Mike Youngstrom (Migrated from SEC-1253) said:
It would be nice to be able to use spring-security-config NamespaceHandlers without having to include the spring-security-web module in the project.
I shouldn't need to include the bloat of -web and it's transitive dependencies if my project is headless and I want to use -config.
One way this could potentially done by checking to see if a dependent spring-security-web class is in the classpath and only load the Parser if it is. In my cursory search the only problematic parsers appear to be:
But there may be more.
Mike Youngstrom said:
Perhaps with this change spring-security-web can also be made "optional" in the -config pom.
Here is a patch to fix this problem. This patch takes the approach of only loading the parsers that have direct dependence on web classes if UrlMatcher is in the classpath since the only reason these parsers won't load without the -web module is because of the UrlMatcher classes. I converted the other class dependencies to string classname BeanDefinitions.
The other way to fix this is to move the UrlMatcher suite of classes into -core since those are the only problem classes left now.
PLEASE fix this for 3.0. It is really ugly to have to include the -web module and its dependencies into my headless projects just so that I can use the NamespaceHandler.
Luke Taylor said:
I've added a check for a web module class before attempting to load the web bean parsers. That seems to be working without any additional modifications (I've added namespace use to the dms sample, which doesn't have a web part, and that is now running OK). Can you try it out please?
Looks good. However, do you think we can make spring-web optional in spring-security-config also?
You did spring-security-web and that's good. I was wondering about spring-web.
Doh. Yes. That makes sense. I made the change (committed under another issue by mistake).