Re: [Jersey] SAX Feature error in Jersey

From: Paul Sandoz <Paul.Sandoz_at_Sun.COM>
Date: Tue, 16 Feb 2010 22:15:34 +0100

Hi Phil,

What is the implementation and version of the SAX parser you are using?

This warning is important because Jersey cannot configure the parsing
to protect against certain XML-based denial of service attacks. So if
you are building public-facing services that consume XML your
application could be at risk.

Currently the only way to disable this is to disable JDK logging.

If you really need this disabled can you log a enhancement and we can
had a feature to disable security-based configuration?


On Feb 16, 2010, at 6:54 PM, Phil Griffin wrote:

> I recently updated our Jersey jars to and began getting a
> JAXP parser registry exception for a non-supported feature (in the
> factory I'm required to use). Is there a way to disable the
> com.sun.jersey.core.provider.jaxb.AbstractJAXBProvider or Jersey
> from expecting this feature?
> WebLogicSAXParser cannot be created.SAX feature
> @ &#39;' not
> supported
> Thanks,
> Phil