defines an LDAP server location or starts an embedded server. The url - indicates the location of a remote server. If no url is given, an embedded server will be - started, listening on the supplied port number. The port is optional and defaults to 33389. - A Spring LDAP ContextSource bean will be registered for the server with the id supplied. - - - - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - Specifies a URL. - - - - - Specifies an IP port number. Used to configure an embedded LDAP server, - for example. - - - - - Username (DN) of the "manager" user identity which will be used to - authenticate to a (non-embedded) LDAP server. If omitted, anonymous access will be used. - - - - - - - Explicitly specifies an ldif file resource to load into an embedded LDAP - server - - - - - Optional root suffix for the embedded LDAP server. Default is - "dc=springframework,dc=org" - - - - - - - The optional server to use. If omitted, and a default LDAP server is - registered (using <ldap-server> with no Id), that server will be used. - - - - - - - - Group search filter. Defaults to (uniqueMember={0}). The substituted - parameter is the DN of the user. - - - - - - - Search base for group membership searches. Defaults to - "ou=groups". - - - - - - - - - - Search base for user searches. Defaults to "". - - - - - - - The LDAP attribute name which contains the role name which will be used - within Spring Security. Defaults to "cn". - - - - - - - Allows the objectClass of the user entry to be specified. If set, the - framework will attempt to load standard attributes for the defined class into the returned - UserDetails object - - - - - - - - - - - - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - The optional server to use. If omitted, and a default LDAP server is - registered (using <ldap-server> with no Id), that server will be used. - - - - - - - Search base for user searches. Defaults to "". - - - - - Group search filter. Defaults to (uniqueMember={0}). The substituted - parameter is the DN of the user. - - - - - Search base for group membership searches. Defaults to - "ou=groups". - - - - - The LDAP attribute name which contains the role name which will be used - within Spring Security. Defaults to "cn". - - - - - Defines a reference to a cache for use with a - UserDetailsService. - - - - - A non-empty string prefix that will be added to role strings loaded from - persistent storage (e.g. "ROLE_"). - - - - - Allows the objectClass of the user entry to be specified. If set, the - framework will attempt to load standard attributes for the defined class into the returned - UserDetails object - - - - - - - - - - - - Sets up an ldap authentication provider - - - - - - Specifies that an LDAP provider should use an LDAP compare operation - of the user's password to authenticate the user - - - - - - element which defines a password encoding strategy. Used by an - authentication provider to convert submitted passwords to hashed versions, for - example. - - - - - - - - A property of the UserDetails object which will be - used as salt by a password encoder. Typically something like - "username" might be used. - - - - - A single value that will be used as the salt for a - password encoder. - - - - - - - - - - - - - - - - - - - - The optional server to use. If omitted, and a default LDAP server is - registered (using <ldap-server> with no Id), that server will be used. - - - - - - Search base for user searches. Defaults to "". - - - - - - Search base for group membership searches. Defaults to - "ou=groups". - - - - - Group search filter. Defaults to (uniqueMember={0}). The substituted - parameter is the DN of the user. - - - - - The LDAP attribute name which contains the role name which will be used - within Spring Security. Defaults to "cn". - - - - - A specific pattern used to build the user's DN, for example - "uid={0},ou=people". The key "{0}" must be present and will be substituted with the - username. - - - - - A non-empty string prefix that will be added to role strings loaded from - persistent storage (e.g. "ROLE_"). - - - - - Allows the objectClass of the user entry to be specified. If set, the - framework will attempt to load standard attributes for the defined class into the returned - UserDetails object - - - - - - - - - - - - - The attribute in the directory which contains the user password. Defaults - to "userPassword". - - - - - Defines the hashing algorithm used on user passwords. We recommend - strongly against using MD4, as it is a very weak hashing algorithm. - - - - - - - - - - - - - - - - Can be used inside a bean definition to add a security interceptor to the - bean and set up access configuration attributes for the bean's methods - - - - - - - - - - - - Optional AccessDecisionManager bean ID to be used by the created method - security interceptor. - - - - - - Defines a protected method and the access control configuration attributes - that apply to it. We strongly advise you NOT to mix "protect" declarations with any services - provided "global-method-security". - - - - - - - - - A method name - - - - - Access configuration attributes list that applies to the method, e.g. - "ROLE_A,ROLE_B". - - - - - - Provides method security for all beans registered in the Spring application - context. Specifically, beans will be scanned for Spring Security annotations and/or matches - with the ordered list of "protect-pointcut" sub-elements. Where there is a match, the beans - will automatically be proxied and security authorization applied to the methods accordingly. - If you use and enable all three sources of method security metadata (ie "protect-pointcut" - declarations, @Secured and also JSR 250 security annotations), the metadata sources will be - queried in that order. In practical terms, this enables you to use XML to override method - security metadata expressed by way of @Secured annotations, with @Secured annotations - overriding method security metadata expressed by JSR 250 annotations. It is perfectly - acceptable to mix and match, with a given Java type using a combination of XML, @Secured and - JSR 250 to express method security metadata (albeit on different - methods). - - - - - - Defines a protected pointcut and the access control configuration - attributes that apply to it. Every bean registered in the Spring application context - that provides a method that matches the pointcut will receive security - authorization. - - - - - - - - - - - - - Specifies whether the use of Spring Security's @Secured annotations should - be enabled for this application context. Please ensure you have the - spring-security-tiger-xxx.jar on the classpath. Defaults to "disabled". - - - - - - - - - - - Specifies whether JSR-250 style attributes are to be used (for example - "RolesAllowed"). This will require the javax.annotation.security classes on the classpath. - Defaults to "disabled". - - - - - - - - - - - Optional AccessDecisionManager bean ID to override the default used for - method security. - - - - - - - - - - An AspectJ expression, including the 'execution' keyword. For example, - 'execution(int com.foo.TargetObject.countLength(String))' (without the - quotes). - - - - - Access configuration attributes list that applies to all methods matching - the pointcut, e.g. "ROLE_A,ROLE_B" - - - - - - Container element for HTTP security configuration - - - - - - Specifies the access attributes and/or filter list for a particular - set of URLs. - - - - - - - - Sets up a form login configuration for authentication with a username - and password - - - - - - - - - Adds support for X.509 client authentication. - - - - - - - - Adds support for basic authentication (this is an element to permit - future expansion, such as supporting an "ignoreFailure" attribute) - - - - - - Incorporates a logout processing filter. Most web applications require - a logout filter, although you may not require one if you write a controller to - provider similar logic. - - - - - - - - Adds support for concurrent session control, allowing limits to be - placed on the number of sessions a user can have. - - - - - - - - - - - - - Adds support for automatically granting all anonymous web requests a - particular principal identity and a corresponding granted - authority. - - - - - - - - Defines the list of mappings between http and https ports for use in - redirects - - - - - - - - - - - - - - - Automatically registers a login form, BASIC authentication, anonymous - authentication, logout services, remember-me and servlet-api-integration. If set to - "true", all of these capabilities are added (although you can still customize the - configuration of each by providing the respective element). If unspecified, defaults to - "false". - - - - - Controls the eagerness with which an HTTP session is created. If not set, - defaults to "ifRequired". - - - - - - - - - - - - Defines the type of pattern used to specify URL paths (either JDK - 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if - unspecified. - - - - - - - - - - - Whether test URLs should be converted to lower case prior to comparing - with defined path patterns. If unspecified, defaults to "true". - - - - - Provides versions of HttpServletRequest security methods such as - isUserInRole() and getPrincipal() which are implemented by accessing the Spring - SecurityContext. Defaults to "true". - - - - - Optional attribute specifying the ID of the AccessDecisionManager - implementation which should be used for authorizing HTTP requests. - - - - - Optional attribute specifying the realm name that will be used for all - authentication features that require a realm name (eg BASIC and Digest authentication). If - unspecified, defaults to "Spring Security Application". - - - - - Indicates whether an existing session should be invalidated when a user - authenticates and a new session started. If set to "none" no change will be made. - "newSession" will create a new empty session. "migrateSession" will create a new session - and copy the session attributes to the new session. Defaults to - "migrateSession". - - - - - - - - - - - - Allows a customized AuthenticationEntryPoint to be - used. - - - - - Corresponds to the observeOncePerRequest property of - FilterSecurityInterceptor. Defaults to "true" - - - - - Allows the access denied page to be set (the user will be redirected here - if an AccessDeniedException is raised). - - - - - - - The pattern which defines the URL path. The content will depend on the - type set in the containing http element, so will default to ant path - syntax. - - - - - The access configuration attributes that apply for the configured - path. - - - - - The HTTP Method for which the access configuration attributes should - apply. If not specified, the attributes will apply to any method. - - - - - - - - - - - - - - - - The filter list for the path. Currently can be set to "none" to remove a - path from having any filters applied. The full filter stack (consisting of all defined - filters, will be applied to any other paths). - - - - - - - - - - Used to specify that a URL must be accessed over http or - https - - - - - - - - - - - - - - Specifies the URL that will cause a logout. Spring Security will - initialize a filter that responds to this particular URL. Defaults to - /j_spring_security_logout if unspecified. - - - - - Specifies the URL to display once the user has logged out. If not - specified, defaults to /. - - - - - Specifies whether a logout also causes HttpSession invalidation, which is - generally desirable. If unspecified, defaults to true. - - - - - - - The URL that the login form is posted to. If unspecified, it defaults to - /j_spring_security_check. - - - - - The URL that will be redirected to after successful authentication, if the - user's previous action could not be resumed. This generally happens if the user visits a - login page without having first requested a secured operation that triggers - authentication. If unspecified, defaults to the root of the - application. - - - - - Whether the user should always be redirected to the default-target-url - after login. - - - - - The URL for the login page. If no login URL is specified, Spring Security - will automatically create a login URL at /spring_security_login and a corresponding filter - to render that login URL when requested. - - - - - The URL for the login failure page. If no login failure URL is specified, - Spring Security will automatically create a failure login URL at - /spring_security_login?login_error and a corresponding filter to render that login failure - URL when requested. - - - - - - Sets up form login for authentication with an Open ID - identity - - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - - Used to explicitly configure a FilterChainProxy instance with a - FilterChainMap - - - - - - Used within filter-chain-map to define a specific URL pattern and the - list of filters which apply to the URLs matching that pattern. When multiple - filter-chain elements are used within a filter-chain-map element, the most specific - patterns must be placed at the top of the list, with most general ones at the - bottom. - - - - - - - - - - - - - - - - - - - Used to explicitly configure a FilterInvocationDefinitionSource bean for use - with a FilterSecurityInterceptor. Usually only needed if you are configuring a - FilterChainProxy explicitly, rather than using the <http> element. The - intercept-url elements used should only contain pattern, method and access attributes. Any - others will result in a configuration error. - - - - - - Specifies the access attributes and/or filter list for a particular - set of URLs. - - - - - - - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - as for http element - - - - - Defines the type of pattern used to specify URL paths (either JDK - 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if - unspecified. - - - - - - - - - - - - - - - - Allows you to define an alias for the SessionRegistry bean in order to - access it in your own configuration - - - - - - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - - The key shared between the provider and filter. This generally does not - need to be set. If unset, it will default to "doesNotMatter". - - - - - The username that should be assigned to the anonymous request. This allows - the principal to be identified, which may be important for logging and auditing. if unset, - defaults to "anonymousUser". - - - - - The granted authority that should be assigned to the anonymous request. - Commonly this is used to assign the anonymous request particular roles, which can - subsequently be used in authorization decisions. If unset, defaults to - "ROLE_ANONYMOUS". - - - - - - - - - - - - - - - - - - - The regular expression used to obtain the username from the certificate's - subject. Defaults to matching on the common name using the pattern - "CN=(.*?),". - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - If you are using namespace configuration with Spring Security, an - AuthenticationManager will automatically be registered. This element simple allows you to - define an alias to allow you to reference the authentication-manager in your own beans. - - - - - - - - - The alias you wish to use for the AuthenticationManager - bean - - - - - - Indicates that the contained user-service should be used as an - authentication source. - - - - - - - element which defines a password encoding strategy. Used by an - authentication provider to convert submitted passwords to hashed versions, for - example. - - - - - - - - A property of the UserDetails object which will be used as - salt by a password encoder. Typically something like "username" might be - used. - - - - - A single value that will be used as the salt for a password - encoder. - - - - - - - - - - - - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - - - - Creates an in-memory UserDetailsService from a properties file or a list of - "user" child elements. - - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - - - - - - - Represents a user in the application. - - - - - - - - - The username assigned to the user. - - - - - The password assigned to the user. This may be hashed if the corresponding - authentication provider supports hashing (remember to set the "hash" attribute of the - "user-service" element). - - - - - One of more authorities granted to the user. Separate authorities with a - comma (but no space). For example, "ROLE_USER,ROLE_ADMINISTRATOR" - - - - - Can be set to "true" to mark an account as locked and - unusable. - - - - - Can be set to "true" to mark an account as disabled and - unusable. - - - - - - Causes creation of a JDBC-based UserDetailsService. - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - - - - - The bean ID of the DataSource which provides the required - tables. - - - - - Defines a reference to a cache for use with a - UserDetailsService. - - - - - An SQL statement to query a username, password, and enabled status given a - username - - - - - An SQL statement to query for a user's granted authorities given a - username. - - - - - An SQL statement to query user's group authorities given a - username. - - - - - A non-empty string prefix that will be added to role strings loaded from - persistent storage (e.g. "ROLE_"). - - - - - - - - - - - - Used to indicate that a filter bean declaration should be incorporated into - the security filter chain. If neither the 'after' or 'before' options are supplied, then the - filter must implement the Ordered interface directly. - - - - - The filter immediately after which the custom-filter should be placed in - the chain. This feature will only be needed by advanced users who wish to mix their own - filters into the security filter chain and have some knowledge of the standard Spring - Security filters. The filter names map to specific Spring Security implementation - filters. - - - - - The filter immediately before which the custom-filter should be placed - in the chain - - - - - The explicit position at which the custom-filter should be placed in the - chain. Use if you are replacing a standard filter. - - - - - - - - The filter immediately after which the custom-filter should be placed in - the chain. This feature will only be needed by advanced users who wish to mix their own - filters into the security filter chain and have some knowledge of the standard Spring - Security filters. The filter names map to specific Spring Security implementation filters. - - - - - - - - The filter immediately before which the custom-filter should be placed in - the chain - - - - - - - The explicit position at which the custom-filter should be placed in the - chain. Use if you are replacing a standard filter. - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.2.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-2.0.2.xsd deleted file mode 100644 index c80145e285..0000000000 --- a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.2.xsd +++ /dev/null @@ -1,1422 +0,0 @@ - - - - - - Defines the hashing algorithm used on user passwords. We recommend - strongly against using MD4, as it is a very weak hashing algorithm. - - - - - - - - - - - - - - - - - - Whether a string should be base64 encoded - - - - - - - - - - - - - Defines the type of pattern used to specify URL paths (either JDK - 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if - unspecified. - - - - - - - - - - - - - Specifies an IP port number. Used to configure an embedded LDAP server, - for example. - - - - - - - Specifies a URL. - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - - - Defines a reference to a Spring bean Id. - - - - - - - Defines a reference to a cache for use with a - UserDetailsService. - - - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - - A reference to a DataSource bean - - - - - - - Defines a reference to a Spring bean Id. - - - - - Defines the hashing algorithm used on user passwords. We recommend - strongly against using MD4, as it is a very weak hashing algorithm. - - - - - - - - - - - - - - - - Whether a string should be base64 encoded - - - - - - - - - - - - - A property of the UserDetails object which will be used as salt by a - password encoder. Typically something like "username" might be used. - - - - - - - A single value that will be used as the salt for a password encoder. - - - - - - - - - - - - - - A non-empty string prefix that will be added to role strings loaded from - persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the - default is non-empty. - - - - - - Defines an LDAP server location or starts an embedded server. The url - indicates the location of a remote server. If no url is given, an embedded server will be - started, listening on the supplied port number. The port is optional and defaults to 33389. - A Spring LDAP ContextSource bean will be registered for the server with the id supplied. - - - - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - Specifies a URL. - - - - - Specifies an IP port number. Used to configure an embedded LDAP server, - for example. - - - - - Username (DN) of the "manager" user identity which will be used to - authenticate to a (non-embedded) LDAP server. If omitted, anonymous access will be used. - - - - - - - Explicitly specifies an ldif file resource to load into an embedded LDAP - server - - - - - Optional root suffix for the embedded LDAP server. Default is - "dc=springframework,dc=org" - - - - - - - The optional server to use. If omitted, and a default LDAP server is - registered (using <ldap-server> with no Id), that server will be used. - - - - - - - - Group search filter. Defaults to (uniqueMember={0}). The substituted - parameter is the DN of the user. - - - - - - - Search base for group membership searches. Defaults to - "ou=groups". - - - - - - - - - - Search base for user searches. Defaults to "". - - - - - - - The LDAP attribute name which contains the role name which will be used - within Spring Security. Defaults to "cn". - - - - - - - Allows the objectClass of the user entry to be specified. If set, the - framework will attempt to load standard attributes for the defined class into the returned - UserDetails object - - - - - - - - - - - - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - The optional server to use. If omitted, and a default LDAP server is - registered (using <ldap-server> with no Id), that server will be used. - - - - - - - Search base for user searches. Defaults to "". - - - - - Group search filter. Defaults to (uniqueMember={0}). The substituted - parameter is the DN of the user. - - - - - Search base for group membership searches. Defaults to - "ou=groups". - - - - - The LDAP attribute name which contains the role name which will be used - within Spring Security. Defaults to "cn". - - - - - Defines a reference to a cache for use with a - UserDetailsService. - - - - - A non-empty string prefix that will be added to role strings loaded from - persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the - default is non-empty. - - - - - Allows the objectClass of the user entry to be specified. If set, the - framework will attempt to load standard attributes for the defined class into the returned - UserDetails object - - - - - - - - - - - - Sets up an ldap authentication provider - - - - - - Specifies that an LDAP provider should use an LDAP compare operation - of the user's password to authenticate the user - - - - - - element which defines a password encoding strategy. Used by an - authentication provider to convert submitted passwords to hashed versions, for - example. - - - - - - - - A property of the UserDetails object which will be - used as salt by a password encoder. Typically something like - "username" might be used. - - - - - A single value that will be used as the salt for a - password encoder. - - - - - - - - - - - - - - - - - - - - The optional server to use. If omitted, and a default LDAP server is - registered (using <ldap-server> with no Id), that server will be used. - - - - - - Search base for user searches. Defaults to "". - - - - - - Search base for group membership searches. Defaults to - "ou=groups". - - - - - Group search filter. Defaults to (uniqueMember={0}). The substituted - parameter is the DN of the user. - - - - - The LDAP attribute name which contains the role name which will be used - within Spring Security. Defaults to "cn". - - - - - A specific pattern used to build the user's DN, for example - "uid={0},ou=people". The key "{0}" must be present and will be substituted with the - username. - - - - - A non-empty string prefix that will be added to role strings loaded from - persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the - default is non-empty. - - - - - Allows the objectClass of the user entry to be specified. If set, the - framework will attempt to load standard attributes for the defined class into the returned - UserDetails object - - - - - - - - - - - - - The attribute in the directory which contains the user password. Defaults - to "userPassword". - - - - - Defines the hashing algorithm used on user passwords. We recommend - strongly against using MD4, as it is a very weak hashing algorithm. - - - - - - - - - - - - - - - - - Can be used inside a bean definition to add a security interceptor to the - bean and set up access configuration attributes for the bean's methods - - - - - - Defines a protected method and the access control configuration - attributes that apply to it. We strongly advise you NOT to mix "protect" declarations - with any services provided "global-method-security". - - - - - - - - - - - - - Optional AccessDecisionManager bean ID to be used by the created method - security interceptor. - - - - - - - A method name - - - - - Access configuration attributes list that applies to the method, e.g. - "ROLE_A,ROLE_B". - - - - - - Provides method security for all beans registered in the Spring application - context. Specifically, beans will be scanned for Spring Security annotations and/or matches - with the ordered list of "protect-pointcut" sub-elements. Where there is a match, the beans - will automatically be proxied and security authorization applied to the methods accordingly. - If you use and enable all three sources of method security metadata (ie "protect-pointcut" - declarations, @Secured and also JSR 250 security annotations), the metadata sources will be - queried in that order. In practical terms, this enables you to use XML to override method - security metadata expressed by way of @Secured annotations, with @Secured annotations - overriding method security metadata expressed by JSR 250 annotations. It is perfectly - acceptable to mix and match, with a given Java type using a combination of XML, @Secured and - JSR 250 to express method security metadata (albeit on different - methods). - - - - - - Defines a protected pointcut and the access control configuration - attributes that apply to it. Every bean registered in the Spring application context - that provides a method that matches the pointcut will receive security - authorization. - - - - - - - - - - - - - Specifies whether the use of Spring Security's @Secured annotations should - be enabled for this application context. Please ensure you have the - spring-security-tiger-xxx.jar on the classpath. Defaults to "disabled". - - - - - - - - - - - Specifies whether JSR-250 style attributes are to be used (for example - "RolesAllowed"). This will require the javax.annotation.security classes on the classpath. - Defaults to "disabled". - - - - - - - - - - - Optional AccessDecisionManager bean ID to override the default used for - method security. - - - - - - - - - - An AspectJ expression, including the 'execution' keyword. For example, - 'execution(int com.foo.TargetObject.countLength(String))' (without the - quotes). - - - - - Access configuration attributes list that applies to all methods matching - the pointcut, e.g. "ROLE_A,ROLE_B" - - - - - - Container element for HTTP security configuration - - - - - - Specifies the access attributes and/or filter list for a particular - set of URLs. - - - - - - - - Sets up a form login configuration for authentication with a username - and password - - - - - - - - - Adds support for X.509 client authentication. - - - - - - - - Adds support for basic authentication (this is an element to permit - future expansion, such as supporting an "ignoreFailure" attribute) - - - - - - Incorporates a logout processing filter. Most web applications require - a logout filter, although you may not require one if you write a controller to - provider similar logic. - - - - - - - - Adds support for concurrent session control, allowing limits to be - placed on the number of sessions a user can have. - - - - - - - - Sets up remember-me authentication. If used with the "key" attribute - (or no attributes) the cookie-only implementation will be used. Specifying - "token-repository-ref" or "remember-me-data-source-ref" will use the more secure, - persisten token approach. - - - - - - - - Adds support for automatically granting all anonymous web requests a - particular principal identity and a corresponding granted - authority. - - - - - - - - Defines the list of mappings between http and https ports for use in - redirects - - - - - - - - - - - - - - - Automatically registers a login form, BASIC authentication, anonymous - authentication, logout services, remember-me and servlet-api-integration. If set to - "true", all of these capabilities are added (although you can still customize the - configuration of each by providing the respective element). If unspecified, defaults to - "false". - - - - - Controls the eagerness with which an HTTP session is created. If not set, - defaults to "ifRequired". - - - - - - - - - - - - Defines the type of pattern used to specify URL paths (either JDK - 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if - unspecified. - - - - - - - - - - - Whether test URLs should be converted to lower case prior to comparing - with defined path patterns. If unspecified, defaults to "true". - - - - - Provides versions of HttpServletRequest security methods such as - isUserInRole() and getPrincipal() which are implemented by accessing the Spring - SecurityContext. Defaults to "true". - - - - - Optional attribute specifying the ID of the AccessDecisionManager - implementation which should be used for authorizing HTTP requests. - - - - - Optional attribute specifying the realm name that will be used for all - authentication features that require a realm name (eg BASIC and Digest authentication). If - unspecified, defaults to "Spring Security Application". - - - - - Indicates whether an existing session should be invalidated when a user - authenticates and a new session started. If set to "none" no change will be made. - "newSession" will create a new empty session. "migrateSession" will create a new session - and copy the session attributes to the new session. Defaults to - "migrateSession". - - - - - - - - - - - - Allows a customized AuthenticationEntryPoint to be - used. - - - - - Corresponds to the observeOncePerRequest property of - FilterSecurityInterceptor. Defaults to "true" - - - - - Allows the access denied page to be set (the user will be redirected here - if an AccessDeniedException is raised). - - - - - - - The pattern which defines the URL path. The content will depend on the - type set in the containing http element, so will default to ant path - syntax. - - - - - The access configuration attributes that apply for the configured - path. - - - - - The HTTP Method for which the access configuration attributes should - apply. If not specified, the attributes will apply to any method. - - - - - - - - - - - - - - - - The filter list for the path. Currently can be set to "none" to remove a - path from having any filters applied. The full filter stack (consisting of all filters - created by the namespace configuration, and any added using 'custom-filter'), will be - applied to any other paths. - - - - - - - - - - Used to specify that a URL must be accessed over http or - https - - - - - - - - - - - - - - Specifies the URL that will cause a logout. Spring Security will - initialize a filter that responds to this particular URL. Defaults to - /j_spring_security_logout if unspecified. - - - - - Specifies the URL to display once the user has logged out. If not - specified, defaults to /. - - - - - Specifies whether a logout also causes HttpSession invalidation, which is - generally desirable. If unspecified, defaults to true. - - - - - - - The URL that the login form is posted to. If unspecified, it defaults to - /j_spring_security_check. - - - - - The URL that will be redirected to after successful authentication, if the - user's previous action could not be resumed. This generally happens if the user visits a - login page without having first requested a secured operation that triggers - authentication. If unspecified, defaults to the root of the - application. - - - - - Whether the user should always be redirected to the default-target-url - after login. - - - - - The URL for the login page. If no login URL is specified, Spring Security - will automatically create a login URL at /spring_security_login and a corresponding filter - to render that login URL when requested. - - - - - The URL for the login failure page. If no login failure URL is specified, - Spring Security will automatically create a failure login URL at - /spring_security_login?login_error and a corresponding filter to render that login failure - URL when requested. - - - - - - Sets up form login for authentication with an Open ID - identity - - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - - Used to explicitly configure a FilterChainProxy instance with a - FilterChainMap - - - - - - Used within filter-chain-map to define a specific URL pattern and the - list of filters which apply to the URLs matching that pattern. When multiple - filter-chain elements are used within a filter-chain-map element, the most specific - patterns must be placed at the top of the list, with most general ones at the - bottom. - - - - - - - - - - - - - - - - - - - Used to explicitly configure a FilterInvocationDefinitionSource bean for use - with a FilterSecurityInterceptor. Usually only needed if you are configuring a - FilterChainProxy explicitly, rather than using the <http> element. The - intercept-url elements used should only contain pattern, method and access attributes. Any - others will result in a configuration error. - - - - - - Specifies the access attributes and/or filter list for a particular - set of URLs. - - - - - - - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - as for http element - - - - - Defines the type of pattern used to specify URL paths (either JDK - 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if - unspecified. - - - - - - - - - - - - - - The URL a user will be redirected to if they attempt to use a session - which has been "expired" by the concurrent session controller. - - - - - Specifies that an exception should be raised when a user attempts to login - twice. The default behaviour is to expire the original session. - - - - - Allows you to define an alias for the SessionRegistry bean in order to - access it in your own configuration - - - - - A reference to an external SessionRegistry implementation which will be - used in place of the standard one. - - - - - - - The "key" used to identify cookies from a specific token-based remember-me - application. You should set this to a unique value for your - application. - - - - - Reference to a PersistentTokenRepository bean for use with the persistent - token remember-me implementation. - - - - - A reference to a DataSource bean - - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - The period (in seconds) for which the remember-me cookie should be valid. - - - - - - - - Reference to a PersistentTokenRepository bean for use with the persistent - token remember-me implementation. - - - - - - - Allows a custom implementation of RememberMeServices to be used. Note that - this implementation should return RememberMeAuthenticationToken instances with the same - "key" value as specified in the remember-me element. Alternatively it should register its - own AuthenticationProvider. - - - - - - - - - - The key shared between the provider and filter. This generally does not - need to be set. If unset, it will default to "doesNotMatter". - - - - - The username that should be assigned to the anonymous request. This allows - the principal to be identified, which may be important for logging and auditing. if unset, - defaults to "anonymousUser". - - - - - The granted authority that should be assigned to the anonymous request. - Commonly this is used to assign the anonymous request particular roles, which can - subsequently be used in authorization decisions. If unset, defaults to - "ROLE_ANONYMOUS". - - - - - - - - - - - - - - - - - - - The regular expression used to obtain the username from the certificate's - subject. Defaults to matching on the common name using the pattern - "CN=(.*?),". - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - If you are using namespace configuration with Spring Security, an - AuthenticationManager will automatically be registered. This element allows you to define an - alias to allow you to reference the authentication-manager in your own beans. - - - - - - - - - - The alias you wish to use for the AuthenticationManager - bean - - - - - Allows the session controller to be set on the internal - AuthenticationManager. This should not be used with the <concurrent-session-control - /> element - - - - - - Indicates that the contained user-service should be used as an - authentication source. - - - - - - - element which defines a password encoding strategy. Used by an - authentication provider to convert submitted passwords to hashed versions, for - example. - - - - - - - - A property of the UserDetails object which will be used as - salt by a password encoder. Typically something like "username" might be - used. - - - - - A single value that will be used as the salt for a password - encoder. - - - - - - - - - - - - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - - - - Creates an in-memory UserDetailsService from a properties file or a list of - "user" child elements. - - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - - - - - - - Represents a user in the application. - - - - - - - - - The username assigned to the user. - - - - - The password assigned to the user. This may be hashed if the corresponding - authentication provider supports hashing (remember to set the "hash" attribute of the - "user-service" element). - - - - - One of more authorities granted to the user. Separate authorities with a - comma (but no space). For example, "ROLE_USER,ROLE_ADMINISTRATOR" - - - - - Can be set to "true" to mark an account as locked and - unusable. - - - - - Can be set to "true" to mark an account as disabled and - unusable. - - - - - - Causes creation of a JDBC-based UserDetailsService. - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - - - - - The bean ID of the DataSource which provides the required - tables. - - - - - Defines a reference to a cache for use with a - UserDetailsService. - - - - - An SQL statement to query a username, password, and enabled status given a - username - - - - - An SQL statement to query for a user's granted authorities given a - username. - - - - - An SQL statement to query user's group authorities given a - username. - - - - - A non-empty string prefix that will be added to role strings loaded from - persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the - default is non-empty. - - - - - - - - - - - - Used to indicate that a filter bean declaration should be incorporated into - the security filter chain. If neither the 'after' or 'before' options are supplied, then the - filter must implement the Ordered interface directly. - - - - - The filter immediately after which the custom-filter should be placed in - the chain. This feature will only be needed by advanced users who wish to mix their own - filters into the security filter chain and have some knowledge of the standard Spring - Security filters. The filter names map to specific Spring Security implementation - filters. - - - - - The filter immediately before which the custom-filter should be placed - in the chain - - - - - The explicit position at which the custom-filter should be placed in the - chain. Use if you are replacing a standard filter. - - - - - - - - The filter immediately after which the custom-filter should be placed in - the chain. This feature will only be needed by advanced users who wish to mix their own - filters into the security filter chain and have some knowledge of the standard Spring - Security filters. The filter names map to specific Spring Security implementation filters. - - - - - - - - The filter immediately before which the custom-filter should be placed in - the chain - - - - - - - The explicit position at which the custom-filter should be placed in the - chain. Use if you are replacing a standard filter. - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.4.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-2.0.4.xsd deleted file mode 100644 index 34844f4a38..0000000000 --- a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.4.xsd +++ /dev/null @@ -1,1468 +0,0 @@ - - - - - - Defines the hashing algorithm used on user passwords. We recommend - strongly against using MD4, as it is a very weak hashing algorithm. - - - - - - - - - - - - - - - - - - Whether a string should be base64 encoded - - - - - - - - - - - - - Defines the type of pattern used to specify URL paths (either JDK - 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if - unspecified. - - - - - - - - - - - - - Specifies an IP port number. Used to configure an embedded LDAP server, - for example. - - - - - - - Specifies a URL. - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - - - Defines a reference to a Spring bean Id. - - - - - - - Defines a reference to a cache for use with a - UserDetailsService. - - - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - - A reference to a DataSource bean - - - - - - - Defines a reference to a Spring bean Id. - - - - - Defines the hashing algorithm used on user passwords. We recommend - strongly against using MD4, as it is a very weak hashing algorithm. - - - - - - - - - - - - - - - - Whether a string should be base64 encoded - - - - - - - - - - - - - A property of the UserDetails object which will be used as salt by a - password encoder. Typically something like "username" might be used. - - - - - - - A single value that will be used as the salt for a password encoder. - - - - - - - - - - - - - - A non-empty string prefix that will be added to role strings loaded from - persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the - default is non-empty. - - - - - - Defines an LDAP server location or starts an embedded server. The url - indicates the location of a remote server. If no url is given, an embedded server will be - started, listening on the supplied port number. The port is optional and defaults to 33389. - A Spring LDAP ContextSource bean will be registered for the server with the id supplied. - - - - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - Specifies a URL. - - - - - Specifies an IP port number. Used to configure an embedded LDAP server, - for example. - - - - - Username (DN) of the "manager" user identity which will be used to - authenticate to a (non-embedded) LDAP server. If omitted, anonymous access will be used. - - - - - - The password for the manager DN. - - - - - Explicitly specifies an ldif file resource to load into an embedded LDAP - server - - - - - Optional root suffix for the embedded LDAP server. Default is - "dc=springframework,dc=org" - - - - - - - The optional server to use. If omitted, and a default LDAP server is - registered (using <ldap-server> with no Id), that server will be used. - - - - - - - - Group search filter. Defaults to (uniqueMember={0}). The substituted - parameter is the DN of the user. - - - - - - - Search base for group membership searches. Defaults to - "ou=groups". - - - - - - - The LDAP filter used to search for users (optional). For example - "(uid={0})". The substituted parameter is the user's login name. - - - - - - - Search base for user searches. Defaults to "". Only used with a - 'user-search-filter'. - - - - - - - The LDAP attribute name which contains the role name which will be used - within Spring Security. Defaults to "cn". - - - - - - - Allows the objectClass of the user entry to be specified. If set, the - framework will attempt to load standard attributes for the defined class into the returned - UserDetails object - - - - - - - - - - - - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - The optional server to use. If omitted, and a default LDAP server is - registered (using <ldap-server> with no Id), that server will be used. - - - - - - The LDAP filter used to search for users (optional). For example - "(uid={0})". The substituted parameter is the user's login name. - - - - - Search base for user searches. Defaults to "". Only used with a - 'user-search-filter'. - - - - - Group search filter. Defaults to (uniqueMember={0}). The substituted - parameter is the DN of the user. - - - - - Search base for group membership searches. Defaults to - "ou=groups". - - - - - The LDAP attribute name which contains the role name which will be used - within Spring Security. Defaults to "cn". - - - - - Defines a reference to a cache for use with a - UserDetailsService. - - - - - A non-empty string prefix that will be added to role strings loaded from - persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the - default is non-empty. - - - - - Allows the objectClass of the user entry to be specified. If set, the - framework will attempt to load standard attributes for the defined class into the returned - UserDetails object - - - - - - - - - - - - Sets up an ldap authentication provider - - - - - - Specifies that an LDAP provider should use an LDAP compare operation - of the user's password to authenticate the user - - - - - - element which defines a password encoding strategy. Used by an - authentication provider to convert submitted passwords to hashed versions, for - example. - - - - - - Password salting strategy. A system-wide constant or a - property from the UserDetails object can be used. - - - - - A property of the UserDetails object which will be - used as salt by a password encoder. Typically something like - "username" might be used. - - - - - A single value that will be used as the salt for a - password encoder. - - - - - - - - - - - - - - - - - - - - The optional server to use. If omitted, and a default LDAP server is - registered (using <ldap-server> with no Id), that server will be used. - - - - - - Search base for user searches. Defaults to "". Only used with a - 'user-search-filter'. - - - - - The LDAP filter used to search for users (optional). For example - "(uid={0})". The substituted parameter is the user's login name. - - - - - Search base for group membership searches. Defaults to - "ou=groups". - - - - - Group search filter. Defaults to (uniqueMember={0}). The substituted - parameter is the DN of the user. - - - - - The LDAP attribute name which contains the role name which will be used - within Spring Security. Defaults to "cn". - - - - - A specific pattern used to build the user's DN, for example - "uid={0},ou=people". The key "{0}" must be present and will be substituted with the - username. - - - - - A non-empty string prefix that will be added to role strings loaded from - persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the - default is non-empty. - - - - - Allows the objectClass of the user entry to be specified. If set, the - framework will attempt to load standard attributes for the defined class into the returned - UserDetails object - - - - - - - - - - - - - The attribute in the directory which contains the user password. Defaults - to "userPassword". - - - - - Defines the hashing algorithm used on user passwords. We recommend - strongly against using MD4, as it is a very weak hashing algorithm. - - - - - - - - - - - - - - - - - Can be used inside a bean definition to add a security interceptor to the - bean and set up access configuration attributes for the bean's methods - - - - - - Defines a protected method and the access control configuration - attributes that apply to it. We strongly advise you NOT to mix "protect" declarations - with any services provided "global-method-security". - - - - - - - - - - - - - Optional AccessDecisionManager bean ID to be used by the created method - security interceptor. - - - - - - - A method name - - - - - Access configuration attributes list that applies to the method, e.g. - "ROLE_A,ROLE_B". - - - - - - Provides method security for all beans registered in the Spring application - context. Specifically, beans will be scanned for Spring Security annotations and/or matches - with the ordered list of "protect-pointcut" sub-elements. Where there is a match, the beans - will automatically be proxied and security authorization applied to the methods accordingly. - If you use and enable all three sources of method security metadata (ie "protect-pointcut" - declarations, @Secured and also JSR 250 security annotations), the metadata sources will be - queried in that order. In practical terms, this enables you to use XML to override method - security metadata expressed by way of @Secured annotations, with @Secured annotations - overriding method security metadata expressed by JSR 250 annotations. It is perfectly - acceptable to mix and match, with a given Java type using a combination of XML, @Secured and - JSR 250 to express method security metadata (albeit on different - methods). - - - - - - Defines a protected pointcut and the access control configuration - attributes that apply to it. Every bean registered in the Spring application context - that provides a method that matches the pointcut will receive security - authorization. - - - - - - - - - - - - - Specifies whether the use of Spring Security's @Secured annotations should - be enabled for this application context. Please ensure you have the - spring-security-tiger-xxx.jar on the classpath. Defaults to "disabled". - - - - - - - - - - - Specifies whether JSR-250 style attributes are to be used (for example - "RolesAllowed"). This will require the javax.annotation.security classes on the classpath. - Defaults to "disabled". - - - - - - - - - - - Optional AccessDecisionManager bean ID to override the default used for - method security. - - - - - - Used to decorate an AfterInvocationProvider to specify that it should be - used with method security. - - - - - - - An AspectJ expression, including the 'execution' keyword. For example, - 'execution(int com.foo.TargetObject.countLength(String))' (without the - quotes). - - - - - Access configuration attributes list that applies to all methods matching - the pointcut, e.g. "ROLE_A,ROLE_B" - - - - - - Container element for HTTP security configuration - - - - - - Specifies the access attributes and/or filter list for a particular - set of URLs. - - - - - - - - Sets up a form login configuration for authentication with a username - and password - - - - - - - - - Adds support for X.509 client authentication. - - - - - - - - Adds support for basic authentication (this is an element to permit - future expansion, such as supporting an "ignoreFailure" attribute) - - - - - - Incorporates a logout processing filter. Most web applications require - a logout filter, although you may not require one if you write a controller to - provider similar logic. - - - - - - - - Adds support for concurrent session control, allowing limits to be - placed on the number of sessions a user can have. - - - - - - - - Sets up remember-me authentication. If used with the "key" attribute - (or no attributes) the cookie-only implementation will be used. Specifying - "token-repository-ref" or "remember-me-data-source-ref" will use the more secure, - persisten token approach. - - - - - - - - Adds support for automatically granting all anonymous web requests a - particular principal identity and a corresponding granted - authority. - - - - - - - - Defines the list of mappings between http and https ports for use in - redirects - - - - - - - - - - - - - - - Automatically registers a login form, BASIC authentication, anonymous - authentication, logout services, remember-me and servlet-api-integration. If set to - "true", all of these capabilities are added (although you can still customize the - configuration of each by providing the respective element). If unspecified, defaults to - "false". - - - - - Controls the eagerness with which an HTTP session is created. If not set, - defaults to "ifRequired". - - - - - - - - - - - - Defines the type of pattern used to specify URL paths (either JDK - 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if - unspecified. - - - - - - - - - - - Whether test URLs should be converted to lower case prior to comparing - with defined path patterns. If unspecified, defaults to "true". - - - - - Provides versions of HttpServletRequest security methods such as - isUserInRole() and getPrincipal() which are implemented by accessing the Spring - SecurityContext. Defaults to "true". - - - - - Optional attribute specifying the ID of the AccessDecisionManager - implementation which should be used for authorizing HTTP requests. - - - - - Optional attribute specifying the realm name that will be used for all - authentication features that require a realm name (eg BASIC and Digest authentication). If - unspecified, defaults to "Spring Security Application". - - - - - Indicates whether an existing session should be invalidated when a user - authenticates and a new session started. If set to "none" no change will be made. - "newSession" will create a new empty session. "migrateSession" will create a new session - and copy the session attributes to the new session. Defaults to - "migrateSession". - - - - - - - - - - - - Allows a customized AuthenticationEntryPoint to be - used. - - - - - Corresponds to the observeOncePerRequest property of - FilterSecurityInterceptor. Defaults to "true" - - - - - Allows the access denied page to be set (the user will be redirected here - if an AccessDeniedException is raised). - - - - - - - The pattern which defines the URL path. The content will depend on the - type set in the containing http element, so will default to ant path - syntax. - - - - - The access configuration attributes that apply for the configured - path. - - - - - The HTTP Method for which the access configuration attributes should - apply. If not specified, the attributes will apply to any method. - - - - - - - - - - - - - - - - The filter list for the path. Currently can be set to "none" to remove a - path from having any filters applied. The full filter stack (consisting of all filters - created by the namespace configuration, and any added using 'custom-filter'), will be - applied to any other paths. - - - - - - - - - - Used to specify that a URL must be accessed over http or https, or that - there is no preference. - - - - - - - - - - - - - - Specifies the URL that will cause a logout. Spring Security will - initialize a filter that responds to this particular URL. Defaults to - /j_spring_security_logout if unspecified. - - - - - Specifies the URL to display once the user has logged out. If not - specified, defaults to /. - - - - - Specifies whether a logout also causes HttpSession invalidation, which is - generally desirable. If unspecified, defaults to true. - - - - - - - The URL that the login form is posted to. If unspecified, it defaults to - /j_spring_security_check. - - - - - The URL that will be redirected to after successful authentication, if the - user's previous action could not be resumed. This generally happens if the user visits a - login page without having first requested a secured operation that triggers - authentication. If unspecified, defaults to the root of the - application. - - - - - Whether the user should always be redirected to the default-target-url - after login. - - - - - The URL for the login page. If no login URL is specified, Spring Security - will automatically create a login URL at /spring_security_login and a corresponding filter - to render that login URL when requested. - - - - - The URL for the login failure page. If no login failure URL is specified, - Spring Security will automatically create a failure login URL at - /spring_security_login?login_error and a corresponding filter to render that login failure - URL when requested. - - - - - - Sets up form login for authentication with an Open ID - identity - - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - - Used to explicitly configure a FilterChainProxy instance with a - FilterChainMap - - - - - - Used within filter-chain-map to define a specific URL pattern and the - list of filters which apply to the URLs matching that pattern. When multiple - filter-chain elements are used within a filter-chain-map element, the most specific - patterns must be placed at the top of the list, with most general ones at the - bottom. - - - - - - - - - - - - - - - - - - - Used to explicitly configure a FilterInvocationDefinitionSource bean for use - with a FilterSecurityInterceptor. Usually only needed if you are configuring a - FilterChainProxy explicitly, rather than using the <http> element. The - intercept-url elements used should only contain pattern, method and access attributes. Any - others will result in a configuration error. - - - - - - Specifies the access attributes and/or filter list for a particular - set of URLs. - - - - - - - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - as for http element - - - - - Defines the type of pattern used to specify URL paths (either JDK - 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if - unspecified. - - - - - - - - - - - - - The maximum number of sessions a single user can have open at the same - time. Defaults to "1". - - - - - The URL a user will be redirected to if they attempt to use a session - which has been "expired" by the concurrent session controller because they have logged in - again. - - - - - Specifies that an exception should be raised when a user attempts to login - when they already have the maximum configured sessions open. The default behaviour is to - expire the original session. - - - - - Allows you to define an alias for the SessionRegistry bean in order to - access it in your own configuration - - - - - A reference to an external SessionRegistry implementation which will be - used in place of the standard one. - - - - - - - The "key" used to identify cookies from a specific token-based remember-me - application. You should set this to a unique value for your - application. - - - - - Reference to a PersistentTokenRepository bean for use with the persistent - token remember-me implementation. - - - - - A reference to a DataSource bean - - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - The period (in seconds) for which the remember-me cookie should be valid. - - - - - - - - Reference to a PersistentTokenRepository bean for use with the persistent - token remember-me implementation. - - - - - - - Allows a custom implementation of RememberMeServices to be used. Note that - this implementation should return RememberMeAuthenticationToken instances with the same - "key" value as specified in the remember-me element. Alternatively it should register its - own AuthenticationProvider. - - - - - - - - - - The key shared between the provider and filter. This generally does not - need to be set. If unset, it will default to "doesNotMatter". - - - - - The username that should be assigned to the anonymous request. This allows - the principal to be identified, which may be important for logging and auditing. if unset, - defaults to "anonymousUser". - - - - - The granted authority that should be assigned to the anonymous request. - Commonly this is used to assign the anonymous request particular roles, which can - subsequently be used in authorization decisions. If unset, defaults to - "ROLE_ANONYMOUS". - - - - - - - - - - - - - - - - - - - The regular expression used to obtain the username from the certificate's - subject. Defaults to matching on the common name using the pattern - "CN=(.*?),". - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - If you are using namespace configuration with Spring Security, an - AuthenticationManager will automatically be registered. This element allows you to define an - alias to allow you to reference the authentication-manager in your own beans. - - - - - - - - - - The alias you wish to use for the AuthenticationManager - bean - - - - - Allows the session controller to be set on the internal - AuthenticationManager. This should not be used with the <concurrent-session-control - /> element - - - - - - Indicates that the contained user-service should be used as an - authentication source. - - - - - - - element which defines a password encoding strategy. Used by an - authentication provider to convert submitted passwords to hashed versions, for - example. - - - - - - Password salting strategy. A system-wide constant or a property - from the UserDetails object can be used. - - - - - A property of the UserDetails object which will be used as - salt by a password encoder. Typically something like "username" might be - used. - - - - - A single value that will be used as the salt for a password - encoder. - - - - - - - - - - - - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - Element used to decorate an AuthenticationProvider bean to add it to the - internal AuthenticationManager maintained by the namespace. - - - - - - Creates an in-memory UserDetailsService from a properties file or a list of - "user" child elements. - - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - - - - - - - Represents a user in the application. - - - - - - - - - The username assigned to the user. - - - - - The password assigned to the user. This may be hashed if the corresponding - authentication provider supports hashing (remember to set the "hash" attribute of the - "user-service" element). - - - - - One of more authorities granted to the user. Separate authorities with a - comma (but no space). For example, "ROLE_USER,ROLE_ADMINISTRATOR" - - - - - Can be set to "true" to mark an account as locked and - unusable. - - - - - Can be set to "true" to mark an account as disabled and - unusable. - - - - - - Causes creation of a JDBC-based UserDetailsService. - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - - - - - The bean ID of the DataSource which provides the required - tables. - - - - - Defines a reference to a cache for use with a - UserDetailsService. - - - - - An SQL statement to query a username, password, and enabled status given a - username - - - - - An SQL statement to query for a user's granted authorities given a - username. - - - - - An SQL statement to query user's group authorities given a - username. - - - - - A non-empty string prefix that will be added to role strings loaded from - persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the - default is non-empty. - - - - - - - - - - - - Used to indicate that a filter bean declaration should be incorporated into - the security filter chain. If neither the 'after' or 'before' options are supplied, then the - filter must implement the Ordered interface directly. - - - - - The filter immediately after which the custom-filter should be placed in - the chain. This feature will only be needed by advanced users who wish to mix their own - filters into the security filter chain and have some knowledge of the standard Spring - Security filters. The filter names map to specific Spring Security implementation - filters. - - - - - The filter immediately before which the custom-filter should be placed - in the chain - - - - - The explicit position at which the custom-filter should be placed in the - chain. Use if you are replacing a standard filter. - - - - - - - - The filter immediately after which the custom-filter should be placed in - the chain. This feature will only be needed by advanced users who wish to mix their own - filters into the security filter chain and have some knowledge of the standard Spring - Security filters. The filter names map to specific Spring Security implementation filters. - - - - - - - - The filter immediately before which the custom-filter should be placed in - the chain - - - - - - - The explicit position at which the custom-filter should be placed in the - chain. Use if you are replacing a standard filter. - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd deleted file mode 100644 index 1106f7a78a..0000000000 --- a/config/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd +++ /dev/null @@ -1,1251 +0,0 @@ - - - - - - Defines the hashing algorithm used on user passwords. We recommend - strongly against using MD4, as it is a very weak hashing algorithm. - - - - - - - - - - - - - - - - - Whether a string should be base64 encoded - - - - - - - - - - - - - Defines the type of pattern used to specify URL paths (either JDK - 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if - unspecified. - - - - - - - - - - - - - Specifies an IP port number. Used to configure an embedded LDAP server, - for example. - - - - - - - Specifies a URL. - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - - - Defines a reference to a Spring bean Id. - - - - - - - Defines a reference to a cache for use with a - UserDetailsService. - - - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - - Defines a reference to a Spring bean Id. - - - - - Defines the hashing algorithm used on user passwords. We recommend - strongly against using MD4, as it is a very weak hashing algorithm. - - - - - - - - - - - - - - - Whether a string should be base64 encoded - - - - - - - - - - - - - A property of the UserDetails object which will be used as salt by a - password encoder. Typically something like "username" might be used. - - - - - - - A single value that will be used as the salt for a password encoder. - - - - - - - - - - - - - Defines an LDAP server location or starts an embedded server. The url - indicates the location of a remote server. If no url is given, an embedded server will be - started, listening on the supplied port number. The port is optional and defaults to 33389. - A Spring LDAP ContextSource bean will be registered for the server with the id supplied. - - - - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - Specifies a URL. - - - - - Specifies an IP port number. Used to configure an embedded LDAP server, - for example. - - - - - Username (DN) of the "manager" user identity which will be used to - authenticate to a (non-embedded) LDAP server. If omitted, anonymous access will be used. - - - - - - - Explicitly specifies an ldif file resource to load into an embedded LDAP - server - - - - - Optional root suffix for the embedded LDAP server. Default is - "dc=springframework,dc=org" - - - - - - - The optional server to use. If omitted, and a default LDAP server is - registered (using <ldap-server> with no Id), that server will be used. - - - - - - - - Group search filter. Defaults to (uniqueMember={0}). The substituted - parameter is the DN of the user. - - - - - - - Search base for group membership searches. Defaults to - "" (searching from the root). - - - - - - - - - - Search base for user searches. Defaults to "". - - - - - - - The LDAP attribute name which contains the role name which will be used - within Spring Security. Defaults to "cn". - - - - - - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - The optional server to use. If omitted, and a default LDAP server is - registered (using <ldap-server> with no Id), that server will be used. - - - - - - - - Group search filter. Defaults to (uniqueMember={0}). The substituted - parameter is the DN of the user. - - - - - Search base for group membership searches. Defaults to - "ou=groups". - - - - - The LDAP attribute name which contains the role name which will be used - within Spring Security. Defaults to "cn". - - - - - Defines a reference to a cache for use with a - UserDetailsService. - - - - - - Sets up an ldap authentication provider - - - - - - Specifies that an LDAP provider should use an LDAP compare operation - of the user's password to authenticate the user - - - - - - element which defines a password encoding strategy. Used by an - authentication provider to convert submitted passwords to hashed versions, for - example. - - - - - - - - A property of the UserDetails object which will be - used as salt by a password encoder. Typically something like - "username" might be used. - - - - - A single value that will be used as the salt for a - password encoder. - - - - - - - - - - - - - - - - - - - - The optional server to use. If omitted, and a default LDAP server is - registered (using <ldap-server> with no Id), that server will be used. - - - - - - - - Search base for group membership searches. Defaults to - "ou=groups". - - - - - Group search filter. Defaults to (uniqueMember={0}). The substituted - parameter is the DN of the user. - - - - - The LDAP attribute name which contains the role name which will be used - within Spring Security. Defaults to "cn". - - - - - A specific pattern used to build the user's DN, for example - "uid={0},ou=people". The key "{0}" must be present and will be substituted with the - username. - - - - - - - The attribute in the directory which contains the user password. Defaults - to "userPassword". - - - - - Defines the hashing algorithm used on user passwords. We recommend - strongly against using MD4, as it is a very weak hashing algorithm. - - - - - - - - - - - - - - - - Can be used inside a bean definition to add a security interceptor to the - bean and set up access configuration attributes for the bean's methods - - - - - - - - - - - - Optional AccessDecisionManager bean ID to be used by the created method - security interceptor. - - - - - - Defines a protected method and the access control configuration attributes - that apply to it. We strongly advise you NOT to mix "protect" declarations with any services - provided "global-method-security". - - - - - - - - - A method name - - - - - Access configuration attributes list that applies to the method, e.g. - "ROLE_A,ROLE_B". - - - - - - Provides method security for all beans registered in the Spring application - context. Specifically, beans will be scanned for Spring Security annotations and/or matches - with the ordered list of "protect-pointcut" sub-elements. Where there is a match, the beans - will automatically be proxied and security authorization applied to the methods accordingly. - If you use and enable all three sources of method security metadata (ie "protect-pointcut" - declarations, @Secured and also JSR 250 security annotations), the metadata sources will be - queried in that order. In practical terms, this enables you to use XML to override method - security metadata expressed by way of @Secured annotations, with @Secured annotations - overriding method security metadata expressed by JSR 250 annotations. It is perfectly - acceptable to mix and match, with a given Java type using a combination of XML, @Secured and - JSR 250 to express method security metadata (albeit on different - methods). - - - - - - Defines a protected pointcut and the access control configuration - attributes that apply to it. Every bean registered in the Spring application context - that provides a method that matches the pointcut will receive security - authorization. - - - - - - - - - - - - - Specifies whether the use of Spring Security's @Secured annotations should - be enabled for this application context. Please ensure you have the - spring-security-tiger-xxx.jar on the classpath. Defaults to "disabled". - - - - - - - - - - - Specifies whether JSR-250 style attributes are to be used (for example - "RolesAllowed"). This will require the javax.annotation.security classes on the classpath. - Defaults to "disabled". - - - - - - - - - - - Optional AccessDecisionManager bean ID to override the default used for - method security. - - - - - - - An AspectJ expression, including the 'execution' keyword. For example, - 'execution(int com.foo.TargetObject.countLength(String))' (without the - quotes). - - - - - Access configuration attributes list that applies to all methods matching - the pointcut, e.g. "ROLE_A,ROLE_B" - - - - - - Container element for HTTP security configuration - - - - - - Specifies the access attributes and/or filter list for a particular - set of URLs. - - - - - - - - Sets up a form login configuration for authentication with a username - and password - - - - - - - - - Adds support for X.509 client authentication. - - - - - - - - Adds support for basic authentication (this is an element to permit - future expansion, such as supporting an "ignoreFailure" attribute) - - - - - - Incorporates a logout processing filter. Most web applications require - a logout filter, although you may not require one if you write a controller to - provider similar logic. - - - - - - - - Adds support for concurrent session control, allowing limits to be - placed on the number of sessions a user can have. - - - - - - - - - - - - - Adds support for automatically granting all anonymous web requests a - particular principal identity and a corresponding granted - authority. - - - - - - - - Defines the list of mappings between http and https ports for use in - redirects - - - - - - - - - - - - - - - Automatically registers a login form, BASIC authentication, anonymous - authentication, logout services, remember-me and servlet-api-integration. If set to - "true", all of these capabilities are added (although you can still customize the - configuration of each by providing the respective element). If unspecified, defaults to - "false". - - - - - Controls the eagerness with which an HTTP session is created. If not set, - defaults to "ifRequired". - - - - - - - - - - - - Defines the type of pattern used to specify URL paths (either JDK - 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if - unspecified. - - - - - - - - - - - Whether test URLs should be converted to lower case prior to comparing - with defined path patterns. If unspecified, defaults to "true". - - - - - Provides versions of HttpServletRequest security methods such as - isUserInRole() and getPrincipal() which are implemented by accessing the Spring - SecurityContext. Defaults to "true". - - - - - Optional attribute specifying the ID of the AccessDecisionManager - implementation which should be used for authorizing HTTP requests. - - - - - Optional attribute specifying the realm name that will be used for all - authentication features that require a realm name (eg BASIC and Digest authentication). If - unspecified, defaults to "Spring Security Application". - - - - - Indicates whether an existing session should be invalidated when a user - authenticates and a new session started. If set to "none" no change will be made. - "newSession" will create a new empty session. "migrateSession" will create a new session - and copy the session attributes to the new session. Defaults to - "migrateSession". - - - - - - - - - - - - Allows a customized AuthenticationEntryPoint to be - used. - - - - - Corresponds to the observeOncePerRequest property of - FilterSecurityInterceptor. Defaults to "false" - - - - - Allows the access denied page to be set (the user will be redirected here - if an AccessDeniedException is raised). - - - - - - - The pattern which defines the URL path. The content will depend on the - type set in the containing http element, so will default to ant path - syntax. - - - - - The access configuration attributes that apply for the configured - path. - - - - - The HTTP Method for which the access configuration attributes should - apply. If not specified, the attributes will apply to any method. - - - - - - - - - - - - - - - - The filter list for the path. Currently can be set to "none" to remove a - path from having any filters applied. The full filter stack (consisting of all defined - filters, will be applied to any other paths). - - - - - - - - - - Used to specify that a URL must be accessed over http or - https - - - - - - - - - - - - - - Specifies the URL that will cause a logout. Spring Security will - initialize a filter that responds to this particular URL. Defaults to - /j_spring_security_logout if unspecified. - - - - - Specifies the URL to display once the user has logged out. If not - specified, defaults to /. - - - - - Specifies whether a logout also causes HttpSession invalidation, which is - generally desirable. If unspecified, defaults to true. - - - - - - - The URL that the login form is posted to. If unspecified, it defaults to - /j_spring_security_check. - - - - - The URL that will be redirected to after successful authentication, if the - user's previous action could not be resumed. This generally happens if the user visits a - login page without having first requested a secured operation that triggers - authentication. If unspecified, defaults to the root of the - application. - - - - - Whether the user should always be redirected to the default-target-url - after login. - - - - - The URL for the login page. If no login URL is specified, Spring Security - will automatically create a login URL at /spring_security_login and a corresponding filter - to render that login URL when requested. - - - - - The URL for the login failure page. If no login failure URL is specified, - Spring Security will automatically create a failure login URL at - /spring_security_login?login_error and a corresponding filter to render that login failure - URL when requested. - - - - - - Sets up form login for authentication with an Open ID - identity - - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - - Used to explicitly configure a FilterChainProxy instance with a - FilterChainMap - - - - - - Used within filter-chain-map to define a specific URL pattern and the - list of filters which apply to the URLs matching that pattern. When multiple - filter-chain elements are used within a filter-chain-map element, the most specific - patterns must be placed at the top of the list, with most general ones at the - bottom. - - - - - - - - - - - - - - - - - - - Used to explicitly configure a FilterInvocationDefinitionSource bean for use - with a FilterSecurityInterceptor. Usually only needed if you are configuring a - FilterChainProxy explicitly, rather than using the <http> element. The - intercept-url elements used should only contain pattern, method and access attributes. Any - others will result in a configuration error. - - - - - - Specifies the access attributes and/or filter list for a particular - set of URLs. - - - - - - - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - as for http element - - - - - Defines the type of pattern used to specify URL paths (either JDK - 1.4-compatible regular expressions, or Apache Ant expressions). Defaults to "ant" if - unspecified. - - - - - - - - - - - - - - - - Allows you to define an alias for the SessionRegistry bean in order to - access it in your own configuration - - - - - - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - - The key shared between the provider and filter. This generally does not - need to be set. If unset, it will default to "doesNotMatter". - - - - - The username that should be assigned to the anonymous request. This allows - the principal to be identified, which may be important for logging and auditing. if unset, - defaults to "anonymousUser". - - - - - The granted authority that should be assigned to the anonymous request. - Commonly this is used to assign the anonymous request particular roles, which can - subsequently be used in authorization decisions. If unset, defaults to - "ROLE_ANONYMOUS". - - - - - - - - - - - - - - - - - - - The regular expression used to obtain the username from the certificate's - subject. Defaults to matching on the common name using the pattern - "CN=(.*?),". - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - If you are using namespace configuration with Spring Security, an - AuthenticationManager will automatically be registered. This element simple allows you to - define an alias to allow you to reference the authentication-manager in your own beans. - - - - - - - - - The alias you wish to use for the AuthenticationManager - bean - - - - - - Indicates that the contained user-service should be used as an - authentication source. - - - - - - - element which defines a password encoding strategy. Used by an - authentication provider to convert submitted passwords to hashed versions, for - example. - - - - - - - - A property of the UserDetails object which will be used as - salt by a password encoder. Typically something like "username" might be - used. - - - - - A single value that will be used as the salt for a password - encoder. - - - - - - - - - - - - - - - - A reference to a user-service (or UserDetailsService bean) - Id - - - - - - - - - Creates an in-memory UserDetailsService from a properties file or a list of - "user" child elements. - - - - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - - - - - - - Represents a user in the application. - - - - - - - - - The username assigned to the user. - - - - - The password assigned to the user. This may be hashed if the corresponding - authentication provider supports hashing (remember to set the "hash" attribute of the - "user-service" element). - - - - - One of more authorities granted to the user. Separate authorities with a - comma (but no space). For example, "ROLE_USER,ROLE_ADMINISTRATOR" - - - - - Can be set to "true" to mark an account as locked and - unusable. - - - - - - Causes creation of a JDBC-based UserDetailsService. - - - - - A bean identifier, used for referring to the bean elsewhere in the - context. - - - - - - - - - The bean ID of the DataSource which provides the required - tables. - - - - - Defines a reference to a cache for use with a - UserDetailsService. - - - - - An SQL statement to query a username, password, and enabled status given a - username - - - - - An SQL statement to query for a user's granted authorities given a - username. - - - - - An SQL statement to query user's group authorities given a - username. - - - - - - - - - - - - Used to indicate that a filter bean declaration should be incorporated into - the security filter chain. If neither the 'after' or 'before' options are supplied, then the - filter must implement the Ordered interface directly. - - - - - The filter immediately after which the custom-filter should be placed in - the chain. This feature will only be needed by advanced users who wish to mix their own - filters into the security filter chain and have some knowledge of the standard Spring - Security filters. The filter names map to specific Spring Security implementation - filters. - - - - - The filter immediately before which the custom-filter should be placed - in the chain - - - - - The explicit position at which the custom-filter should be placed in the - chain. Use if you are replacing a standard filter. - - - - - - - - The filter immediately after which the custom-filter should be placed in - the chain. This feature will only be needed by advanced users who wish to mix their own - filters into the security filter chain and have some knowledge of the standard Spring - Security filters. The filter names map to specific Spring Security implementation filters. - - - - - - - - The filter immediately before which the custom-filter should be placed in - the chain - - - - - - - The explicit position at which the custom-filter should be placed in the - chain. Use if you are replacing a standard filter. - - - - - - - - - - - - - - - - - - - - - - - - - -