From 21ed5feb8d4c187b8248666885df9d4a76a956e7 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Tue, 26 Oct 2010 13:52:40 +0100 Subject: [PATCH] SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version. --- acl/template.mf | 3 +- aspects/template.mf | 4 +- cas/template.mf | 3 +- .../config/SecurityNamespaceHandler.java | 22 +++++++++++ config/template.mf | 2 + .../core/SpringSecurityCoreVersion.java | 38 +++++++++++++++++++ core/template.mf | 3 +- ldap/template.mf | 4 +- openid/template.mf | 3 +- taglibs/template.mf | 2 + web/template.mf | 2 + 11 files changed, 80 insertions(+), 6 deletions(-) create mode 100644 core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java diff --git a/acl/template.mf b/acl/template.mf index d3abf3d0f2..eec3791c5b 100644 --- a/acl/template.mf +++ b/acl/template.mf @@ -1,3 +1,5 @@ +Implementation-Title: org.springframework.security.acls +Implementation-Version: ${version} Bundle-SymbolicName: org.springframework.security.acls Bundle-Name: Spring Security Acls Bundle-Vendor: SpringSource @@ -18,4 +20,3 @@ Import-Template: org.springframework.util.*;version="[${spring.version}, 3.2.0)";resolution:=optional, net.sf.ehcache.*;version="[1.4.1, 2.0.0)";resolution:=optional, javax.sql.*;version="0";resolution:=optional - \ No newline at end of file diff --git a/aspects/template.mf b/aspects/template.mf index d6b60c1cf2..aeb07873ab 100644 --- a/aspects/template.mf +++ b/aspects/template.mf @@ -1,3 +1,5 @@ +Implementation-Title: org.springframework.security.aspects +Implementation-Version: ${version} Bundle-SymbolicName: org.springframework.security.aspects Bundle-Name: Spring Security Aspects Bundle-Vendor: SpringSource @@ -6,7 +8,7 @@ Bundle-Version: ${version} Ignored-Existing-Headers: Import-Package, Export-Package -Import-Template: +Import-Template: org.aspectj.*;version="[1.6.0, 1.7.0)";resolution:=optional, org.apache.commons.logging.*;version="[1.0.4, 2.0.0)", org.springframework.security.core.*;version="[${version}, 3.2.0)" diff --git a/cas/template.mf b/cas/template.mf index e960f5dbcc..e135ae5c06 100644 --- a/cas/template.mf +++ b/cas/template.mf @@ -1,3 +1,5 @@ +Implementation-Title: org.springframework.security.cas +Implementation-Version: ${version} Bundle-SymbolicName: org.springframework.security.cas Bundle-Name: Spring Security CAS Bundle-Vendor: SpringSource @@ -18,4 +20,3 @@ Import-Template: org.springframework.util;version="[${spring.version}, 3.2.0)", net.sf.ehcache.*;version="[1.4.1, 2.0.0)";resolution:=optional, javax.servlet.*;version="0" - \ No newline at end of file diff --git a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java index 17aabc60cf..192cf61f22 100644 --- a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java +++ b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java @@ -3,6 +3,8 @@ package org.springframework.security.config; import java.util.HashMap; import java.util.Map; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.beans.factory.config.BeanDefinitionHolder; import org.springframework.beans.factory.xml.BeanDefinitionDecorator; @@ -23,6 +25,7 @@ import org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionPar import org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser; import org.springframework.security.config.method.InterceptMethodsBeanDefinitionDecorator; import org.springframework.security.config.method.MethodSecurityMetadataSourceBeanDefinitionParser; +import org.springframework.security.core.SpringSecurityCoreVersion; import org.springframework.util.ClassUtils; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -35,10 +38,29 @@ import org.w3c.dom.Node; * @since 2.0 */ public final class SecurityNamespaceHandler implements NamespaceHandler { + private final Log logger = LogFactory.getLog(getClass()); private final Map parsers = new HashMap(); private final BeanDefinitionDecorator interceptMethodsBDD = new InterceptMethodsBeanDefinitionDecorator(); private BeanDefinitionDecorator filterChainMapBDD; + public SecurityNamespaceHandler() { + String coreVersion = SpringSecurityCoreVersion.getVersion(); + + Package pkg = SpringSecurityCoreVersion.class.getPackage(); + + if (pkg == null || coreVersion == null) { + logger.info("Couldn't determine package version information."); + return; + } + + String version = pkg.getImplementationVersion(); + logger.info("Spring Security 'config' module version is " + version); + + if (version.compareTo(coreVersion) != 0) { + logger.error("You are running with different versions of the Spring Security 'core' and 'config' modules"); + } + } + public BeanDefinition parse(Element element, ParserContext pc) { if (!namespaceMatchesVersion(element)) { pc.getReaderContext().fatal("You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd schema " + diff --git a/config/template.mf b/config/template.mf index a0845407b4..fce9ccf156 100644 --- a/config/template.mf +++ b/config/template.mf @@ -1,3 +1,5 @@ +Implementation-Title: org.springframework.security.config +Implementation-Version: ${version} Bundle-SymbolicName: org.springframework.security.config Bundle-Name: Spring Security Namespace Configuration Bundle-Vendor: SpringSource diff --git a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java new file mode 100644 index 0000000000..d5d1c12b9a --- /dev/null +++ b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java @@ -0,0 +1,38 @@ +package org.springframework.security.core; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.core.SpringVersion; + +/** + * Internal class used for checking version compatibility in a deployed application. + * + * @author Luke Taylor + */ +public class SpringSecurityCoreVersion { + private static final Log logger = LogFactory.getLog(SpringSecurityCoreVersion.class); + + static { + // Check Spring Compatibility + String springVersion = SpringVersion.getVersion(); + String version = getVersion(); + + if (springVersion != null) { + // TODO: Generate version class and information dynamically from a template in the build file + logger.info("You are running with Spring Security Core " + springVersion); + if (!springVersion.startsWith("3")) { + logger.error("Spring Major version '3' expected, but you are running with version: " + springVersion); + } + + if (springVersion.compareTo("3.0.5") < 0) { + logger.warn("You are advised to use Spring 3.0.5 or later with this version. You are running: " + + springVersion); + } + } + } + + public static String getVersion() { + Package pkg = SpringSecurityCoreVersion.class.getPackage(); + return (pkg != null ? pkg.getImplementationVersion() : null); + } +} diff --git a/core/template.mf b/core/template.mf index 67c58ea98f..21f0fbb974 100644 --- a/core/template.mf +++ b/core/template.mf @@ -1,3 +1,5 @@ +Implementation-Title: org.springframework.security.core +Implementation-Version: ${version} Bundle-SymbolicName: org.springframework.security.core Bundle-Name: Spring Security Core Bundle-Vendor: SpringSource @@ -25,4 +27,3 @@ Import-Template: javax.crypto.*;version="0";resolution:=optional, javax.security.auth.*;version="0";resolution:=optional, javax.naming.*;version="0";resolution:=optional - \ No newline at end of file diff --git a/ldap/template.mf b/ldap/template.mf index ac6ec159b6..58ed3b2633 100644 --- a/ldap/template.mf +++ b/ldap/template.mf @@ -1,3 +1,5 @@ +Implementation-Title: org.springframework.security.ldap +Implementation-Version: ${version} Bundle-SymbolicName: org.springframework.security.ldap Bundle-Name: Spring Security LDAP Bundle-Vendor: SpringSource @@ -21,4 +23,4 @@ Import-Template: org.springframework.dao.*;version="[${spring.version}, 3.2.0)";resolution:=optional, org.springframework.util.*;version="[${spring.version}, 3.2.0)", javax.naming.*;version="0";resolution:=optional, - netscape.ldap.ber.stream;version="[4.1, 5.0)";resolution:=optional \ No newline at end of file + netscape.ldap.ber.stream;version="[4.1, 5.0)";resolution:=optional diff --git a/openid/template.mf b/openid/template.mf index 2c1aa73ecd..dedb9c1452 100644 --- a/openid/template.mf +++ b/openid/template.mf @@ -1,3 +1,5 @@ +Implementation-Title: org.springframework.security.openid +Implementation-Version: ${version} Bundle-SymbolicName: org.springframework.security.openid Bundle-Name: Spring Security OpenID Bundle-Vendor: SpringSource @@ -15,4 +17,3 @@ Import-Template: org.springframework.util;version="[${spring.version}, 3.2.0)", org.openid4java.*;version="[0.9.5, 1.0.0)", javax.servlet.*;version="0" - \ No newline at end of file diff --git a/taglibs/template.mf b/taglibs/template.mf index 2bcfd27270..44a5a2e82f 100644 --- a/taglibs/template.mf +++ b/taglibs/template.mf @@ -1,3 +1,5 @@ +Implementation-Title: org.springframework.security.taglibs +Implementation-Version: ${version} Bundle-SymbolicName: org.springframework.security.taglibs Bundle-Name: Spring Security Taglibs Bundle-Vendor: SpringSource diff --git a/web/template.mf b/web/template.mf index f05c050e25..3fd0c2a866 100644 --- a/web/template.mf +++ b/web/template.mf @@ -1,3 +1,5 @@ +Implementation-Title: org.springframework.security.web +Implementation-Version: ${version} Bundle-SymbolicName: org.springframework.security.web Bundle-Name: Spring Security Web Bundle-Vendor: SpringSource