Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1433: Reduce APIs dependence on org.springframework.dao.DataAccessException #1676

spring-issuemaster opened this Issue Mar 7, 2010 · 1 comment


None yet
1 participant

Eric Chijioke (Migrated from SEC-1433) said:

A number of standard Spring Security classes have a dependency on org.springframework.dao.DataAccessException as thrown exception on some API methods. This seems unnecessary as it introduces a dependency on org.springframework.transaction.jar simply to include this exception type.

Some of the dependent classes are:

  • org.springframework.security.authentication.encoding.PasswordEncoder
  • org.springframework.security.core.userdetails.UserDetailsService
  • org.springframework.security.authentication.dao.DaoAuthenticationProvider
  • org.springframework.security.access.hierarchicalroles.UserDetailsServiceWrapper (deprecated)

There are a few others where it's use may be justified, but in general it would feel a lot cleaner if there wasn't a dependence on that jar.

Luke Taylor said:

Unfortunately it isn't really possible to remove the dependency completely. Classes which use Spring JDBC still require this. Spring LDAP also has a dependency on the DataAccessException hierarchy, so in practice LDAP cannot be used without it.

I've removed the dependency from interfaces and classes which do not use JDBC directly, which should allow people to use these without the spring-tx jar being present, if they choose to do so.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment