5.5.X only works with spring-security-5.4.xsd schema (XML-based config) #8974
Description
Describe the bug
SecurityNamespaceHandler throws BeanDefinitionParsingException when we use version 5.0.X (<= 5.0.18.RELEASE) or 5.1.X (<= 5.1.12.RELEASE) with versioned schema in XML-based configuration. On those branches only spring-security-4.2.xsd can be used (see also 'Workaround').
On branch 5.2 this change skipped directly from 4.2 to 5.2. No updates for 5.0 and 5.1 where provided. So handler is still looking for version 4.2:
private boolean matchesVersionInternal(Element element) {
String schemaLocation = element.getAttributeNS(
"http://www.w3.org/2001/XMLSchema-instance", "schemaLocation");
return schemaLocation.matches("(?m).*spring-security-4\\.2.*.xsd.*")
|| schemaLocation.matches("(?m).*spring-security.xsd.*")
|| !schemaLocation.matches("(?m).*spring-security.*");
}To Reproduce
- Use raported version of Spring Security.
- Use XML-based config.
- Use (the right) versioned schema (e.g.
spring-security-5.0.xsd)
Expected behavior
Error free XML parsing, when file is valid against XSD with version compatible with Spring Security version (spring-security-5.0.xsd for 5.0.X and spring-security-5.1.xsd for 5.1.X).
Sample
ContextConfig with namespace like below isn't working with 5.0.18.RELEASE (Aug 05, 2020):
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-5.0.xsd">
</beans>Workaround
Use unversioned schema.