Oliver Gierke (Migrated from SEC-1215) said:
The JARs for spring-security-2.0.5.RELEASE only contain XSD files up to 2.0.4. Those do not allow a ref attribute at the salt-source element. In my config file I reference http://www.springframework.org/schema/security/spring-security.xsd that (if accessed through a browser) contains the declaration of the ref attribute. Don't know which one is the most recent one but spring.schemas in the JAR links http://www.springframework.org/schema/security/spring-security.xsd to the 2.0.4 version of the XSD that misses the attribute declaration.
Oliver Gierke said:
I just saw that the SaltSourceBeanDefinitionParser does not handle ref attribute at all. So I wonder why the unversioned XSD in the web features this attribute at all. Is this some features of the upcoming 3.0 versions leaking?
Luke Taylor said:
Yes, the spring-security.xsd matches the latest version, which in this case is spring-security-3.0.xsd.
This isn't really a bug, as there will always be a problem if you edit against the web version and add attributes from the most up-to-date schema and then later attempt to use them with an older version. Which reminds me that I need to update the 3.0 versions as they have changed quite a bit since those were uploaded...