SEC-1433: Reduce APIs dependence on org.springframework.dao.DataAccessException #1676

Closed
spring-issuemaster opened this Issue Mar 7, 2010 · 1 comment

1 participant

@spring-issuemaster

Eric Chijioke (Migrated from SEC-1433) said:

A number of standard Spring Security classes have a dependency on org.springframework.dao.DataAccessException as thrown exception on some API methods. This seems unnecessary as it introduces a dependency on org.springframework.transaction.jar simply to include this exception type.

Some of the dependent classes are:

  • org.springframework.security.authentication.encoding.PasswordEncoder
  • org.springframework.security.core.userdetails.UserDetailsService
  • org.springframework.security.authentication.dao.DaoAuthenticationProvider
  • org.springframework.security.access.hierarchicalroles.UserDetailsServiceWrapper (deprecated)

There are a few others where it's use may be justified, but in general it would feel a lot cleaner if there wasn't a dependence on that jar.

@spring-issuemaster

Luke Taylor said:

Unfortunately it isn't really possible to remove the dependency completely. Classes which use Spring JDBC still require this. Spring LDAP also has a dependency on the DataAccessException hierarchy, so in practice LDAP cannot be used without it.

I've removed the dependency from interfaces and classes which do not use JDBC directly, which should allow people to use these without the spring-tx jar being present, if they choose to do so.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment