Fix csrf:token-repository-ref XSD documentation

The documentation of the token-repository-ref attribute of the csrf element in the schema has been updated to make clear the default repository is lazy. Targets versions 4.2, 5.0 and 5.1. Fixes gh-6037
7 years ago · 0af0ee3339
2 changed files with 3 additions and 2 deletions
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.2.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.2.rnc
@ -748,7 +748,7 @@ csrf-options.attlist &=
				@@ -748,7 +748,7 @@ csrf-options.attlist &=
 	## The RequestMatcher instance to be used to determine if CSRF should be applied. Default is any HTTP method except "GET", "TRACE", "HEAD", "OPTIONS"
 	attribute request-matcher-ref { xsd:token }?
 csrf-options.attlist &=
-	## The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository
+	## The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository wrapped by LazyCsrfTokenRepository.
 	attribute token-repository-ref { xsd:token }?

 headers =
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.2.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.2.xsd
@ -2337,7 +2337,8 @@
				@@ -2337,7 +2337,8 @@
      </xs:attribute>
      <xs:attribute name="token-repository-ref" type="xs:token">
         <xs:annotation>
-            <xs:documentation>The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository
+            <xs:documentation>The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository wrapped by
+                LazyCsrfTokenRepository.
                </xs:documentation>
         </xs:annotation>
      </xs:attribute>