Skip to content

5.5.X only works with spring-security-5.4.xsd schema (XML-based config) #8974

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Emkas opened this issue Aug 19, 2020 · 3 comments
Closed

5.5.X only works with spring-security-5.4.xsd schema (XML-based config) #8974

Emkas opened this issue Aug 19, 2020 · 3 comments
Assignees
@jzheaux @Emkas
Labels
in: config An issue in spring-security-config status: backported An issue that has been backported to maintenance branches type: bug A general bug
Milestone
5.6.0-RC1

Comments

@Emkas
Copy link
Contributor

Emkas commented Aug 19, 2020

Describe the bug
SecurityNamespaceHandler throws BeanDefinitionParsingException when we use version 5.0.X (<= 5.0.18.RELEASE) or 5.1.X (<= 5.1.12.RELEASE) with versioned schema in XML-based configuration. On those branches only spring-security-4.2.xsd can be used (see also 'Workaround').

On branch 5.2 this change skipped directly from 4.2 to 5.2. No updates for 5.0 and 5.1 where provided. So handler is still looking for version 4.2:

private boolean matchesVersionInternal(Element element) {
	String schemaLocation = element.getAttributeNS(
			"http://www.w3.org/2001/XMLSchema-instance", "schemaLocation");
	return schemaLocation.matches("(?m).*spring-security-4\\.2.*.xsd.*")
			|| schemaLocation.matches("(?m).*spring-security.xsd.*")
			|| !schemaLocation.matches("(?m).*spring-security.*");
}

To Reproduce

  1. Use raported version of Spring Security.
  2. Use XML-based config.
  3. Use (the right) versioned schema (e.g. spring-security-5.0.xsd)

Expected behavior
Error free XML parsing, when file is valid against XSD with version compatible with Spring Security version (spring-security-5.0.xsd for 5.0.X and spring-security-5.1.xsd for 5.1.X).

Sample
ContextConfig with namespace like below isn't working with 5.0.18.RELEASE (Aug 05, 2020):

<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:security="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-5.0.xsd">
</beans>

Workaround
Use unversioned schema.
@Emkas Emkas added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Aug 19, 2020
@Emkas
Copy link
Contributor Author

Emkas commented Aug 19, 2020

I'm very sorry for any mistake in this report (if any). This is the first time I'm reporting something on Github :-)

@Emkas
Copy link
Contributor Author

Emkas commented Oct 1, 2021

Branches 5.0 and 5.1 probably won't be fixed, but it looks like the same is now on 5.5.

@Emkas Emkas changed the title 5.0/1.X only works with spring-security-4.2.xsd schema (XML-based config) 5.0/1/5.X only works with spring-security-4.2.xsd schema (XML-based config) Oct 6, 2021
@Emkas Emkas changed the title 5.0/1/5.X only works with spring-security-4.2.xsd schema (XML-based config) 5.0/1.X only works with spring-security-4.2.xsd schema (XML-based config) Oct 6, 2021
@Emkas Emkas mentioned this issue Oct 6, 2021
Merged
@Emkas Emkas changed the title 5.0/1.X only works with spring-security-4.2.xsd schema (XML-based config) 5.5.X only works with spring-security-5.4.xsd schema (XML-based config) Oct 6, 2021
@Emkas
Copy link
Contributor Author

Emkas commented Oct 6, 2021

Since originally reported branches (5.0/1) are EOL, I've changed issue title to 5.5 and created a pull request.

Emkas added a commit to Emkas/spring-security that referenced this issue Oct 7, 2021
@Emkas
SecurityNamespaceHandler: update schema version to 5.5
e5e576e 
Closes spring-projectsgh-8974
jzheaux pushed a commit that referenced this issue Oct 13, 2021
@Emkas @jzheaux
SecurityNamespaceHandler: update schema version to 5.5
944463e 
Closes gh-8974
@spring-projects-issues spring-projects-issues added the status: backported An issue that has been backported to maintenance branches label Oct 13, 2021
Closed
jzheaux added a commit that referenced this issue Oct 13, 2021
@jzheaux
Polish SecurityNamespaceHandler Tests
97dfabe 
Issue gh-8974
jzheaux added a commit that referenced this issue Oct 13, 2021
@jzheaux
Polish SecurityNamespaceHandler Tests
fbb7691 
Issue gh-8974
@jzheaux jzheaux removed the status: waiting-for-triage An issue we've not yet triaged label Oct 13, 2021
@jzheaux jzheaux assigned jzheaux and Emkas and unassigned jgrandja Oct 13, 2021
@jzheaux jzheaux added this to the 5.5.3 milestone Oct 13, 2021
@jzheaux jzheaux added the in: config An issue in spring-security-config label Oct 13, 2021
@jzheaux jzheaux modified the milestones: 5.5.3, 5.6.0-RC1 Oct 13, 2021
@in-fke in-fke mentioned this issue Jun 3, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

@Emkas Emkas

Labels
in: config An issue in spring-security-config status: backported An issue that has been backported to maintenance branches type: bug A general bug
Projects
None yet
Milestone
5.6.0-RC1
Development

No branches or pull requests
4 participants
@jzheaux @Emkas @jgrandja @spring-projects-issues