On Dec 30, 2009, at 12:42 PM, Cemo Koc wrote:
>
> Hi Paul,
>
> I am using JAXB implementation of Sun.
>
> <dependency>
> <groupId>com.sun.xml.bind</groupId>
> <artifactId>jaxb-impl</artifactId>
> <version>2.1.12</version>
> </dependency>
>
> But I do not know why it is raising exceptions?
>
It is not JAXB but the SAXParser implementation supplied by Apache
Xerces.
I think some other dependency must be including Apache Xerces that
does not support the feature.
What does the following output:
mvn dependency:tree
Paul.
> Thanks
>
>
>
>
>
> Paul Sandoz wrote:
>>
>> Hi Cemo,
>>
>> On Dec 29, 2009, at 6:28 PM, Cemo Koc wrote:
>>
>>>
>>> Hi all,
>>>
>>> I have GFv3 server with 5 application. Each of them has own client
>>> module
>>> with Jersey Client. I am using latest snapshot of Jersey...
>>>
>>> My problem is about SAX...
>>>
>>> [#|2009-12-29T18:15:09.879+0200|WARNING|glassfishv3.0|
>>> com.sun.jersey.core.impl.provider.xml.SAXParserContextProvider|
>>> _ThreadID=27;_ThreadName=Thread-1;|JAXP
>>> feature XMLConstants.FEATURE_SECURE_PROCESSING cannot be set on a
>>> SAXParserFactory. External general entity processing is disbaled but
>>> other
>>> potential securty related features will not be enabled.
>>> org.xml.sax.SAXNotRecognizedException: Feature
>>> 'http://javax.xml.XMLConstants/feature/secure-processing' is not
>>> recognized.
>>> at
>>> org.apache.xerces.parsers.AbstractSAXParser.setFeature(Unknown
>>> Source)
>>> at org.apache.xerces.jaxp.SAXParserImpl.setFeatures(Unknown
>>> Source)
>>> at org.apache.xerces.jaxp.SAXParserImpl.<init>(Unknown Source)
>>>
>>>
>>> 1) Is there anyone who has idea about what is causing this
>>> exception?
>>>
>>
>> The Apache Xerces implementation that you are using, and included in
>> the war?, does not support the feature
>> "http://javax.xml.XMLConstants/feature/secure-processing
>> ":
>>
>>
>> http://java.sun.com/javase/6/docs/api/javax/xml/XMLConstants.html#FEATURE_SECURE_PROCESSING
>>
>> By default Jersey will enabled secure XML processing where possible
>> and log a warning if this cannot be set.
>>
>>
>>>
>>> My second attempt to solve problem in my client to prohibit its
>>> usage I
>>> tried to use
>>>
>>>
>>> DefaultClientConfig config = new DefaultClientConfig();
>>>
>>> config
>>> .getProperties().put(ClientConfig.FEATURE_DISABLE_XML_SECURITY,
>>> "true");
>>> client = Client.create(config);
>>>
>>
>>
>> You need to do the following:
>>
>> config.getFeatures().put(ClientConfig.FEATURE_DISABLE_XML_SECURITY,
>> true);
>>
>>
>>> and
>>>
>>>
>>> <param-name>com.sun.jersey.config.feature.DisableXmlSecurity</param-
>>> name>
>>> <param-value>true</param-value>
>>>
>>
>> The above is correct for server configuration in the web.xml.
>>
>>
>>> But when I am debugging I could sometimes successfully see another
>>> Config
>>> which has that feature enabled...
>>>
>>> disableXmlSecurity =
>>> fps.getFeature(FeaturesAndProperties.FEATURE_DISABLE_XML_SECURITY);
>>>
>>>
>>> 2 ) Is this behaviour expected?
>>>
>>>
>>> 3 ) How can I fix these errors?
>>>
>>
>> Upgrade Xerces to a JAXP supported version (assuming there is one) or
>> use the default provided by the JDK.
>>
>> Paul.
>>
>>
>
> --
> View this message in context: http://n2.nabble.com/SAXParserContextProvider-and-secure-processing-Exception-tp4228536p4231890.html
> Sent from the Jersey mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>