From fba4fec84bc457bc2b1d95d207b8795cb3ce3cb5 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Sun, 9 Jun 2013 14:41:48 +0100
Subject: [PATCH] SEC-2175: Correct XSD docs on auto-config.

---
 .../security/config/spring-security-3.2.rnc                | 2 +-
 .../security/config/spring-security-3.2.xsd                | 7 +++----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
index 1c79bac818..6d55f40585 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
@@ -292,7 +292,7 @@ http.attlist &=
     ## Allows a RequestMatcher instance to be used, as an alternative to pattern-matching.
     attribute request-matcher-ref { xsd:token }?
 http.attlist &=
-    ## Automatically registers a login form, BASIC authentication, anonymous authentication, logout services, remember-me and servlet-api-integration. If set to "true", all of these capabilities are added (although you can still customize the configuration of each by providing the respective element). If unspecified, defaults to "false".
+    ## A legacy attribute which automatically registers a login form, BASIC authentication and a logout URL and logout services. If unspecified, defaults to "false". We'd recommend you avoid using this and instead explicitly configure the services you require.
     attribute auto-config {xsd:boolean}?
 http.attlist &=
     use-expressions?
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
index cfd12a6618..30319e6412 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
@@ -1057,10 +1057,9 @@
       </xs:attribute>
       <xs:attribute name="auto-config" type="xs:boolean">
          <xs:annotation>
-            <xs:documentation>Automatically registers a login form, BASIC authentication, anonymous authentication,
-                logout services, remember-me and servlet-api-integration. If set to "true", all of these
-                capabilities are added (although you can still customize the configuration of each by
-                providing the respective element). If unspecified, defaults to "false".
+            <xs:documentation>A legacy attribute which automatically registers a login form, BASIC authentication and a
+                logout URL and logout services. If unspecified, defaults to "false". We'd recommend you
+                avoid using this and instead explicitly configure the services you require.
                 </xs:documentation>
          </xs:annotation>
       </xs:attribute>