SEC-1600: Added Implementation-Version and Implementation-Title to manifest templates and checking of version numbers in namespace config module and core. Config checks the version of core it is running against and core checks the Spring version, reporting any mismatches or situations where the app is running with less than the recommended Spring version.

acl/template.mf

@@ -1,3 +1,5 @@
+Implementation-Title: org.springframework.security.acls
+Implementation-Version: ${version}
 Bundle-SymbolicName: org.springframework.security.acls
 Bundle-Name: Spring Security Acls
 Bundle-Vendor: SpringSource
@@ -17,5 +19,4 @@ Import-Template:
  org.springframework.transaction.support.*;version="[${spring.version}, 3.1.0)";resolution:=optional,
  org.springframework.util.*;version="[${spring.version}, 3.1.0)";resolution:=optional, 
  net.sf.ehcache.*;version="[1.4.1, 2.0.0)";resolution:=optional,
- javax.sql.*;version="0";resolution:=optional 
- 
+ javax.sql.*;version="0";resolution:=optional

cas/template.mf

@@ -1,3 +1,5 @@
+Implementation-Title: org.springframework.security.cas
+Implementation-Version: ${version}
 Bundle-SymbolicName: org.springframework.security.cas
 Bundle-Name: Spring Security CAS
 Bundle-Vendor: SpringSource
@@ -18,4 +20,3 @@ Import-Template:
  org.springframework.util;version="[${spring.version}, 3.1.0)", 
  net.sf.ehcache.*;version="[1.4.1, 2.0.0)";resolution:=optional, 
  javax.servlet.*;version="0"
-  

config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java

@@ -3,6 +3,8 @@ package org.springframework.security.config;
 import java.util.HashMap;
 import java.util.Map;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.BeanDefinitionHolder;
 import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
@@ -22,6 +24,7 @@ import org.springframework.security.config.ldap.LdapServerBeanDefinitionParser;
 import org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser;
 import org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser;
 import org.springframework.security.config.method.InterceptMethodsBeanDefinitionDecorator;
+import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.ClassUtils;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -34,10 +37,30 @@ import org.w3c.dom.Node;
  * @since 2.0
  */
 public final class SecurityNamespaceHandler implements NamespaceHandler {
+    private final Log logger = LogFactory.getLog(getClass());
+
     private final Map<String, BeanDefinitionParser> parsers = new HashMap<String, BeanDefinitionParser>();
     private final BeanDefinitionDecorator interceptMethodsBDD = new InterceptMethodsBeanDefinitionDecorator();
     private BeanDefinitionDecorator filterChainMapBDD;
 
+    public SecurityNamespaceHandler() {
+        String coreVersion = SpringSecurityCoreVersion.getVersion();
+
+        Package pkg = SpringSecurityCoreVersion.class.getPackage();
+
+        if (pkg == null || coreVersion == null) {
+            logger.info("Couldn't determine package version information.");
+            return;
+        }
+
+        String version = pkg.getImplementationVersion();
+        logger.info("Spring Security 'config' module version is " + version);
+
+        if (version.compareTo(coreVersion) != 0) {
+            logger.error("You are running with different versions of the Spring Security 'core' and 'config' modules");
+        }
+    }
+
     public BeanDefinition parse(Element element, ParserContext pc) {
         if (!namespaceMatchesVersion(element)) {
             pc.getReaderContext().fatal("You must use a 3.0 schema with Spring Security 3.0." +

config/template.mf

@@ -1,3 +1,5 @@
+Implementation-Title: org.springframework.security.config
+Implementation-Version: ${version}
 Bundle-SymbolicName: org.springframework.security.config
 Bundle-Name: Spring Security Namespace Configuration
 Bundle-Vendor: SpringSource

core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java

@@ -0,0 +1,38 @@
+package org.springframework.security.core;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.core.SpringVersion;
+
+/**
+ * Internal class used for checking version compatibility in a deployed application.
+ *
+ * @author Luke Taylor
+ */
+public class SpringSecurityCoreVersion {
+    private static final Log logger = LogFactory.getLog(SpringSecurityCoreVersion.class);
+
+    static {
+        // Check Spring Compatibility
+        String springVersion = SpringVersion.getVersion();
+        String version = getVersion();
+
+        if (springVersion != null) {
+            // TODO: Generate version class and information dynamically from a template in the build file
+            logger.info("You are running with Spring Security Core " + springVersion);
+            if (!springVersion.startsWith("3")) {
+                logger.error("Spring Major version '3' expected, but you are running with version: " + springVersion);
+            }
+
+            if (springVersion.compareTo("3.0.3") < 0) {
+                logger.warn("You are advised to use Spring 3.0.3 or later with this version. You are running: " +
+                    springVersion);
+            }
+        }
+    }
+
+    public static String getVersion() {
+        Package pkg = SpringSecurityCoreVersion.class.getPackage();
+        return (pkg != null ? pkg.getImplementationVersion() : null);
+    }
+}

core/template.mf

@@ -1,3 +1,5 @@
+Implementation-Title: org.springframework.security.core
+Implementation-Version: ${version}
 Bundle-SymbolicName: org.springframework.security.core
 Bundle-Name: Spring Security Core
 Bundle-Vendor: SpringSource
@@ -25,4 +27,3 @@ Import-Template:
  javax.crypto.*;version="0";resolution:=optional,
  javax.security.auth.*;version="0";resolution:=optional,
  javax.naming.*;version="0";resolution:=optional
- 

ldap/template.mf

@@ -1,3 +1,5 @@
+Implementation-Title: org.springframework.security.ldap
+Implementation-Version: ${version}
 Bundle-SymbolicName: org.springframework.security.ldap
 Bundle-Name: Spring Security LDAP
 Bundle-Vendor: SpringSource
@@ -21,4 +23,4 @@ Import-Template:
  org.springframework.dao.*;version="[${spring.version}, 3.1.0)";resolution:=optional,
  org.springframework.util.*;version="[${spring.version}, 3.1.0)",
  javax.naming.*;version="0";resolution:=optional,
- netscape.ldap.ber.stream;version="[4.1, 5.0)";resolution:=optional
+ netscape.ldap.ber.stream;version="[4.1, 5.0)";resolution:=optional

openid/template.mf

@@ -1,3 +1,5 @@
+Implementation-Title: org.springframework.security.openid
+Implementation-Version: ${version}
 Bundle-SymbolicName: org.springframework.security.openid
 Bundle-Name: Spring Security OpenID
 Bundle-Vendor: SpringSource
@@ -15,4 +17,3 @@ Import-Template:
  org.springframework.util;version="[${spring.version}, 3.1.0)",
  org.openid4java.*;version="[0.9.5, 1.0.0)",
  javax.servlet.*;version="0"
- 

taglibs/template.mf

@@ -1,3 +1,5 @@
+Implementation-Title: org.springframework.security.taglibs
+Implementation-Version: ${version}
 Bundle-SymbolicName: org.springframework.security.taglibs
 Bundle-Name: Spring Security Taglibs
 Bundle-Vendor: SpringSource

web/template.mf

@@ -1,3 +1,5 @@
+Implementation-Title: org.springframework.security.web
+Implementation-Version: ${version}
 Bundle-SymbolicName: org.springframework.security.web
 Bundle-Name: Spring Security Web
 Bundle-Vendor: SpringSource