OpenSAML user discussion

Hi Chad and all,

We followed your suggestion to try the
system properties in a Java 5 
environment and got it to work. 

The following mail from the shibboleth-dev
list also reported success using the system properties.
Included you also find the complete
list of properties that can be set:
https://mail.internet2.edu/wws/arc/shibboleth-dev/2007-07/msg00004.html

We found that the following additional
property has to be added, else OpenSaml's 
initialization will fail:

System.setProperty("javax.xml.validation.SchemaFactory:http://www.w3.org/2001/XMLSchema",
 "org.apache.xerces.jaxp.validation.XMLSchemaFactory");

JDK is sun's jdk1.5.0_11.

Cheers,
Andreas

Chad La Joie <>

08.11.2007 09:32

Please respond to

To
cc
Subject	Re: Problem about endorsed libraries

Okay, so I had some one try this and reported it didn't
work.  I was, 
honestly, skeptical because everything I knew about how the JVM dealt 
with this stuff indicated my suggestion should work.  So I tried it,
it 
works, code is attached.


Here's my env:
   - OS X 10.4 Java 5 VM
   - Ran with VM flag "-Djava.endorsed.dirs=" to ensure
the VM didn't 
pick up my system endorsed libs, tests proved this to be true.

Here's my test runs using the attached code.
Run 1
- No xerces/xalan on classpath
- No setting of system properties
- Result: VM used the Sun parser in both cases

Run 2
- Xerces/xalan on classpath
- No setting of system properties
- Result: VM used Xerces parser in both cases (see why, below)

Run 3
- xerces(modified)/xalan on classpath
- System properties set
- Result: VM used Sun parser first and Xerces parser second.

People might be surprised by the results of the second test.  It's
due 
to the fact that Xerces has configurations in it to use the Java 5 VM 
services mechanism.  In standalone apps this can work like automatic
endorsement.  It doesn't equate to endorsement when you run your code
in-container though.  Read up on it if you're curious what the service
mechanism is and why the previous two statements are true.

For test three I removed the VM services configuration code from Xerces
just to be sure it would use my system properties.  That's all I 
modified in the Xerces jar.



So, this certainly works in a standard VM.  It should work in any
container that doesn't have a security policy that prevents webapps from
changing those system properties.  It should work on Web Start apps
as 
well, unless, again, they have a security policy that prevents setting
those system properties.  If there is a policy you'd get a security
exception.

-- 
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
, http://www.switch.ch
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;


public class SystemPropertyXMLParserTest {

                
/**
                
 * @param args
                
 */
                
public static void main(String[] args) throws Exception{
                
                 DocumentBuilderFactory
dbf = DocumentBuilderFactory.newInstance();
                
                 DocumentBuilder
db = dbf.newDocumentBuilder();
                
                 System.out.println(db.getClass());
                
                 
                
                 System.setProperty("javax.xml.datatype.DatatypeFactory",
"org.apache.xerces.jaxp.datatype.DatatypeFactoryImpl");
                
                 System.setProperty("javax.xml.parsers.DocumentBuilderFactory",
"org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
                
                 System.setProperty("javax.xml.parsers.SAXParserFactory",
"org.apache.xerces.jaxp.SAXParserFactoryImpl");
                
                 System.setProperty("javax.xml.validation.SchemaFactory",
"org.apache.xerces.jaxp.validation.XMLSchemaFactory");
                
                 System.setProperty("org.w3c.dom.DOMImplementationSourceList",
"org.apache.xerces.dom.DOMXSImplementationSourceImpl");
                
                 System.setProperty("org.xml.sax.driver",
"org.apache.xerces.parsers.SAXParser");
                
                 
                
                 DocumentBuilderFactory
dbf2 = DocumentBuilderFactory.newInstance();
                
                 DocumentBuilder
db2 = dbf2.newDocumentBuilder();
                
                 System.out.println(db2.getClass());
                
}

}


----------------------------------------------------------------------------
Andreas Vallen
R&D BasisTechnology

Phone:         +49 6227 385
Fax:         +49 6227 385 588
Mail:         
------------------------------------------------------------------------------
**********     www.icw.de    **********    
******   www.LifeSensor.com     ******

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
MEDICA 2007 - Vernetzen statt Ersetzen
Besuchen Sie uns auf der größten Medizinmesse der Welt.
Messe Düsseldorf, 14. bis 17. November 2007 in Halle 15, Stand E 48
http://www.medica.de
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

InterComponentWare AG: 
Vorstand: Peter Reuschel (Vors.), Norbert Olsacher, Dr. med. Frank Warda
/ Aufsichtsratsvors.: Michael Kranich
Firmensitz: 69190 Walldorf, Industriestr. 41 / AG Mannheim HRB 351761 /
USt.-IdNr.: DE 198388516