SEC-1215: SpringSecurity 2.0.5.RELEASE JAR does not contain latest XSD #1467

spring-issuemaster opened this Issue Aug 1, 2009 · 2 comments


None yet
1 participant

Oliver Gierke (Migrated from SEC-1215) said:

The JARs for spring-security-2.0.5.RELEASE only contain XSD files up to 2.0.4. Those do not allow a ref attribute at the salt-source element. In my config file I reference that (if accessed through a browser) contains the declaration of the ref attribute. Don't know which one is the most recent one but spring.schemas in the JAR links to the 2.0.4 version of the XSD that misses the attribute declaration.

Oliver Gierke said:

I just saw that the SaltSourceBeanDefinitionParser does not handle ref attribute at all. So I wonder why the unversioned XSD in the web features this attribute at all. Is this some features of the upcoming 3.0 versions leaking?

Luke Taylor said:

Yes, the spring-security.xsd matches the latest version, which in this case is spring-security-3.0.xsd.

This isn't really a bug, as there will always be a problem if you edit against the web version and add attributes from the most up-to-date schema and then later attempt to use them with an older version. Which reminds me that I need to update the 3.0 versions as they have changed quite a bit since those were uploaded...

spring-issuemaster added this to the 3.0.0 M2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment