SEC-1416: requires-channel should have an xs:restriction / enumeration in the Spring Security XML Schema #1659

Closed
spring-issuemaster opened this Issue Feb 19, 2010 · 1 comment

1 participant

@spring-issuemaster

Peter Mularien (Migrated from SEC-1416) said:

Since requires-channel only works properly in the namespace configuration with the values 'https', 'http', or 'any' (ChannelAttributeFactory will throw an exception otherwise), it seems that it would make sense to restrict the available values by a schema declaration of xs:restriction on this attribute, much as is done with other restricted attributes.

The modified attribute declaration would look like this:

<xs:attribute name="requires-channel">
  <xs:annotation>
    <xs:documentation>Used to specify that a URL must be accessed over http or https, or that there is no preference. The value should be "http", "https" or "any", respectively.</xs:documentation>
  </xs:annotation>
  <xs:simpleType>
    <xs:restriction base="xs:token">
      <xs:enumeration value="http"/>
      <xs:enumeration value="https"/>
      <xs:enumeration value="any"/>
    </xs:restriction>
  </xs:simpleType>
</xs:attribute>
@spring-issuemaster

Luke Taylor said:

This used to be the case (see the 2.0.x schema for example). Unfortunately we can't support placeholders this way, and people requested that it be changed (see previous issues).

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment