Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Problem about endorsed libraries

Subject: OpenSAML user discussion

List archive

Re: Problem about endorsed libraries


Chronological Thread 
  • From: Chad La Joie <>
  • To:
  • Subject: Re: Problem about endorsed libraries
  • Date: Thu, 08 Nov 2007 09:32:03 +0100
  • Organization: SWITCH

Okay, so I had some one try this and reported it didn't work. I was, honestly, skeptical because everything I knew about how the JVM dealt with this stuff indicated my suggestion should work. So I tried it, it works, code is attached.


Here's my env:
- OS X 10.4 Java 5 VM
- Ran with VM flag "-Djava.endorsed.dirs=" to ensure the VM didn't pick up my system endorsed libs, tests proved this to be true.

Here's my test runs using the attached code.
Run 1
- No xerces/xalan on classpath
- No setting of system properties
- Result: VM used the Sun parser in both cases

Run 2
- Xerces/xalan on classpath
- No setting of system properties
- Result: VM used Xerces parser in both cases (see why, below)

Run 3
- xerces(modified)/xalan on classpath
- System properties set
- Result: VM used Sun parser first and Xerces parser second.

People might be surprised by the results of the second test. It's due to the fact that Xerces has configurations in it to use the Java 5 VM services mechanism. In standalone apps this can work like automatic endorsement. It doesn't equate to endorsement when you run your code in-container though. Read up on it if you're curious what the service mechanism is and why the previous two statements are true.

For test three I removed the VM services configuration code from Xerces just to be sure it would use my system properties. That's all I modified in the Xerces jar.



So, this certainly works in a standard VM. It should work in any container that doesn't have a security policy that prevents webapps from changing those system properties. It should work on Web Start apps as well, unless, again, they have a security policy that prevents setting those system properties. If there is a policy you'd get a security exception.

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;


public class SystemPropertyXMLParserTest {

/**
* @param args
*/
public static void main(String[] args) throws Exception{
DocumentBuilderFactory dbf =
DocumentBuilderFactory.newInstance();
DocumentBuilder db = dbf.newDocumentBuilder();
System.out.println(db.getClass());

System.setProperty("javax.xml.datatype.DatatypeFactory",
"org.apache.xerces.jaxp.datatype.DatatypeFactoryImpl");

System.setProperty("javax.xml.parsers.DocumentBuilderFactory",
"org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
System.setProperty("javax.xml.parsers.SAXParserFactory",
"org.apache.xerces.jaxp.SAXParserFactoryImpl");
System.setProperty("javax.xml.validation.SchemaFactory",
"org.apache.xerces.jaxp.validation.XMLSchemaFactory");
System.setProperty("org.w3c.dom.DOMImplementationSourceList",
"org.apache.xerces.dom.DOMXSImplementationSourceImpl");
System.setProperty("org.xml.sax.driver",
"org.apache.xerces.parsers.SAXParser");

DocumentBuilderFactory dbf2 =
DocumentBuilderFactory.newInstance();
DocumentBuilder db2 = dbf2.newDocumentBuilder();
System.out.println(db2.getClass());
}

}


Archive powered by MHonArc 2.6.16.

Top of Page