Hello, I am using spring-security 5.0.6 and I want to make max-sessions field configurable from a properties file So I did this :
<security:session-management>
<security:concurrency-control max-sessions="${security.maxSessions}" session-registry-ref="sessionRegistry""/>
</security:session-management>
But i get this error : Multiple annotations found at this line: - cvc-datatype-valid.1.2.1: '${security.maxSessions}' is not a valid value for 'integer'. - cvc-attribute.3: The value '${security.maxSessions}' of attribute 'max-sessions' on element 'security:concurrency-control' is not valid with respect to its type, 'integer'. Is there any solution to make it configurable ? Thanks,
Comment From: mazenaissa
I suggest to change the type of max-sessions from "xs:integer" to "xs:token" or "xs:string" in http://www.springframework.org/schema/security/spring-security.xsd , so we can configure it dynamically from properties.
Comment From: jzheaux
@mazenaissa, thanks for the suggestion. Would you be able to submit a PR to add the feature?
You can see an example of resolving placeholders in HeadersBeanDefinitionParser.
Comment From: mazenaissa
Hello @jzheaux When trying to submit the PR I faced this error : git-receive-pack not permitted The feature can be added on which versions ? From 5.0 to 5.5 ? And in order to change the type of max-sessions to token I must change the spring-security.rnc and spring-security.xsd right ? Thanks,
Comment From: jzheaux
Good questions, @mazenaissa, let's see if I can help.
When trying to submit the PR I faced this error : git-receive-pack not permitted
This usually means you don't have permissions. Are you pushing to your fork of the repo?
The feature can be added on which versions ? From 5.0 to 5.5 ?
Since it is a new feature, let's add it to 5.5
And in order to change the type of max-sessions to token I must change the spring-security.rnc and spring-security.xsd right ?
You should be able to create the rnc and then run the rncToXsd gradle task:
./gradlew :spring-security-config:rncToXsd
Comment From: mazenaissa
Thanks for your reply. 1- I am pushing to spring security project, branch master. 2- If it will be added only in v5.5, do the default spring-security.xsd will have it ? As I am using spring security v5.0.6 jars and importing the xsd in my XML configuration without version, e,g spring-security-5.5.xsd. 3- So I need only to commit the change on the rnc file and test the generation of xsd to see if everything works well ?
Comment From: jzheaux
1- I am pushing to spring security project, branch master.
To make a contribution, please follow these steps:
- Fork the project and clone it locally
- Create a branch, you might name it
gh-9202:
git checkout -b gh-9202
- Make your changes and commit
- Push to your fork
- Open a PR to merge your fork's branch with Spring Security master
2- If it will be added only in v5.5, do the default spring-security.xsd will have it ?
spring-security.xsd points to the latest version of the schema.
But, 5.0.6 won't resolve placeholders for max-sessions, even when pointing to the latest schema. The reason is that it's the Java code that resolves the placeholder, not the schema. The first version that can use your feature is 5.5.
3- So I need only to commit the change on the rnc file and test the generation of xsd to see if everything works well ?
To add this support, you should do the following:
- Update
spring-security-5.5.rnc - Run
./gradlew :spring-security-config:rncToXsdto update the XSD - Update
HttpConfigurationBuilder.javato resolve the placeholder, similar to how it's done inHeaderBeanDefinitionParser.
Comment From: mazenaissa
Hello @jzheaux Could you please see why the PR's pipeline fails ? Thanks,
Comment From: mazenaissa
Hello @jzheaux The problem of unauthorized is resolved, I retried pushing the branch and the pipeline succeeded. You can accept the PR :) Thanks,
Comment From: mazenaissa
Hello @jzheaux All changes are in this PR #9328 Thanks,
Comment From: mazenaissa
Hello @jzheaux Thanks for the copyright year update, you know it's the start of the new year and that kind of errors happens a lot hh. Thanks,