Spring Security
  1. Spring Security
  2. SEC-1433

Reduce APIs dependence on org.springframework.dao.DataAccessException

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Complete
    • Affects Version/s: 3.0.2
    • Fix Version/s: 3.1.0.M1
    • Component/s: None
    • Labels:
      None

      Description

      A number of standard Spring Security classes have a dependency on org.springframework.dao.DataAccessException as thrown exception on some API methods. This seems unnecessary as it introduces a dependency on org.springframework.transaction.jar simply to include this exception type.

      Some of the dependent classes are:

      • org.springframework.security.authentication.encoding.PasswordEncoder
      • org.springframework.security.core.userdetails.UserDetailsService
      • org.springframework.security.authentication.dao.DaoAuthenticationProvider
      • org.springframework.security.access.hierarchicalroles.UserDetailsServiceWrapper (deprecated)

      There are a few others where it's use may be justified, but in general it would feel a lot cleaner if there wasn't a dependence on that jar.

        Activity

        Hide
        Luke Taylor added a comment -

        Unfortunately it isn't really possible to remove the dependency completely. Classes which use Spring JDBC still require this. Spring LDAP also has a dependency on the DataAccessException hierarchy, so in practice LDAP cannot be used without it.

        I've removed the dependency from interfaces and classes which do not use JDBC directly, which should allow people to use these without the spring-tx jar being present, if they choose to do so.

        Show
        Luke Taylor added a comment - Unfortunately it isn't really possible to remove the dependency completely. Classes which use Spring JDBC still require this. Spring LDAP also has a dependency on the DataAccessException hierarchy, so in practice LDAP cannot be used without it. I've removed the dependency from interfaces and classes which do not use JDBC directly, which should allow people to use these without the spring-tx jar being present, if they choose to do so.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Eric Chijioke
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: