Spring Security
  1. Spring Security
  2. SEC-1994

Spring security 3.1.1.RELEASE is not JDK 1.5 compatible

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Blocker Blocker
    • Resolution: Complete
    • Affects Version/s: 3.1.1
    • Fix Version/s: 3.1.2
    • Component/s: Build and Admin
    • Labels:
      None

      Description

      Even though the site states that it only requires 1.5+. See maven build exception below as well as javap command result.

      Compiled from "Authentication.java"
      public interface org.springframework.security.core.Authentication extends java.security.Principal,java.io.Serializable
      SourceFile: "Authentication.java"
      minor version: 0
      major version: 50
      Constant pool:
      const #1 = class #21; // org/springframework/security/core/Authentication
      const #2 = class #22; // java/lang/Object
      const #3 = class #23; // java/security/Principal
      const #4 = class #24; // java/io/Serializable
      const #5 = Asciz getAuthorities;
      const #6 = Asciz ()Ljava/util/Collection;;
      const #7 = Asciz Signature;
      const #8 = Asciz ()Ljava/util/Collection<+Lorg/springframework/security/core/GrantedAuthority;>;;
      const #9 = Asciz getCredentials;
      const #10 = Asciz ()Ljava/lang/Object;;
      const #11 = Asciz getDetails;
      const #12 = Asciz getPrincipal;
      const #13 = Asciz isAuthenticated;
      const #14 = Asciz ()Z;
      const #15 = Asciz setAuthenticated;
      const #16 = Asciz (Z)V;
      const #17 = Asciz Exceptions;
      const #18 = class #25; // java/lang/IllegalArgumentException
      const #19 = Asciz SourceFile;
      const #20 = Asciz Authentication.java;
      const #21 = Asciz org/springframework/security/core/Authentication;
      const #22 = Asciz java/lang/Object;
      const #23 = Asciz java/security/Principal;
      const #24 = Asciz java/io/Serializable;
      const #25 = Asciz java/lang/IllegalArgumentException;

      {
      public abstract java.util.Collection getAuthorities();
      Signature: length = 0x2
      00 08

      public abstract java.lang.Object getCredentials();

      public abstract java.lang.Object getDetails();

      public abstract java.lang.Object getPrincipal();

      public abstract boolean isAuthenticated();

      public abstract void setAuthenticated(boolean) throws java.lang.IllegalArgumentException;
      Exceptions:
      throws java.lang.IllegalArgumentException
      }

      ------------------------------------------------------------------------

      org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:2.3.2:compile (default-compile) on project insight-dashboard: Compilation failure
      /opt/hudson/workspace/jobs/insight-continuous-jvm1.5/workspace/core/dashboard/src/main/java/com/springsource/insight/dashboard/util/RequireAdminTag.java:[11,-1] cannot access org.springframework.security.core.Authentication
      bad class file: /opt/hudson/.m2/repository/org/springframework/security/spring-security-core/3.1.1.RELEASE/spring-security-core-3.1.1.RELEASE.jar(org/springframework/security/core/Authentication.class)
      class file has wrong version 50.0, should be 49.0

        Issue Links

          Activity

          Hide
          Rob Winch added a comment - - edited

          Thank you for reporting this issue. Like any bug this should not have happened, but hopefully the explanation below helps to understand why it did happen. The problem occurred with the update from gradle 1.0-m3 to gradle 1.0 which had changed the default sourceCompatibility from 1.5 to the current JDK being used. While our CI server builds with 1.5 we typically release with 1.6 due to:

          • It can be difficult to obtain a 1.5 JDK for a Mac
          • We run into unfixed JDK bugs in 1.5 that have been fixed in JDK 1.6
          Show
          Rob Winch added a comment - - edited Thank you for reporting this issue. Like any bug this should not have happened, but hopefully the explanation below helps to understand why it did happen. The problem occurred with the update from gradle 1.0-m3 to gradle 1.0 which had changed the default sourceCompatibility from 1.5 to the current JDK being used. While our CI server builds with 1.5 we typically release with 1.6 due to: It can be difficult to obtain a 1.5 JDK for a Mac We run into unfixed JDK bugs in 1.5 that have been fixed in JDK 1.6
          Hide
          Rob Winch added a comment -

          A fix which explicitly states the sourceCompatibility and targetCompatibility has been pushed to master. If anyone wants a workaround until 3.1.2 is released they can use 3.1.0 or they can build the tagged 3.1.1 release with JDK 1.5. Note that I have also logged SEC-1995 and SEC-1996 to help ensure things like this do not happen again.

          Show
          Rob Winch added a comment - A fix which explicitly states the sourceCompatibility and targetCompatibility has been pushed to master. If anyone wants a workaround until 3.1.2 is released they can use 3.1.0 or they can build the tagged 3.1.1 release with JDK 1.5. Note that I have also logged SEC-1995 and SEC-1996 to help ensure things like this do not happen again.
          Hide
          Lyor Goldstein added a comment -

          Thanks for the quick reply - we have "downgraded" to 3.1.0.RELEASE for now and can wait for 3.1.2 which I assume will be JDK 1.5 compatible. BTW, on an un-related (or yes) question, is there some intention to declare that Spring artifacts will no longer be JDK 1.5 compatible as of some future version ? Like you mentioned, there are quite a few issues/bugs that have been fixed in 1.6 ...

          Show
          Lyor Goldstein added a comment - Thanks for the quick reply - we have "downgraded" to 3.1.0.RELEASE for now and can wait for 3.1.2 which I assume will be JDK 1.5 compatible. BTW, on an un-related (or yes) question, is there some intention to declare that Spring artifacts will no longer be JDK 1.5 compatible as of some future version ? Like you mentioned, there are quite a few issues/bugs that have been fixed in 1.6 ...
          Hide
          Rob Winch added a comment - - edited

          Spring Security will likely follow the JDK version of Spring. Despite JDK 1.5 being EOL since Oct of 2009, I am not aware of any planned changes in the minimum JDK version (i.e. Spring 3.2.0.M1 at this time still requires JDK 1.5+).

          Show
          Rob Winch added a comment - - edited Spring Security will likely follow the JDK version of Spring. Despite JDK 1.5 being EOL since Oct of 2009, I am not aware of any planned changes in the minimum JDK version (i.e. Spring 3.2.0.M1 at this time still requires JDK 1.5+).

            People

            • Assignee:
              Rob Winch
              Reporter:
              Lyor Goldstein
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: