12 years ago · 18bd82e7d4
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
@@ -524,7 +524,7 @@ session-management.attlist &=
 
				     ## Allows injection of the SessionAuthenticationStrategy instance used by the SessionManagementFilter
			
 
				     attribute session-authentication-strategy-ref {xsd:token}?
			
 
				 session-management.attlist &=
			
 
				-    ## Defines the URL of the error page which should be shown when the SessionAuthenticationStrategy raises an exception. If not set, an unauthorized (402) error code will be returned to the client. Note that this attribute doesn't apply if the error occurs during a form-based login, where the URL for authentication failure will take precedence.
			
 
				+    ## Defines the URL of the error page which should be shown when the SessionAuthenticationStrategy raises an exception. If not set, an unauthorized (401) error code will be returned to the client. Note that this attribute doesn't apply if the error occurs during a form-based login, where the URL for authentication failure will take precedence.
			
 
				     attribute session-authentication-error-url {xsd:token}?
			
 
				 
			
 
				 
			
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.rnc
@@ -524,7 +524,7 @@ session-management.attlist &=
 
				     ## Allows injection of the SessionAuthenticationStrategy instance used by the SessionManagementFilter
			
 
				     attribute session-authentication-strategy-ref {xsd:token}?
			
 
				 session-management.attlist &=
			
 
				-    ## Defines the URL of the error page which should be shown when the SessionAuthenticationStrategy raises an exception. If not set, an unauthorized (402) error code will be returned to the client. Note that this attribute doesn't apply if the error occurs during a form-based login, where the URL for authentication failure will take precedence.
			
 
				+    ## Defines the URL of the error page which should be shown when the SessionAuthenticationStrategy raises an exception. If not set, an unauthorized (401) error code will be returned to the client. Note that this attribute doesn't apply if the error occurs during a form-based login, where the URL for authentication failure will take precedence.
			
 
				     attribute session-authentication-error-url {xsd:token}?
			
 
				 
			
 
				 
			
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.2.xsd
@@ -1702,7 +1702,7 @@
 
				       <xs:attribute name="session-authentication-error-url" type="xs:token">
			
 
				          <xs:annotation>
			
 
				             <xs:documentation>Defines the URL of the error page which should be shown when the
			
 
				-                SessionAuthenticationStrategy raises an exception. If not set, an unauthorized (402) error
			
 
				+                SessionAuthenticationStrategy raises an exception. If not set, an unauthorized (401) error
			
 
				                 code will be returned to the client. Note that this attribute doesn't apply if the error
			
 
				                 occurs during a form-based login, where the URL for authentication failure will take
			
 
				                 precedence.
			
--- a/docs/manual/src/docbook/appendix-namespace.xml
+++ b/docs/manual/src/docbook/appendix-namespace.xml
@@ -1200,7 +1200,7 @@
 
				                 <section xml:id="nsa-session-management-session-authentication-error-url">
			
 
				                     <title><literal>session-authentication-error-url</literal></title>
			
 
				                     <para>Defines the URL of the error page which should be shown when the SessionAuthenticationStrategy
			
 
				-                        raises an exception. If not set, an unauthorized (402) error code will be returned to the client.
			
 
				+                        raises an exception. If not set, an unauthorized (401) error code will be returned to the client.
			
 
				                         Note that this attribute doesn't apply if the error occurs during a form-based login, where the URL
			
 
				                         for authentication failure will take precedence.</para>
			
 
				                 </section>
			
--- a/docs/manual/src/docbook/namespace-config.xml
+++ b/docs/manual/src/docbook/namespace-config.xml
@@ -509,7 +509,7 @@
 
				                     <literal>authentication-failure-url</literal> if form-based login is being used.
			
 
				                     If the second authentication takes place through another non-interactive
			
 
				                     mechanism, such as <quote>remember-me</quote>, an <quote>unauthorized</quote>
			
 
				-                    (402) error will be sent to the client. If instead you want to use an error
			
 
				+                    (401) error will be sent to the client. If instead you want to use an error
			
 
				                     page, you can add the attribute
			
 
				                     <literal>session-authentication-error-url</literal> to the
			
 
				                     <literal>session-management</literal> element. </para>