Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Problem about endorsed libraries

Subject: OpenSAML user discussion

List archive

Re: Problem about endorsed libraries


Chronological Thread 
  • From:
  • To:
  • Subject: Re: Problem about endorsed libraries
  • Date: Thu, 8 Nov 2007 17:12:37 +0100

Hi Chad,

by debugging the failure we found the cause in the SchemaFactory.newInstance() method whose
javadoc points to the need to qualify the system property name with the name of the schema language.

Andreas





Interesting.  Where did you find this property?  I can't find it
documented anywhere.

wrote:
>
> Hi Chad and all,
>
> We followed your suggestion to try the system properties in a Java 5
> environment and got it to work.
>
> The following mail from the shibboleth-dev list also reported success
> using the system properties.
> Included you also find the complete list of properties that can be set:
> https://mail.internet2.edu/wws/arc/shibboleth-dev/2007-07/msg00004.html
>
> We found that the following additional property has to be added, else
> OpenSaml's
> initialization will fail:
>
> System./setProperty/("javax.xml.validation.SchemaFactory:http://www.w3.org/2001/XMLSchema",
>
>  "org.apache.xerces.jaxp.validation.XMLSchemaFactory");
>
> JDK is sun's jdk1.5.0_11.
>
> Cheers,
> Andreas
>
>
>
>
> *Chad La Joie <>*
>
> 08.11.2007 09:32
> Please respond to
>
>
>
>                  
> To
>                  
> cc
>                  
> Subject
>                  Re: Problem about endorsed libraries
>
>
>                  
>
>
>
>
>
> Okay, so I had some one try this and reported it didn't work.  I was,
> honestly, skeptical because everything I knew about how the JVM dealt
> with this stuff indicated my suggestion should work.  So I tried it, it
> works, code is attached.
>
>
> Here's my env:
>   - OS X 10.4 Java 5 VM
>   - Ran with VM flag "-Djava.endorsed.dirs=" to ensure the VM didn't
> pick up my system endorsed libs, tests proved this to be true.
>
> Here's my test runs using the attached code.
> Run 1
> - No xerces/xalan on classpath
> - No setting of system properties
> - Result: VM used the Sun parser in both cases
>
> Run 2
> - Xerces/xalan on classpath
> - No setting of system properties
> - Result: VM used Xerces parser in both cases (see why, below)
>
> Run 3
> - xerces(modified)/xalan on classpath
> - System properties set
> - Result: VM used Sun parser first and Xerces parser second.
>
> People might be surprised by the results of the second test.  It's due
> to the fact that Xerces has configurations in it to use the Java 5 VM
> services mechanism.  In standalone apps this can work like automatic
> endorsement.  It doesn't equate to endorsement when you run your code
> in-container though.  Read up on it if you're curious what the service
> mechanism is and why the previous two statements are true.
>
> For test three I removed the VM services configuration code from Xerces
> just to be sure it would use my system properties.  That's all I
> modified in the Xerces jar.
>
>
>
> So, this certainly works in a standard VM.  It should work in any
> container that doesn't have a security policy that prevents webapps from
> changing those system properties.  It should work on Web Start apps as
> well, unless, again, they have a security policy that prevents setting
> those system properties.  If there is a policy you'd get a security
> exception.
>
> --
> SWITCH
> Serving Swiss Universities
> --------------------------
> Chad La Joie, Software Engineer, Security
> Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
> phone +41 44 268 15 75, fax +41 44 268 15 68
> , http://www.switch.ch
> import javax.xml.parsers.DocumentBuilder;
> import javax.xml.parsers.DocumentBuilderFactory;
>
>
> public class SystemPropertyXMLParserTest {
>
>                 /**
>                  * @param args
>                  */
>                 public static void main(String[] args) throws Exception{
>                                  DocumentBuilderFactory dbf =
> DocumentBuilderFactory.newInstance();
>                                  DocumentBuilder db =
> dbf.newDocumentBuilder();
>                                  System.out.println(db.getClass());
>                                  
>                                
>  System.setProperty("javax.xml.datatype.DatatypeFactory",
> "org.apache.xerces.jaxp.datatype.DatatypeFactoryImpl");
>                                
>  System.setProperty("javax.xml.parsers.DocumentBuilderFactory",
> "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
>                                
>  System.setProperty("javax.xml.parsers.SAXParserFactory",
> "org.apache.xerces.jaxp.SAXParserFactoryImpl");
>                                
>  System.setProperty("javax.xml.validation.SchemaFactory",
> "org.apache.xerces.jaxp.validation.XMLSchemaFactory");
>                                
>  System.setProperty("org.w3c.dom.DOMImplementationSourceList",
> "org.apache.xerces.dom.DOMXSImplementationSourceImpl");
>                                
>  System.setProperty("org.xml.sax.driver",
> "org.apache.xerces.parsers.SAXParser");
>                                  
>                                  DocumentBuilderFactory dbf2 =
> DocumentBuilderFactory.newInstance();
>                                  DocumentBuilder db2 =
> dbf2.newDocumentBuilder();
>                                  System.out.println(db2.getClass());
>                 }
>

Archive powered by MHonArc 2.6.16.

Top of Page