Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1253: Decouple spring-security-config module from spring-security-web #1503

spring-issuemaster opened this Issue Sep 29, 2009 · 7 comments


None yet
1 participant

Mike Youngstrom (Migrated from SEC-1253) said:

It would be nice to be able to use spring-security-config NamespaceHandlers without having to include the spring-security-web module in the project.

I shouldn't need to include the bloat of -web and it's transitive dependencies if my project is headless and I want to use -config.

One way this could potentially done by checking to see if a dependent spring-security-web class is in the classpath and only load the Parser if it is. In my cursory search the only problematic parsers appear to be:


But there may be more.

Mike Youngstrom said:

Perhaps with this change spring-security-web can also be made "optional" in the -config pom.

Mike Youngstrom said:

Here is a patch to fix this problem. This patch takes the approach of only loading the parsers that have direct dependence on web classes if UrlMatcher is in the classpath since the only reason these parsers won't load without the -web module is because of the UrlMatcher classes. I converted the other class dependencies to string classname BeanDefinitions.

The other way to fix this is to move the UrlMatcher suite of classes into -core since those are the only problem classes left now.

PLEASE fix this for 3.0. It is really ugly to have to include the -web module and its dependencies into my headless projects just so that I can use the NamespaceHandler.


Luke Taylor said:

I've added a check for a web module class before attempting to load the web bean parsers. That seems to be working without any additional modifications (I've added namespace use to the dms sample, which doesn't have a web part, and that is now running OK). Can you try it out please?

Mike Youngstrom said:

Looks good. However, do you think we can make spring-web optional in spring-security-config also?


Mike Youngstrom said:

You did spring-security-web and that's good. I was wondering about spring-web.


Luke Taylor said:

Doh. Yes. That makes sense. I made the change (committed under another issue by mistake).

@spring-issuemaster spring-issuemaster added this to the 3.0.0.RC2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment