|
|
@@ -10,7 +10,7 @@ hash =
|
|
|
attribute hash {"plaintext" | "sha" | "sha-256" | "md5" | "md4" | "{sha}" | "{ssha}"}
|
|
|
base64 =
|
|
|
## Whether a string should be base64 encoded
|
|
|
- attribute base64 {"true" | "false"}
|
|
|
+ attribute base64 {xsd:boolean}
|
|
|
request-matcher =
|
|
|
## Supersedes the 'path-type' attribute. Defines the strategy use for matching incoming requests. Currently the options are 'ant' (for ant path patterns), 'regex' for regular expressions and 'iciRegex' for case-insensitive regular expressions.
|
|
|
attribute request-matcher {"ant" | "regex" | "ciRegex"}
|
|
|
@@ -63,15 +63,13 @@ system-wide =
|
|
|
## A single value that will be used as the salt for a password encoder.
|
|
|
attribute system-wide {xsd:token}
|
|
|
|
|
|
-boolean = "true" | "false"
|
|
|
-
|
|
|
role-prefix =
|
|
|
## A non-empty string prefix that will be added to role strings loaded from persistent storage (e.g. "ROLE_"). Use the value "none" for no prefix in cases where the default is non-empty.
|
|
|
attribute role-prefix {xsd:token}
|
|
|
|
|
|
use-expressions =
|
|
|
## Enables the use of expressions in the 'access' attributes in <intercept-url> elements rather than the traditional list of configuration attributes. Defaults to 'false'. If enabled, each attribute should contain a single boolean expression. If the expression evaluates to 'true', access will be granted.
|
|
|
- attribute use-expressions {boolean}
|
|
|
+ attribute use-expressions {xsd:boolean}
|
|
|
|
|
|
ldap-server =
|
|
|
## Defines an LDAP server location or starts an embedded server. The url indicates the location of a remote server. If no url is given, an embedded server will be started, listening on the supplied port number. The port is optional and defaults to 33389. A Spring LDAP ContextSource bean will be registered for the server with the id supplied.
|
|
|
@@ -221,7 +219,7 @@ global-method-security.attlist &=
|
|
|
## Allows the advice "order" to be set for the method security interceptor.
|
|
|
attribute order {xsd:token}?
|
|
|
global-method-security.attlist &=
|
|
|
- attribute proxy-target-class {boolean}?
|
|
|
+ attribute proxy-target-class {xsd:boolean}?
|
|
|
global-method-security.attlist &=
|
|
|
## Can be used to specify that AspectJ should be used instead of the default Spring AOP. If set, secured classes must be woven with the AnnotationSecurityAspect from the spring-security-aspects module.
|
|
|
attribute mode {"aspectj"}?
|
|
|
@@ -272,7 +270,7 @@ http.attlist &=
|
|
|
|
|
|
http.attlist &=
|
|
|
## Automatically registers a login form, BASIC authentication, anonymous authentication, logout services, remember-me and servlet-api-integration. If set to "true", all of these capabilities are added (although you can still customize the configuration of each by providing the respective element). If unspecified, defaults to "false".
|
|
|
- attribute auto-config {boolean}?
|
|
|
+ attribute auto-config {xsd:boolean}?
|
|
|
http.attlist &=
|
|
|
use-expressions?
|
|
|
http.attlist &=
|
|
|
@@ -288,10 +286,10 @@ http.attlist &=
|
|
|
path-type?
|
|
|
http.attlist &=
|
|
|
## Provides versions of HttpServletRequest security methods such as isUserInRole() and getPrincipal() which are implemented by accessing the Spring SecurityContext. Defaults to "true".
|
|
|
- attribute servlet-api-provision {boolean}?
|
|
|
+ attribute servlet-api-provision {xsd:boolean}?
|
|
|
http.attlist &=
|
|
|
## If available, runs the request as the Subject acquired from the JaasAuthenticationToken. Defaults to "false".
|
|
|
- attribute jaas-api-provision {boolean}?
|
|
|
+ attribute jaas-api-provision {xsd:boolean}?
|
|
|
http.attlist &=
|
|
|
## Optional attribute specifying the ID of the AccessDecisionManager implementation which should be used for authorizing HTTP requests.
|
|
|
attribute access-decision-manager-ref {xsd:token}?
|
|
|
@@ -303,13 +301,13 @@ http.attlist &=
|
|
|
attribute entry-point-ref {xsd:token}?
|
|
|
http.attlist &=
|
|
|
## Corresponds to the observeOncePerRequest property of FilterSecurityInterceptor. Defaults to "true"
|
|
|
- attribute once-per-request {boolean}?
|
|
|
+ attribute once-per-request {xsd:boolean}?
|
|
|
http.attlist &=
|
|
|
## Deprecated in favour of the access-denied-handler element.
|
|
|
attribute access-denied-page {xsd:token}?
|
|
|
http.attlist &=
|
|
|
## Prevents the jsessionid parameter from being added to rendered URLs.
|
|
|
- attribute disable-url-rewriting {boolean}?
|
|
|
+ attribute disable-url-rewriting {xsd:boolean}?
|
|
|
|
|
|
access-denied-handler =
|
|
|
## Defines the access-denied strategy that should be used. An access denied page can be defined or a reference to an AccessDeniedHandler instance.
|
|
|
@@ -351,7 +349,7 @@ logout.attlist &=
|
|
|
attribute logout-success-url {xsd:token}?
|
|
|
logout.attlist &=
|
|
|
## Specifies whether a logout also causes HttpSession invalidation, which is generally desirable. If unspecified, defaults to true.
|
|
|
- attribute invalidate-session {boolean}?
|
|
|
+ attribute invalidate-session {xsd:boolean}?
|
|
|
logout.attlist &=
|
|
|
## A reference to a LogoutSuccessHandler implementation which will be used to determine the destination to which the user is taken after logging out.
|
|
|
attribute success-handler-ref {xsd:token}?
|
|
|
@@ -380,7 +378,7 @@ form-login.attlist &=
|
|
|
attribute default-target-url {xsd:token}?
|
|
|
form-login.attlist &=
|
|
|
## Whether the user should always be redirected to the default-target-url after login.
|
|
|
- attribute always-use-default-target {boolean}?
|
|
|
+ attribute always-use-default-target {xsd:boolean}?
|
|
|
form-login.attlist &=
|
|
|
## The URL for the login page. If no login URL is specified, Spring Security will automatically create a login URL at /spring_security_login and a corresponding filter to render that login URL when requested.
|
|
|
attribute login-page {xsd:token}?
|
|
|
@@ -418,7 +416,7 @@ openid-attribute.attlist &=
|
|
|
openid-attribute.attlist &=
|
|
|
attribute type {xsd:token}
|
|
|
openid-attribute.attlist &=
|
|
|
- attribute required {boolean}?
|
|
|
+ attribute required {xsd:boolean}?
|
|
|
openid-attribute.attlist &=
|
|
|
attribute count {xsd:int}?
|
|
|
|
|
|
@@ -449,7 +447,7 @@ fsmds.attlist &=
|
|
|
id?
|
|
|
fsmds.attlist &=
|
|
|
## as for http element
|
|
|
- attribute lowercase-comparisons {boolean}?
|
|
|
+ attribute lowercase-comparisons {xsd:boolean}?
|
|
|
fsmds.attlist &=
|
|
|
## Deprecate. Use request-matcher instead.
|
|
|
path-type?
|
|
|
@@ -500,7 +498,7 @@ concurrency-control.attlist &=
|
|
|
attribute expired-url {xsd:token}?
|
|
|
concurrency-control.attlist &=
|
|
|
## Specifies that an unauthorized error should be reported when a user attempts to login when they already have the maximum configured sessions open. The default behaviour is to expire the original session. If the session-authentication-error-url attribute is set on the session-management URL, the user will be redirected to this URL.
|
|
|
- attribute error-if-maximum-exceeded {boolean}?
|
|
|
+ attribute error-if-maximum-exceeded {xsd:boolean}?
|
|
|
concurrency-control.attlist &=
|
|
|
## Allows you to define an alias for the SessionRegistry bean in order to access it in your own configuration.
|
|
|
attribute session-registry-alias {xsd:token}?
|
|
|
@@ -528,7 +526,7 @@ remember-me.attlist &=
|
|
|
|
|
|
remember-me.attlist &=
|
|
|
## Determines whether the "secure" flag will be set on the remember-me cookie. If set to true, the cookie will only be submitted over HTTPS. Defaults to false.
|
|
|
- attribute use-secure-cookie {boolean}?
|
|
|
+ attribute use-secure-cookie {xsd:boolean}?
|
|
|
|
|
|
remember-me.attlist &=
|
|
|
## The period (in seconds) for which the remember-me cookie should be valid.
|
|
|
@@ -558,7 +556,7 @@ anonymous.attlist &=
|
|
|
attribute granted-authority {xsd:token}?
|
|
|
anonymous.attlist &=
|
|
|
## With the default namespace setup, the anonymous "authentication" facility is automatically enabled. You can disable it using this property.
|
|
|
- attribute enabled {boolean}?
|
|
|
+ attribute enabled {xsd:boolean}?
|
|
|
|
|
|
|
|
|
port-mappings =
|
|
|
@@ -605,7 +603,7 @@ authman.attlist &=
|
|
|
attribute alias {xsd:ID}?
|
|
|
authman.attlist &=
|
|
|
## If set to true, the AuthenticationManger will attempt to clear any credentials data in the returned Authentication object, once the user has been authenticated.
|
|
|
- attribute erase-credentials {boolean}?
|
|
|
+ attribute erase-credentials {xsd:boolean}?
|
|
|
|
|
|
authentication-provider =
|
|
|
## Indicates that the contained user-service should be used as an authentication source.
|
|
|
@@ -637,10 +635,10 @@ user.attlist &=
|
|
|
attribute authorities {xsd:token}
|
|
|
user.attlist &=
|
|
|
## Can be set to "true" to mark an account as locked and unusable.
|
|
|
- attribute locked {boolean}?
|
|
|
+ attribute locked {xsd:boolean}?
|
|
|
user.attlist &=
|
|
|
## Can be set to "true" to mark an account as disabled and unusable.
|
|
|
- attribute disabled {boolean}?
|
|
|
+ attribute disabled {xsd:boolean}?
|
|
|
|
|
|
jdbc-user-service =
|
|
|
## Causes creation of a JDBC-based UserDetailsService.
|
Luke Taylor