Affects: \Spring Integration Versions:
=4.3.19 =5.0.11 =5.1.2 Related to the Spring Integration versions found here: [https://github.com/advisories/GHSA-wr5r-m8pc-85j9]
When we deployed our application with Spring Integration 5.3.2.RELEASE we discovered that our application failed to deploy to WebSphere 9.0 via script or the console. Deploying via Eclipse worked fine. In the WebSphere SystemOut.log, we found the following error message: "org.springframework.xml.validation.XmlValidationException: Could not create Schema: Failed to load external schema document "wsjar:file:...", because "wsjar" access is not allowed". This occurred when loading XSD files contained in another jar from our interfaces war.
We traced the issue to the org.springframework.xml.validation.SchemaFactoryUtils. class called via Jaxp15ValidatorFactory.createValidator(...) and SchemaLoaderUtils.loadSchema(...). The SchemaFactoryUtils.newInstance(...) method has a hard coded list of protocols (see attached image of code). This list does not include WebSphere's proprietary wsjar protocol.
To resolve our issue, we created a custom XML validator, which adds wsjar to the accepted protocols and applied to our int-xml:validating-filter in our integration flow configuration.
Comment From: sbrannen
The SchemaFactoryUtils class is part of the Spring Web Services project; whereas, this issue tracker is for the core Spring Framework.
Thus, please open an issue in the Spring Web Services issue tracker.
Comment From: willweyant
Thanks Sam! Will post at the provided link.