Spring Security SpEL cannot be used on several <user> tag attributes

Summary

See this Stackoverflow question.

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:context="http://www.springframework.org/schema/context"
             xmlns:security="http://www.springframework.org/schema/security"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">

<authentication-manager erase-credentials="true">
    <authentication-provider>
        <user-service>
        <user disabled="${auth.admin.enabled}" name="${auth.admin.user}"
              password="*****"/>
        </user-service>
    </authentication-provider>
</authentication-manager>

</beans:beans>

I'm trying to make the user disabled by SpEL expression value in Spring XML config. Since the user's "disabled" attribute is xs:boolean, XML validation doesn't accept SpEL syntax to this field.

Actual Behavior

XML validation fails if SpEL expression is used in "disabled" attribute of <user> tag.

Expected Behavior

XML validation passes, it is possible to use SpEL expressions for any <user> attribute.

Configuration

See cummary

Version

Spring Security 5.0.3 RELEASE

Sample

See Summary

Comment From: rwinch

Thanks for the report. Would you be interested in submitting a PR for this?

Comment From: skapral

@rwinch will try. Thanks.

Comment From: rwinch

Awesome! Let me know if you need any assistance. If you aren't aware...take a look at the rnc files. You can generate the schema using ./gradlew rncToXsd

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.