Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Setting secureParsing=false for >= 4.8 version in a Spring Boot application
See original GitHub issueEnvironment
Liquibase Version: 4.8 and higher
Liquibase Integration & Version: Spring Boot
Liquibase Extension(s) & Version: n/a
Database Vendor & Version: Oracle, H2
Operating System Type & Version: Arch Linux 2019-04-01
Infrastructure Type/Provider: On premise
Description
With 4.8 version external (or local) xsd files are no longer parsed by default (when I’m trying to use it in some .xml changeSet file for liquibase in my project).
According to this thread we can set this property to make it work: liquibase.secureParsing=false However, it seems like it is not possible to do right now for Spring Boot applications. Application.properties file does not recognize this property and setting it in liquibase.properties does not help. I’m still getting the following error:
Caused by: org.xml.sax.SAXParseException: schema_reference: Failed to read schema document 'dbchangelog-simple.xsd', because 'file' access is not allowed due to restriction set by the accessExternalSchema property.
Looks like I’m not the only person with this kind of issue: https://stackoverflow.com/questions/72982540/where-to-put-liquibase-properties-file-when-using-org-springframework-boot/73000353
I’m unable to update my liquibase to 4.8 and higher due to this issue since I had already used some local xsd files in my previous changeSet files - those are on the production environment now.
Steps To Reproduce
Try to use some external custom xsd file (like custom primary key generation) in your changeSet .xml file for your Spring Boot application, e.g.:
dbchangelog-simple.xsd:
<?xml version="1.0" encoding="UTF-8"?>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
targetNamespace="http://sth.com/liquibase"
xmlns="http://sth.com/liquibase"
elementFormDefault="qualified">
<xsd:element name="definePK">
<xsd:complexType>
<xsd:attribute name="catalogName" type="xsd:string"/>
<xsd:attribute name="schemaName" type="xsd:string"/>
<xsd:attribute name="tableName" type="xsd:string" use="required"/>
<xsd:attribute name="columnName" type="xsd:string" default="id"/>
<xsd:attribute name="columnDataType" type="xsd:string" default="BIGINT"/>
<xsd:attribute name="strategy" type="xsd:string" default="sequence"/>
</xsd:complexType>
</xsd:element>
</xsd:schema>
some changeSet file:
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cs="http://sth.com/liquibase"
xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.6.xsd http://sth.com/liquibase /liquibase/ext/sth/dbchangelog-simple.xsd"
>
Then try to run the Spring Boot application with a fresh database. It will result in the error I’ve mentioned above.
Actual Behavior
Caused by: org.xml.sax.SAXParseException: schema_reference: Failed to read schema document 'dbchangelog-simple.xsd', because 'file' access is not allowed due to restriction set by the accessExternalSchema property.
Expected/Desired Behavior
I need a way to make local xsd files work in my changeSets files for Spring Boot applications. Preferably with liquibase.secureParsing=false.
Issue Analytics
- State:
- Created a year ago
- Comments:9 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Upgrading liquibase-core to >=4.12.0 solves the problem (at least with Spring Boot 2.7.5)
The spring boot integration is maintained by the spring boot team and so a bit out of our control.
Looking at it quickly, it looks like all our “global configuration” settings are well integrated. I’ll see if I can make a PR to their side to improve it a bit.
I’m not sure how much the spring-boot integration tries to use the liquibase.properties file off hand to know if that should have worked or if it’s not expected to at this point. I’ll maybe see about that as I’m looking at a PR…
As a workaround for now, Liquibase will look at system properties, so if you could set liquibase.secureParsing=false as a system property either programmatically on startup or through -Dliquibase.secureParsing=false as a JVM argument (or however works for you) that should work.