I encountered a couple of problems trying to use
xerces and security in my application.
BUG 1:
I have xerces.jar in myapp/WEB-INF/lib. This works
fine until I turn on security (-security switch) which
uses conf/catalina.policy.
I added a permission for my application to do anything:
grant codeBase "file:${catalina.home}/webapps/myapp/-" {
permission java.security.AllPermission;
};
This works fine except when I invoke xerces:
XMLReader xr = XMLReaderFactory.createXMLReader();
...
xr.parse(my_xml_file);
I get an access violation on the file (which is in myapp).
If I move xerces.jar to common/lib this error goes away.
There seems to be a problem related to security when loading
jars from WEB-INF/lib. This was reported earlier by Sergey V. Udaltsov
in the post titled "policy for classes in WEB-INF/lib/my.jar".
BUG 2:
FURTHER, moving xerces.jar to common/lib seems to introduce
its own problem related to the handling of DTDs. A couple of my
xml files have DTD specs like:
<!DOCTYPE links SYSTEM "../Links.dtd">
I found that the parser computes the path relative to the startup
directory of catalina, rather than relative to the location of the
xml file. It does not do this when it is in WEB-INF/lib. This is
clearly unusable since the web app author has no idea where
the startup dir will be and no way to get the DTDs there.
Am I missing something here on how this is supposed to
operate or are these legitimate bugs?
Frank Lawlor
Athens Group, Inc.
(512) 345-0600 x151
Athens Group, an employee-owned consulting firm integrating technology
strategy and software solutions.
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
