Uploaded image for project: 'Spring Security'
  1. Spring Security
  2. SEC-1452

spring-security-3.0.xsd misses expression-handler tag under http tag

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: 3.0.2
    • Fix Version/s: 3.1.0.RC3
    • Component/s: Web
    • Labels:
      None

      Description

      FilterInvocationSecurityMetadataSourceParser.createSecurityMetadataSource is able to set up a custom expression handler for security tags (I've checked with sec:authorize)
      but since the XSD is missing the tag declaration, you cannot declare that custom handler

      Therefore, while having custom handler for methods (via global-method-security), you can't have it for jsp tags

      Adding the expression-handler declaration (attached simple patch) frees the developer

      The need for this is that I've created my own WebSecurityExpressionRoot implementation with additional methods (hasFunction, hasApplication...)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              luke Luke Taylor
              Reporter:
              federico- Federico Fissore
              Votes:
              9 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: