Spring Security
  1. Spring Security
  2. SEC-1253

Decouple spring-security-config module from spring-security-web

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0 M2
    • Fix Version/s: 3.0.0.RC2
    • Component/s: Namespace
    • Labels:
      None

      Description

      It would be nice to be able to use spring-security-config NamespaceHandlers without having to include the spring-security-web module in the project.

      I shouldn't need to include the bloat of -web and it's transitive dependencies if my project is headless and I want to use -config.

      One way this could potentially done by checking to see if a dependent spring-security-web class is in the classpath and only load the Parser if it is. In my cursory search the only problematic parsers appear to be:

      FilterInvocationSecurityMetadataSourceBeanDefinitionParser
      HttpSecurityBeanDefinitionParser
      FilterChainMapBeanDefinitionDecorator

      But there may be more.

        Activity

        Hide
        Mike Youngstrom added a comment -

        Perhaps with this change spring-security-web can also be made "optional" in the -config pom.

        Show
        Mike Youngstrom added a comment - Perhaps with this change spring-security-web can also be made "optional" in the -config pom.
        Hide
        Mike Youngstrom added a comment -

        Here is a patch to fix this problem. This patch takes the approach of only loading the parsers that have direct dependence on web classes if UrlMatcher is in the classpath since the only reason these parsers won't load without the -web module is because of the UrlMatcher classes. I converted the other class dependencies to string classname BeanDefinitions.

        The other way to fix this is to move the UrlMatcher suite of classes into -core since those are the only problem classes left now.

        PLEASE fix this for 3.0. It is really ugly to have to include the -web module and its dependencies into my headless projects just so that I can use the NamespaceHandler.

        Thanks,
        Mike

        Show
        Mike Youngstrom added a comment - Here is a patch to fix this problem. This patch takes the approach of only loading the parsers that have direct dependence on web classes if UrlMatcher is in the classpath since the only reason these parsers won't load without the -web module is because of the UrlMatcher classes. I converted the other class dependencies to string classname BeanDefinitions. The other way to fix this is to move the UrlMatcher suite of classes into -core since those are the only problem classes left now. PLEASE fix this for 3.0. It is really ugly to have to include the -web module and its dependencies into my headless projects just so that I can use the NamespaceHandler. Thanks, Mike
        Hide
        Luke Taylor added a comment -

        I've added a check for a web module class before attempting to load the web bean parsers. That seems to be working without any additional modifications (I've added namespace use to the dms sample, which doesn't have a web part, and that is now running OK). Can you try it out please?

        Show
        Luke Taylor added a comment - I've added a check for a web module class before attempting to load the web bean parsers. That seems to be working without any additional modifications (I've added namespace use to the dms sample, which doesn't have a web part, and that is now running OK). Can you try it out please?
        Hide
        Mike Youngstrom added a comment -

        Looks good. However, do you think we can make spring-web optional in spring-security-config also?

        Thanks,
        Mike

        Show
        Mike Youngstrom added a comment - Looks good. However, do you think we can make spring-web optional in spring-security-config also? Thanks, Mike
        Show
        Luke Taylor added a comment - I did. https://src.springsource.org/svn/spring-security/trunk/config/pom.xml
        Hide
        Mike Youngstrom added a comment -

        You did spring-security-web and that's good. I was wondering about spring-web.

        Mike

        Show
        Mike Youngstrom added a comment - You did spring-security-web and that's good. I was wondering about spring-web. Mike
        Hide
        Luke Taylor added a comment -

        Doh. Yes. That makes sense. I made the change (committed under another issue by mistake).

        Show
        Luke Taylor added a comment - Doh. Yes. That makes sense. I made the change (committed under another issue by mistake).

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Mike Youngstrom
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: