Description of problem: Cloend from https://issues.jboss.org/browse/GTNPORTAL-3501 so that it gets QA'd properly. There are several lines of code that indicate that org.exoplatform.commons.xml.XMLValidator was originally designed to check if a given document complies with an XML schema declared in it: factory.setAttribute("http://java.sun.com/xml/jaxp/properties/schemaLanguage", "http://www.w3.org/2001/XMLSchema"); factory.setAttribute("http://java.sun.com/xml/jaxp/properties/schemaSource", schemas); factory.setNamespaceAware(true); factory.setValidating(true); However, there were no tests checking if the validation works and indeed, it does not. It is out of the present scope to investigate what is wrong with XMLValidator and how it can be corrected, because it is too general to be used for validating gatein-resources.xml at this point. The main problem is that if we have not validated so far, there must be a lot of schema-incompatible gatein-resources.xml out there in the wild that were silently accepted by the portal in the past. Therefore, we cannot start validating all gatein-resources.xml files now. To meet the natural expectation that inputs are properly validated to widest possible extent, I propose to start validating now, but only gatein-resources.xml documents that use the namespace http://www.gatein.org/xml/ns/gatein_resources_1_5 or newer. gatein_resources_1_5.xsd will be introduced these days with fixing GTNPORTAL-3485 and GTNPORTAL-3487. In this way we can stay backwards-compatible and start validating from now on. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
https://github.com/gatein/gatein-portal/pull/863 was merged in upstream.
I tested with 6.2.0.ER3 by modifying several different gatein-resources.xml configs across portal installation. I introduced changes invalid against the gatein_resources_1_5 schema and each time it was caught in GateInResourcesDeployer. Example: ERROR [org.exoplatform.portal.resource.GateInResourcesDeployer] (MSC service thread 1-4) Could not parse or validate gatein-resources.xml in context 'eXoResources': org.xml.sax.SAXParseException; lineNumber: 29; columnNumber: 15; cvc-complex-type.2.4.a: Invalid content was found starting with element 'css-path'. One of '{"http://www.gatein.org/xml/ns/gatein_resources_1_5":css-priority, "http://www.gatein.org/xml/ns/gatein_resources_1_5":overwrite}' is expected. In the same way I tested that no schema validation is done for older schema versions (gatein_resources_1_4 and gatein_resources_1_3).
Would the validation fixes be something we should mention for customers? XMLValidator is not something a customer would touch, so I think although this has a customer-facing impact in that customer will see validation issues now, it might not need to be called out explicitly? What do you think?
Hi Jared, I definitely find this to have a customer-facing impact. There surely are schema-incompatible gatein-resources.xml out there in the wild that were silently accepted by the portal in the past. And if a customer decides to upgrade such an invalid file to the newest gatein_resources_1.5 schema (because e.g. he wants to add the new CDN loading there), he may get validation errors that he may want to get explained. I have proposed a Doc Text