Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
SEC-1953: Support Java Config model in Spring Security #2179
Hannes Schmidt said:
I think this is all about the trade-off between the verbosity required for standard configuration on one hand and the complexity and feasibility of exotic configurations on the other. The XML namespace for Spring Security was unfairly favoring standard configurations by being very concise in those cases. Less common configurations were much harder to get right and exotic ones were a nightmare.
The litmus test for this effort should be: Can the user achieve every possible configuration without introducing new mechanisms? One shouldn't have to write a BeanPostProcessor or a namespace handler for a particular configuration. Neither should one have to translate one configuration syntax into another, XML using namespaces into plain XML beans for example. If that means that common configuration be more verbose, so be it. I'd rather climb an initial hurdle of learning all the building blocks -- if the building blocks empower me to do everything I want -- than a trivial first step with a large paradigmatic gap to the second one.
Rob Winch said:
I'm currently targeting a milestone release within the next month. However, I am hung up on a few issues that need sorted out before I am comfortable releasing it even in a milestone version. In short, the beans created using the Security Java Config do not participate in life cycle methods and due to the number of permutations of Security configuration available (many of which have optional dependencies) this is fairly difficult to get to work.