Thirunavukarasu Thulasi ( https://hibernate.atlassian.net/secure/ViewProfile.jspa?accountId=712020%... ) *updated* an issue Hibernate ORM ( https://hibernate.atlassian.net/browse/HHH?atlOrigin=eyJpIjoiMTc5ZGM3NWYx... ) / Bug ( https://hibernate.atlassian.net/browse/HHH-16892?atlOrigin=eyJpIjoiMTc5ZG... ) HHH-16892 ( https://hibernate.atlassian.net/browse/HHH-16892?atlOrigin=eyJpIjoiMTc5ZG... ) LocalXmlResourceResolver does not resolve dtd URLs that use https scheme ( https://hibernate.atlassian.net/browse/HHH-16892?atlOrigin=eyJpIjoiMTc5ZG... ) Change By: Thirunavukarasu Thulasi ( https://hibernate.atlassian.net/secure/ViewProfile.jspa?accountId=712020%... ) *Background* As per the following recommendation, we had updated all our hibernate mapping files to refer dtd files with https scheme [The markup declarations contained or pointed to by the document type declaration must be well-formed - Hibernate ORM - Hibernate|https://discourse.hibernate.org/t/the-markup-declarations-conta...] i,e we had updated our hibernate mapping files to use the recommended dtd urls updated existing urls from [http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd|http://www.hiberna...] to [{color:#006644}*https*{color}|https://hibernate.org/dtd/hibernate-mapping-3.0.dtd%22][://hibernate.org/dtd/hibernate-mapping-3.0.dtd|https://hibernate.org/dtd/hibernate-mapping-3.0.dtd%22] Also, we had upgraded hibernate version to version 5.6.6 (which has a fix HHH-15094) *Problem* Hibernate does not resolve dtd files locally when using *https* scheme, But, it resolves the dtd files locally when using *http* scheme *Analysis* Following is a snippet of code from LocalXmlResourceResolver, !image-20230705-030300.png|width=544,height=336! When *HTTP* scheme is used, Hibernate uses *startsWith* to compare with the identifierBase, But, when *HTTPS* scheme is used, Hibernate uses *matches* to compare with the identiferBase For example, Consider a hibernate mapping file with the following DOCTYPE (changed as per above recommendation) <!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD//EN" "[https://hibernate.org/dtd/hibernate-mapping-3.0.dtd"|https://hibernate.org/dtd/hibernate-mapping-3.0.dtd%22]> In the LocalXmlResourceResolver, The condition which checks whether to return local resource, fails and returns false when https scheme is used i,e if ( systemId.startsWith( httpBase ) || systemId.matches( httpsBase ) ) { return true; } checks as follows "[https://hibernate.org/dtd/hibernate-mapping-3.0.dtd"|https://hibernate.org/dtd/hibernate-mapping-3.0.dtd%22].matches({{"hibernate.org/dtd/hibernate-mapping"}}) which returns {color:#bf2600}*false* {color} *Proposed solution* * Change systemId.{color:#bf2600}*matches*{color}() to either systemId.*startsWith()* or systemId.*contains()* *Test* In the attached unit test, we can see that the test case that tries to resolve dtd file using HTTPS scheme fails, whereas the the test case that tries to resolve dtd file using HTTP scheme succeeds ( https://hibernate.atlassian.net/browse/HHH-16892#add-comment?atlOrigin=ey... ) Add Comment ( https://hibernate.atlassian.net/browse/HHH-16892#add-comment?atlOrigin=ey... ) Get Jira notifications on your phone! Download the Jira Cloud app for Android ( https://play.google.com/store/apps/details?id=com.atlassian.android.jira.... ) or iOS ( https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=Em... ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100229- sha1:634ba05 )