Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1215: SpringSecurity 2.0.5.RELEASE JAR does not contain latest XSD #1467

spring-issuemaster opened this Issue Aug 1, 2009 · 2 comments


None yet
1 participant

Oliver Gierke (Migrated from SEC-1215) said:

The JARs for spring-security-2.0.5.RELEASE only contain XSD files up to 2.0.4. Those do not allow a ref attribute at the salt-source element. In my config file I reference http://www.springframework.org/schema/security/spring-security.xsd that (if accessed through a browser) contains the declaration of the ref attribute. Don't know which one is the most recent one but spring.schemas in the JAR links http://www.springframework.org/schema/security/spring-security.xsd to the 2.0.4 version of the XSD that misses the attribute declaration.

Oliver Gierke said:

I just saw that the SaltSourceBeanDefinitionParser does not handle ref attribute at all. So I wonder why the unversioned XSD in the web features this attribute at all. Is this some features of the upcoming 3.0 versions leaking?

Luke Taylor said:

Yes, the spring-security.xsd matches the latest version, which in this case is spring-security-3.0.xsd.

This isn't really a bug, as there will always be a problem if you edit against the web version and add attributes from the most up-to-date schema and then later attempt to use them with an older version. Which reminds me that I need to update the 3.0 versions as they have changed quite a bit since those were uploaded...

@spring-issuemaster spring-issuemaster added this to the 3.0.0 M2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment