OpenSAML user discussion

[Chad La Joie <>]

Okay, so I had some one try this and reported it didn't work.  I was, 
honestly, skeptical because everything I knew about how the JVM dealt 
with this stuff indicated my suggestion should work.  So I tried it, it 
works, code is attached.


Here's my env:
  - OS X 10.4 Java 5 VM
  - Ran with VM flag "-Djava.endorsed.dirs=" to ensure the VM didn't 
pick up my system endorsed libs, tests proved this to be true.

Here's my test runs using the attached code.
Run 1
- No xerces/xalan on classpath
- No setting of system properties
- Result: VM used the Sun parser in both cases

Run 2
- Xerces/xalan on classpath
- No setting of system properties
- Result: VM used Xerces parser in both cases (see why, below)

Run 3
- xerces(modified)/xalan on classpath
- System properties set
- Result: VM used Sun parser first and Xerces parser second.

People might be surprised by the results of the second test.  It's due 
to the fact that Xerces has configurations in it to use the Java 5 VM 
services mechanism.  In standalone apps this can work like automatic 
endorsement.  It doesn't equate to endorsement when you run your code 
in-container though.  Read up on it if you're curious what the service 
mechanism is and why the previous two statements are true.

For test three I removed the VM services configuration code from Xerces 
just to be sure it would use my system properties.  That's all I 
modified in the Xerces jar.



So, this certainly works in a standard VM.  It should work in any 
container that doesn't have a security policy that prevents webapps from 
changing those system properties.  It should work on Web Start apps as 
well, unless, again, they have a security policy that prevents setting 
those system properties.  If there is a policy you'd get a security 
exception.

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
 http://www.switch.ch
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;


public class SystemPropertyXMLParserTest {

        /**
         * @param args
         */
        public static void main(String[] args) throws Exception{
                DocumentBuilderFactory dbf = 
DocumentBuilderFactory.newInstance();
                DocumentBuilder db = dbf.newDocumentBuilder();
                System.out.println(db.getClass());
                
                System.setProperty("javax.xml.datatype.DatatypeFactory", 
"org.apache.xerces.jaxp.datatype.DatatypeFactoryImpl");
                
System.setProperty("javax.xml.parsers.DocumentBuilderFactory", 
"org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
                System.setProperty("javax.xml.parsers.SAXParserFactory", 
"org.apache.xerces.jaxp.SAXParserFactoryImpl");
                System.setProperty("javax.xml.validation.SchemaFactory", 
"org.apache.xerces.jaxp.validation.XMLSchemaFactory");
                System.setProperty("org.w3c.dom.DOMImplementationSourceList", 
"org.apache.xerces.dom.DOMXSImplementationSourceImpl");
                System.setProperty("org.xml.sax.driver", 
"org.apache.xerces.parsers.SAXParser");
                
                DocumentBuilderFactory dbf2 = 
DocumentBuilderFactory.newInstance();
                DocumentBuilder db2 = dbf2.newDocumentBuilder();
                System.out.println(db2.getClass());
        }

}