From d3f26f09b62fab0229e91f330915ce203bf5702e Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Mon, 4 Feb 2008 21:23:49 +0000
Subject: [PATCH] Added support for locking user accounts in namespace
 <user-service> "user" elements (for use in testing).

---
 .../config/UserServiceBeanDefinitionParser.java       |  8 ++++++--
 .../security/config/spring-security-2.0.rnc           |  4 ++++
 .../security/config/spring-security-2.0.xsd           | 11 +++++++++++
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/config/UserServiceBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/UserServiceBeanDefinitionParser.java
index a5d0a490bf..b932407336 100644
--- a/core/src/main/java/org/springframework/security/config/UserServiceBeanDefinitionParser.java
+++ b/core/src/main/java/org/springframework/security/config/UserServiceBeanDefinitionParser.java
@@ -28,8 +28,10 @@ public class UserServiceBeanDefinitionParser extends AbstractUserDetailsServiceB
 	static final String ELT_USER = "user";
 	static final String ATT_AUTHORITIES = "authorities";
 	static final String ATT_PROPERTIES = "properties";
+	static final String ATT_DISABLED = "disabled";
+    static final String ATT_LOCKED = "locked";
 
-	protected Class getBeanClass(Element element) {
+    protected Class getBeanClass(Element element) {
         return InMemoryDaoImpl.class;
     }
 
@@ -57,8 +59,10 @@ public class UserServiceBeanDefinitionParser extends AbstractUserDetailsServiceB
             Element userElt = (Element) i.next();
             String userName = userElt.getAttribute(ATT_NAME);
             String password = userElt.getAttribute(ATT_PASSWORD);
+            boolean locked = "true".equals(userElt.getAttribute(ATT_LOCKED));
+            boolean disabled = "true".equals(userElt.getAttribute(ATT_DISABLED));
 
-            users.addUser(new User(userName, password, true, true, true, true,
+            users.addUser(new User(userName, password, !disabled, true, true, !locked,
                     AuthorityUtils.commaSeparatedStringToAuthorityArray(userElt.getAttribute(ATT_AUTHORITIES))));
         }
 
diff --git a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc
index f74cb88fe2..490065103c 100644
--- a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc
+++ b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc
@@ -302,6 +302,10 @@ user.attlist &=
 user.attlist &=
 	  ## One of more authorities granted to the user. Separate authorities with a comma (but no space). For example, "ROLE_USER,ROLE_ADMINISTRATOR"
     attribute authorities {xsd:string}
+user.attlist &=
+	  ## Can be set to "true" to mark an account as locked and unusable.
+    attribute locked {"true" | "false"}?
+
 
 jdbc-user-service =
 	  ## Causes creation of a JDBC-based UserDetailsService.
diff --git a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
index dadbf1f28c..97965228c2 100644
--- a/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
+++ b/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd
@@ -705,6 +705,17 @@
         <xs:documentation>One of more authorities granted to the user. Separate authorities with a comma (but no space). For example, "ROLE_USER,ROLE_ADMINISTRATOR"</xs:documentation>
       </xs:annotation>
     </xs:attribute>
+    <xs:attribute name="locked">
+      <xs:annotation>
+        <xs:documentation>Can be set to "true" to mark an account as locked and unusable.</xs:documentation>
+      </xs:annotation>
+      <xs:simpleType>
+        <xs:restriction base="xs:token">
+          <xs:enumeration value="true"/>
+          <xs:enumeration value="false"/>
+        </xs:restriction>
+      </xs:simpleType>
+    </xs:attribute>
   </xs:attributeGroup>
   <xs:element name="jdbc-user-service">
     <xs:annotation>