0

My application used to work fine during the development. But when it is being deployed environment without internet it started to complain because of spring-security-oauth2 schema location. My complete schema declaration was below.

<beans xmlns="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2" 
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/security/oauth2 
http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
http://www.springframework.org/schema/context 
http://www.springframework.org/schema/context/spring-context-4.3.xsd">

It worked fine when the internet is available. But without internet, it could not resolve schemalLocation. The error is:

2021-01-20 10:25:31,784 ERROR [org.springframework.web.context.ContextLoader] - <Context initialization failed>
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 124 in XML document from class path resource [-----.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: ---; columnNumber: --; cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'oauth:resource-server'.

The reason is, if you check "spring.schema" of spring-security-oauth2, it is referring only "https" URLs. While most of the other spring project's spring.schema is referring to "HTTP" URLs. (It is a separate question why it is so!) Replacing HTTP URL with HTTPS fixes my issue.

Several other people also faced issue because of spring resolving schemaLocaion from the internet for example: Spring schemaLocation fails when there is no internet connection

Question: Is there a way to restrict spring from resolving schemaLocation from the internet and get an error if it is not resolved by jars in classpath? Because that causes the issue could not be identified during development but comes later on production.

Vishal
  • 774
  • 12
  • 27
  • if you read the first comment on the answer in the link you posted it says: `For those who need a summary: Spring can't find the schemas in the classpath. The Spring core JAR has a schema->filename mapping that is included in the JAR. If it cannot resolve this it'll go to the web.` did you try to fix the resolving of the local one? – Toerktumlare Jan 25 '21 at 23:15
  • @Toerktumlare, Yes, that's exactly my problem :) I don't want it to go to the web. If there is any way to stop that and raise an error instead. Right now the only way is to run the code in an environment where the internet is not available. – Vishal Jan 25 '21 at 23:19
  • download the scheme and refer to it localy https://stackoverflow.com/questions/19253402/how-to-reference-a-local-xml-schema-file-correctly – Toerktumlare Jan 25 '21 at 23:34
  • You already have the solution and that is to use https then it will correctly resolve from the jar instead of the internet. Also you are referring to the most recent version of Spring OAuth whereas you are using 1.0 (according to your schema location). Which is [here](https://github.com/spring-projects/spring-security-oauth/blob/1.0.0/spring-security-oauth2/src/main/resources/META-INF/spring.schemas).However if you use the newest release then your schema location should use HTTPS instead of HTTP. – M. Deinum Jan 26 '21 at 07:00

0 Answers0