How do you know which XML parameters a Spring configuration tag has?
-
12-09-2019 - |
Question
I was just reading an article that showed the following Spring Security XML configuration:
<authentication-provider>
<password-encoder hash="sha" />
<jdbc-user-service data-source-ref="dataSource" />
</authentication-provider>
I wondered if password-encoder could take some combination of parameters that would make it use SHA-256. I easily found the Java constructor for the ShaPasswordEncoder, but how can I tell whether the password-encoder tag takes the argument for the Java object?
In general, how can one tell what the tags and parameters for Spring configuration are?
For example, how do I know which that ShaPasswordEncoder goes with "password-encoder" (if indeed it does)?
Solution
You look at the XML Schema. For example:
<xs:attribute name="hash">
<xs:annotation>
<xs:documentation>
Defines the hashing algorithm used on user passwords. We recommend
strongly against using MD4, as it is a very weak hashing algorithm.
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="plaintext"/>
<xs:enumeration value="sha"/>
<xs:enumeration value="sha-256"/>
<xs:enumeration value="md5"/>
<xs:enumeration value="md4"/>
<xs:enumeration value="{sha}"/>
<xs:enumeration value="{ssha}"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
So, you should do this:
<authentication-provider>
<password-encoder hash="sha-256" />
<jdbc-user-service data-source-ref="dataSource" />
</authentication-provider>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow