SEC-1565: You cannot use a spring-security-2.0.xsd schema with Spring Security 3.0 using spring-security-3.0.3.xsd #1806

Closed
spring-issuemaster opened this Issue Sep 7, 2010 · 5 comments

1 participant

@spring-issuemaster

Ian Brandt (Migrated from SEC-1565) said:

I'm getting the following error in Eclipse when referencing the spring-security-3.0.3.xsd schema:

You cannot use a spring-security-2.0.xsd schema with Spring Security 3.0. Please update your schema declarations to the 3.0 schema.

/myproject/web/WEB-INF/spring-security.xml line 8 Spring Beans Problem

Per the docs at http://static.springsource.org/spring-security/site/docs/3.0.x/reference/springsecurity-single.html#d0e344 as referenced on 2010-09-07 my config looks like:

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

    <security:http auto-config="true">
        <security:intercept-url pattern="/**" access="ROLE_USER"/>
    </security:http>
</beans>

From a quick glance at the SecurityNamespaceHandler source I would think the first "(?m).spring-security-3\.0.xsd.*" regex would match, but I'm not currently setup to debug Eclipse itself to see if there is something else going on. Oddly enough if I change to "spring-security-3.0.xsd" and clean the project the error goes away:

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <security:http auto-config="true">
        <security:intercept-url pattern="/**" access="ROLE_USER"/>
    </security:http>
</beans>
@spring-issuemaster

Ian Brandt said:

Hmm, looks like you don't support the JIRA wiki syntax I'm used to, and I also can't seem to edit my own issue, so my apologies for the formatting issues in the description above.

@spring-issuemaster

Luke Taylor said:

In what context is the error occurring? The eclipse editor, running a test, an application or whatever? Where does the error message occur - is there actually a stacktrace or just a message in eclipse?

Do you get the error if you are using standard eclipse without MyEclipse? Maybe their integration has problems with the latest version?

@spring-issuemaster

Rob Winch said:

Just out of curiosity what version of spring-security-config are you using? I believe I have seen users with this issue on the forums. The issue I am thinking of occurs when loading a Spring config using spring-security-config-[3.0,3.0.2].jar and specifying a spring-security namespace of 3.0.3. The validation of the schema version was updated in 3.0.3 to allow for 3.0.x vs 3.0. This update did not occur till then because there were no 3.0.1 and 3.0.2 versions of the schema.

If this is the problem you are encountering, you can fix it by doing one of the following:

1) Upgrade to spring-security-config-3.0.3.jar
2) Change the namespace declaration to be 3.0

@spring-issuemaster

Ian Brandt said:

Thanks for the comments. After some digging it looks like this is a MyEclipse issue, so feel free to resolve as invalid. I'll take this up on the MyEclipse forums.

For anyone else that runs into this here were my findings... The context is in the Eclipse Problems view related to the Spring Beans Project Validators. Just a message, no stack trace. When I run my webapp everything works fine. It looks like MyEclipse 8.6 is using Spring Security 3.0.1 internally dor validation. I do have 3.0.3 in the build path for my project. If I check "Project Properties > MyEclipse > Spring > Beans > Load NamespaceHandlers and XSDs from project's classpath [Experimental]" I can refer to the 3.0.3 XSD without a validation Error. Though then with the config above I do get a warning in the Problems view, "Referenced bean 'org.springframework.security.core.userdetails.memory.InMemoryDaoImpl' not found". If I uncheck the option and fall back on referring to the 3.0 XSD I get a different warning, "Class 'org.springframework.security.core.userdetails.memory.UserMap' is marked deprecated". Neither is a show stopper of course, I'm just documenting them for the sake of completeness.

@spring-issuemaster

Luke Taylor said:

Thanks for investigating further. Closing as requested.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment