0

Here is the header of my spring-security.xml :

<?xml version="1.0" encoding="UTF-8" ?>
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:sec="http://www.springframework.org/schema/security"
         xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
         xmlns:context="http://www.springframework.org/schema/context"  
         xmlns:mvc="http://www.springframework.org/schema/mvc"  

         xsi:schemaLocation="http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.2.xsd
          http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
          http://www.springframework.org/schema/security/oauth2
          http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
          http://www.springframework.org/schema/context
          http://www.springframework.org/schema/context/spring-context-3.2.xsd
          http://www.springframework.org/schema/mvc
          http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd  ">

When starting the server, I am prompted this error :

org.xml.sax.SAXParseException: schema_reference.4: Failed to read schema document 'http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd', because 1) could not find the document; 2) the document could not be read; 3) the root element of the document is not <xsd:schema/>.

My thoughts on this :

  1. The link is valid and the document exists

  2. I can read it and I can even reproduce this error if I place this xsd on my local classpath. So it's not a networking issue.

  3. That's right, the file is starting by <xs:schema> instead of <xsd:schema>. But the source looks legit.

Why do I get this error and how can I get rid of it ?

vaugham
  • 1,821
  • 1
  • 19
  • 38
  • Please provide a [**Minimal, *Complete*, and Verifiable Example (MCVE)**](http://stackoverflow.com/help/mcve) that exhibits the problem. Thanks. – kjhughes Mar 06 '15 at 17:24
  • Just take a spring-mvc minimal example like this http://crunchify.com/simplest-spring-mvc-hello-world-example-tutorial-spring-model-view-controller-tips/ or https://github.com/spring-projects/spring-mvc-showcase/tree/master/src/main . Then, include the five libraries listed with the version in the schemaLocation. Finally, add the almost-empty spring-security.xml provided in the applicationContext.xml. Do not forget to close the tag. Start this application on a tomcat/jboss/jetty server. – vaugham Mar 06 '15 at 19:33
  • Fun fact, I downloaded locally spring-security-oauth2-2.0.xsd, edited all occurences ofl "xs:" prefixes into "xsd:" and changed the 6th line of "xsi:schemaLocation" to "classpath:spring-security-oauth2-2.0.xsd" and it works. But I am no longer using the official xsd. So it is not an acceptable solution. – vaugham Mar 06 '15 at 19:36
  • Spring XSDs are normally also in the JARs, and the mapping of the URL in your schemaLocation is further mapped to an XSD file of your spring-security-oauth2-x.y.z.jar by the spring-security-oauth2-x.y.z.jar\META-INF\spring.schemas. Please check your JAR, perhaps the XSD is missing or the mapping is defect. – Géza Mar 07 '15 at 01:01

1 Answers1

3

Change all your schema locations to use version-less URIs, those XSDs are embedded in Spring JARs.

Because you're using versioned links to XSDs, your application breaks if it can't find that particular version on classpath.

See this SO answer for more details.

Community
  • 1
  • 1
Brian Clozel
  • 56,583
  • 15
  • 167
  • 176