[Sax-devel] Proposal for making SAX more robust under J2EE
Brought to you by:
dmegginson
From: <ne...@ca...> - 2002-10-16 22:23:36
|
Hi all, With the rise in importance of security these days--and especially given its prominance in J2EE 1.3--some problems have emerged in SAX code that interacts with system resources, when that SAX code needs to be deployed at the heart of a J2EE platform. For instance, when the createXMLReader() method is called on XMLReaderFactory, various actions that violate many security policies are triggered: system properties are examined, attempts are made to open jar files, the clontext class loader is looked up, etc. At best, this can result in logfiles with many spurious warnings; consequences can be worse depending on the security policy. This problem isn't unique to SAX: JAXP, having a similar factory design, had the same limitations. To fix this, Edwin Goei--same guy partially responsible for much of the SAX classloading code we have today--committed some new JAXP code a couple of months back to a branch (java2-branch, for the curious) of the Apache xml-commons project. The basic idea behind the code is to wrap all problematic calls in implementations of the PrivilegedAction interface, using the doPrivileged method of the AccessController class. JDK 1.1.8 support is maintained by using these new wrappers only on non-1.1.8 platforms; under 1.1.8, wrappers that don't use the modern syntax are employed. So now there exists a JAXP implementation that works happily in J2EE environments and still runs under JDK 1.1.8. While it is true that it won't compile under 1.1.8, we've been using this code for over 2 months now in the Apache Xerces-Java project and have yet to encounter a single complaint. Shortly after Edwin committed his changes to JAXP, I migrated them over to the SAX implementation contained in Xerces-J. This has been out and about for at least 2 Xerces releases now, and we haven't heard of any problems. So, I think the code may be mature enough to present here as a possible contribution to a future revision of SAX. Note that this code is a bit different from what's in Xerces; for the present, we have to ship a back-level version of SAX to remain compliant to Sun's JAXP 1.2 TCK. Nonetheless, these patches aren't radically different from what's live in Xerces today, so I think they should work fine. Note that all affected classes are from the org.xml.sax.helpers package. Thanks! Neil (See attached file: SAXPatch.zip) Neil Graham XML Parser Development IBM Toronto Lab Phone: 905-413-3519, T/L 969-3519 E-mail: ne...@ca... |