spring-projects · jzheaux · Mar 17, 2020
diff --git a/.../java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java b/.../java/org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.java
@@ -16,8 +16,11 @@
 
 package org.springframework.security.config.ldap;
 
+import java.text.MessageFormat;
+
 import org.junit.After;
 import org.junit.Test;
+
 import org.springframework.context.ApplicationContextException;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationProvider;
@@ -29,8 +32,6 @@
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper;
 
-import java.text.MessageFormat;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 public class LdapProviderBeanDefinitionParserTests {
@@ -46,7 +47,7 @@ public void closeAppContext() {
 
 	@Test
 	public void simpleProviderAuthenticatesCorrectly() {
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif'/>"
+		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
 				+ "<authentication-manager>"
 				+ "  <ldap-authentication-provider group-search-filter='member={0}' />"
 				+ "</authentication-manager>"
@@ -60,7 +61,7 @@ public void simpleProviderAuthenticatesCorrectly() {
 
 	@Test
 	public void multipleProvidersAreSupported() {
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif'/>"
+		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
 				+ "<authentication-manager>"
 				+ "  <ldap-authentication-provider group-search-filter='member={0}' />"
 				+ "  <ldap-authentication-provider group-search-filter='uniqueMember={0}' />"
@@ -84,7 +85,7 @@ public void missingServerEltCausesConfigException() {
 
 	@Test
 	public void supportsPasswordComparisonAuthentication() {
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif'/>"
+		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
 				+ "<authentication-manager>"
 				+ "  <ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>"
 				+ "    <password-compare />"
@@ -100,7 +101,7 @@ public void supportsPasswordComparisonAuthentication() {
 
 	@Test
 	public void supportsPasswordComparisonAuthenticationWithPasswordEncoder() {
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif'/>"
+		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
 				+ "<authentication-manager>"
 				+ "  <ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>"
 				+ "    <password-compare password-attribute='uid'>"
@@ -120,7 +121,7 @@ public void supportsPasswordComparisonAuthenticationWithPasswordEncoder() {
 	// SEC-2472
 	@Test
 	public void supportsCryptoPasswordEncoder() {
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif'/>"
+		appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>"
 				+ "<authentication-manager>"
 				+ "  <ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>"
 				+ "    <password-compare>"
@@ -139,7 +140,7 @@ public void supportsCryptoPasswordEncoder() {
 
 	@Test
 	public void inetOrgContextMapperIsSupported() {
-		appCtx = new InMemoryXmlApplicationContext("<ldap-server url='ldap://127.0.0.1:343/dc=springframework,dc=org'/>"
+		appCtx = new InMemoryXmlApplicationContext("<ldap-server url='ldap://127.0.0.1:343/dc=springframework,dc=org' port='0'/>"
 				+ "<authentication-manager>"
 				+ "  <ldap-authentication-provider user-details-class='inetOrgPerson' />"
 				+ "</authentication-manager>"

diff --git a/...st/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java b/...st/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParserTests.java
@@ -15,20 +15,21 @@
  */
 package org.springframework.security.config.ldap;
 
-import static org.assertj.core.api.Assertions.assertThat;
-
 import java.io.IOException;
 import java.net.ServerSocket;
 
 import org.junit.After;
 import org.junit.Test;
+
 import org.springframework.ldap.core.LdapTemplate;
 import org.springframework.security.config.BeanIds;
 import org.springframework.security.config.util.InMemoryXmlApplicationContext;
 import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
 import org.springframework.security.ldap.server.ApacheDSContainer;
 import org.springframework.test.util.ReflectionTestUtils;
 
+import static org.assertj.core.api.Assertions.assertThat;
+
 /**
  * @author Luke Taylor
  * @author Rob Winch
@@ -47,7 +48,7 @@ public void closeAppContext() {
 	@Test
 	public void embeddedServerCreationContainsExpectedContextSourceAndData() {
 		appCtx = new InMemoryXmlApplicationContext(
-				"<ldap-server ldif='classpath:test-server.ldif'/>");
+				"<ldap-server ldif='classpath:test-server.ldif' port='0'/>");
 
 		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) appCtx
 				.getBean(BeanIds.CONTEXT_SOURCE);
@@ -82,7 +83,7 @@ public void useOfUrlAttributeCreatesCorrectContextSource() throws Exception {
 	@Test
 	public void loadingSpecificLdifFileIsSuccessful() {
 		appCtx = new InMemoryXmlApplicationContext(
-				"<ldap-server ldif='classpath*:test-server2.xldif' root='dc=monkeymachine,dc=co,dc=uk' />");
+				"<ldap-server ldif='classpath*:test-server2.xldif' root='dc=monkeymachine,dc=co,dc=uk' port='0'/>");
 		DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) appCtx
 				.getBean(BeanIds.CONTEXT_SOURCE);
 

diff --git a/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java b/config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java
@@ -20,6 +20,9 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.BeanDefinitionHolder;
 import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
@@ -45,8 +48,6 @@
 import org.springframework.security.config.websocket.WebSocketMessageBrokerSecurityBeanDefinitionParser;
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.ClassUtils;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
 
 /**
  * Parses elements from the "security" namespace
@@ -87,7 +88,7 @@ public BeanDefinition parse(Element element, ParserContext pc) {
 		if (!namespaceMatchesVersion(element)) {
 			pc.getReaderContext()
 					.fatal("You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd or spring-security-3.1.xsd schema or spring-security-3.2.xsd schema or spring-security-4.0.xsd schema "
-							+ "with Spring Security 5.3. Please update your schema declarations to the 5.3 schema.",
+							+ "with Spring Security 5.4. Please update your schema declarations to the 5.4 schema.",
 							element);
 		}
 		String name = pc.getDelegate().getLocalName(element);
@@ -223,7 +224,7 @@ private boolean namespaceMatchesVersion(Element element) {
 	private boolean matchesVersionInternal(Element element) {
 		String schemaLocation = element.getAttributeNS(
 				"http://www.w3.org/2001/XMLSchema-instance", "schemaLocation");
-		return schemaLocation.matches("(?m).*spring-security-5\\.3.*.xsd.*")
+		return schemaLocation.matches("(?m).*spring-security-5\\.4.*.xsd.*")
 				|| schemaLocation.matches("(?m).*spring-security.xsd.*")
 				|| !schemaLocation.matches("(?m).*spring-security.*");
 	}

diff --git a/...nfig/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java b/...nfig/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
@@ -21,14 +21,14 @@
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.authentication.ProviderManagerBuilder;
 import org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
 import org.springframework.security.ldap.authentication.AbstractLdapAuthenticator;
 import org.springframework.security.ldap.authentication.BindAuthenticator;
@@ -478,6 +478,9 @@ public ContextSourceBuilder managerPassword(String managerPassword) {
 		/**
 		 * The port to connect to LDAP to (the default is 33389 or random available port
 		 * if unavailable).
+		 *
+		 * Supplying 0 as the port indicates that a random available port should be selected.
+		 * 
 		 * @param port the port to connect to
 		 * @return the {@link ContextSourceBuilder} for further customization
 		 */
@@ -550,36 +553,27 @@ else if (ClassUtils.isPresent("com.unboundid.ldap.listener.InMemoryDirectoryServ
 		}
 
 		private int getPort() {
-			if (port == null) {
+			if (port != null && port == 0) {
+				port = getRandomPort();
+			} else if (port == null) {
 				port = getDefaultPort();
 			}
 			return port;
 		}
 
 		private int getDefaultPort() {
-			ServerSocket serverSocket = null;
-			try {
-				try {
-					serverSocket = new ServerSocket(DEFAULT_PORT);
-				}
-				catch (IOException e) {
-					try {
-						serverSocket = new ServerSocket(0);
-					}
-					catch (IOException e2) {
-						return DEFAULT_PORT;
-					}
-				}
+			try (ServerSocket serverSocket = new ServerSocket(DEFAULT_PORT)) {
 				return serverSocket.getLocalPort();
+			} catch (IOException e) {
+				return getRandomPort();
 			}
-			finally {
-				if (serverSocket != null) {
-					try {
-						serverSocket.close();
-					}
-					catch (IOException e) {
-					}
-				}
+		}
+
+		private int getRandomPort() {
+			try (ServerSocket serverSocket = new ServerSocket(0)) {
+				return serverSocket.getLocalPort();
+			} catch (IOException e) {
+				return DEFAULT_PORT;
 			}
 		}
 

diff --git a/...rc/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java b/...rc/main/java/org/springframework/security/config/ldap/LdapServerBeanDefinitionParser.java
@@ -20,6 +20,7 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Element;
 
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
@@ -32,7 +33,6 @@
 import org.springframework.security.ldap.server.UnboundIdContainer;
 import org.springframework.util.ClassUtils;
 import org.springframework.util.StringUtils;
-import org.w3c.dom.Element;
 
 /**
  * @author Luke Taylor
@@ -138,7 +138,12 @@ private RootBeanDefinition createEmbeddedServer(Element element,
 
 		String port = element.getAttribute(ATT_PORT);
 
-		if (!StringUtils.hasText(port)) {
+		if ("0".equals(port)) {
+			port = getRandomPort();
+			if (logger.isDebugEnabled()) {
+				logger.debug("Using default port of " + port);
+			}
+		} else if (!StringUtils.hasText(port)) {
 			port = getDefaultPort();
 			if (logger.isDebugEnabled()) {
 				logger.debug("Using default port of " + port);
@@ -213,30 +218,18 @@ private boolean isUnboundidEnabled(String mode) {
 	}
 
 	private String getDefaultPort() {
-		ServerSocket serverSocket = null;
-		try {
-			try {
-				serverSocket = new ServerSocket(DEFAULT_PORT);
-			}
-			catch (IOException e) {
-				try {
-					serverSocket = new ServerSocket(0);
-				}
-				catch (IOException e2) {
-					return String.valueOf(DEFAULT_PORT);
-				}
-			}
+		try (ServerSocket serverSocket = new ServerSocket(DEFAULT_PORT)) {
 			return String.valueOf(serverSocket.getLocalPort());
-		}
-		finally {
-			if (serverSocket != null) {
-				try {
-					serverSocket.close();
-				}
-				catch (IOException e) {
-				}
-			}
+		} catch (IOException e) {
+			return getRandomPort();
 		}
 	}
 
+	private String getRandomPort() {
+		try (ServerSocket serverSocket = new ServerSocket(0)) {
+			return String.valueOf(serverSocket.getLocalPort());
+		} catch (IOException e) {
+			return String.valueOf(DEFAULT_PORT);
+		}
+	}
 }
diff --git a/config/src/main/resources/META-INF/spring.schemas b/config/src/main/resources/META-INF/spring.schemas
@@ -1,4 +1,5 @@
-http\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-5.3.xsd
+http\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-5.4.xsd
+http\://www.springframework.org/schema/security/spring-security-5.4.xsd=org/springframework/security/config/spring-security-5.4.xsd
 http\://www.springframework.org/schema/security/spring-security-5.3.xsd=org/springframework/security/config/spring-security-5.3.xsd
 http\://www.springframework.org/schema/security/spring-security-5.2.xsd=org/springframework/security/config/spring-security-5.2.xsd
 http\://www.springframework.org/schema/security/spring-security-5.1.xsd=org/springframework/security/config/spring-security-5.1.xsd
@@ -14,7 +15,8 @@ http\://www.springframework.org/schema/security/spring-security-2.0.xsd=org/spri
 http\://www.springframework.org/schema/security/spring-security-2.0.1.xsd=org/springframework/security/config/spring-security-2.0.1.xsd
 http\://www.springframework.org/schema/security/spring-security-2.0.2.xsd=org/springframework/security/config/spring-security-2.0.2.xsd
 http\://www.springframework.org/schema/security/spring-security-2.0.4.xsd=org/springframework/security/config/spring-security-2.0.4.xsd
-https\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-5.3.xsd
+https\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-5.4.xsd
+https\://www.springframework.org/schema/security/spring-security-5.4.xsd=org/springframework/security/config/spring-security-5.4.xsd
 https\://www.springframework.org/schema/security/spring-security-5.3.xsd=org/springframework/security/config/spring-security-5.3.xsd
 https\://www.springframework.org/schema/security/spring-security-5.2.xsd=org/springframework/security/config/spring-security-5.2.xsd
 https\://www.springframework.org/schema/security/spring-security-5.1.xsd=org/springframework/security/config/spring-security-5.1.xsd