Bug 1103771

Summary: Introduce XML schema validation for gatein-resources.xml
Product: [JBoss] JBoss Enterprise Portal Platform 6 Reporter: Peter Palaga <ppalaga>
Component: PortalAssignee: Peter Palaga <ppalaga>
Status: CLOSED UPSTREAM QA Contact: Tomas Kyjovsky <tkyjovsk>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.2.0CC: epp-bugs, ppalaga
Target Milestone: ER03   
Target Release: 6.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
A bug in the validator code caused the gatein-resources.xml file to not be validated against the declared XML schema. The validation code has been corrected to validate the file correctly. To ensure backwards compatibility is maintained, the validation is done only for gatein-resources.xml files that use the namespace http://www.gatein.org/xml/ns/gatein_resources_1_5 or newer.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2025-02-10 03:36:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Peter Palaga 2014-06-02 13:54:22 UTC 
Description of problem:
Cloend from https://issues.jboss.org/browse/GTNPORTAL-3501 so that it gets QA'd properly.
There are several lines of code that indicate that org.exoplatform.commons.xml.XMLValidator was originally designed to check if a given document complies with an XML schema declared in it:
factory.setAttribute("http://java.sun.com/xml/jaxp/properties/schemaLanguage", "http://www.w3.org/2001/XMLSchema");        factory.setAttribute("http://java.sun.com/xml/jaxp/properties/schemaSource", schemas);
factory.setNamespaceAware(true);
factory.setValidating(true);
However, there were no tests checking if the validation works and indeed, it does not. It is out of the present scope to investigate what is wrong with XMLValidator and how it can be corrected, because it is too general to be used for validating gatein-resources.xml at this point. The main problem is that if we have not validated so far, there must be a lot of schema-incompatible gatein-resources.xml out there in the wild that were silently accepted by the portal in the past. Therefore, we cannot start validating all gatein-resources.xml files now.
To meet the natural expectation that inputs are properly validated to widest possible extent, I propose to start validating now, but only gatein-resources.xml documents that use the namespace http://www.gatein.org/xml/ns/gatein_resources_1_5 or newer. gatein_resources_1_5.xsd will be introduced these days with fixing 
GTNPORTAL-3485 and GTNPORTAL-3487. In this way we can stay backwards-compatible and start validating from now on.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Peter Palaga 2014-06-02 13:54:50 UTC 
https://github.com/gatein/gatein-portal/pull/863 was merged in upstream.
Comment 3 Tomas Kyjovsky 2014-06-13 17:44:55 UTC 
I tested with 6.2.0.ER3 by modifying several different gatein-resources.xml configs across portal installation. I introduced changes invalid against the gatein_resources_1_5 schema and each time it was caught in GateInResourcesDeployer. Example:

ERROR [org.exoplatform.portal.resource.GateInResourcesDeployer] (MSC service thread 1-4) Could not parse or validate gatein-resources.xml in context 'eXoResources': org.xml.sax.SAXParseException; lineNumber: 29; columnNumber: 15; cvc-complex-type.2.4.a: Invalid content was found starting with element 'css-path'. One of '{"http://www.gatein.org/xml/ns/gatein_resources_1_5":css-priority, "http://www.gatein.org/xml/ns/gatein_resources_1_5":overwrite}' is expected.

In the same way I tested that no schema validation is done for older schema versions (gatein_resources_1_4 and gatein_resources_1_3).
Comment 4 Jared MORGAN 2014-07-01 05:33:51 UTC 
Would the validation fixes be something we should mention for customers? XMLValidator is not something a customer would touch, so I think although this has a customer-facing impact in that customer will see validation issues now, it might not need to be called out explicitly? What do you think?
Comment 5 Peter Palaga 2014-07-03 11:15:24 UTC 
Hi Jared, I definitely find this to have a customer-facing impact. There surely are schema-incompatible gatein-resources.xml out there in the wild that were silently accepted by the portal in the past. And if a customer decides to upgrade such an invalid file to the newest gatein_resources_1.5 schema (because e.g. he wants to add the new CDN loading there), he may get validation errors that he may want to get explained. I have proposed a Doc Text
Comment 6 Red Hat Bugzilla 2025-02-10 03:36:00 UTC 
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.