Details
-
Story
-
Resolution: Cannot Reproduce
-
Major
-
None
-
2.5.0.Final
-
None
-
None
Description
Windup should scan the Spring configuration and detect java classes usage inside.
Currently, we don't cover Spring beans. There's /rules/javaee/xml-spring.windup.xml, but IIRC only things from rules-reviewed are taken into distribution...?
Even if it is, it deals with it using <xmlfile matches>
Which is insufficient - we need to make it work transparently, so that <javaclass references...> would catch that too.
For better imagination, an example:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> <beans> <bean id="myKeyLocator" class="com.mformation.security.crypto.ClientSecretKeyLocator"> <property name="keyFile"> <value>C:/foo/qa1.key</value> </property> </bean> </beans>
This should be matched by
<javaclass references="com.mformation.security.crypto.ClientSecretKeyLocator">
<location>CONSTRUCTOR_CALL</location>
--- or ---
<location>IMPORT</location>
Ideally, we should create a model of spring beans relations in the graph, which goes beyond the scope of this jira.