Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1416: requires-channel should have an xs:restriction / enumeration in the Spring Security XML Schema #1659

Closed
spring-issuemaster opened this Issue Feb 19, 2010 · 1 comment

Comments

Projects
None yet
1 participant

Peter Mularien (Migrated from SEC-1416) said:

Since requires-channel only works properly in the namespace configuration with the values 'https', 'http', or 'any' (ChannelAttributeFactory will throw an exception otherwise), it seems that it would make sense to restrict the available values by a schema declaration of xs:restriction on this attribute, much as is done with other restricted attributes.

The modified attribute declaration would look like this:

<xs:attribute name="requires-channel">
  <xs:annotation>
    <xs:documentation>Used to specify that a URL must be accessed over http or https, or that there is no preference. The value should be "http", "https" or "any", respectively.</xs:documentation>
  </xs:annotation>
  <xs:simpleType>
    <xs:restriction base="xs:token">
      <xs:enumeration value="http"/>
      <xs:enumeration value="https"/>
      <xs:enumeration value="any"/>
    </xs:restriction>
  </xs:simpleType>
</xs:attribute>

Luke Taylor said:

This used to be the case (see the 2.0.x schema for example). Unfortunately we can't support placeholders this way, and people requested that it be changed (see previous issues).

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment