4

I am using Piccolo jar and creating XML reader using XMLReaderFactory. I need to set the secure processing feature and hence i did this way,

xmlReader = XMLReaderFactory.createXMLReader("com.bluecast.xml.Piccolo"); xmlReader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);

But this is throwing error org.xml.sax.SAXNotRecognizedException: http://javax.xml.XMLConstants/feature/secure-processing at com.bluecast.xml.Piccolo.setFeature(Piccolo.java:937)

I had an old xercesImpl.jar which has been replaced by xercesImpl-2.9.1.jar but still getting the same error. I googled and din't find any concrete solutions.

Please help, Any ideas are appreciable.

Improve this question

2 Answers 2

Reset to default
4

So the constant XMLConstants.FEATURE_SECURE_PROCESSING has value http://javax.xml.XMLConstants/feature/secure-processing

According to the source code here (the latest is 1.04), a big if else block checks to see what if this value is one of the allowable features and if not throws this exception. And in fact, it is not one of the values judged to be legal and therefore the exception is thrown.

As per SaxParserFactory, we read

All implementations are required to support the javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING feature.

Piccolo implements Parser though and not SaxParser. So all in all I would say Piccolo does not support that feature. Perhaps I would say use a different XMLReader which does support it.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

Interesting enough Oracle JDKs internal Xerces version of XMLReaderFactory for SAX2 also does not offer this feature setter. I am not sure what, or what the recommended alternative is supposed to be. There is a workaround to that like this:

    SAXParserFactory spf = SAXParserFactory.newInstance();
    spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
    XMLReader reader = spf.newSAXParser().getXMLReader();

Strange. Internally it maps to an security-manager (com.sun.org.apache.xerces.internal.utils.XMLSecurityManager) with different entity expansion limits. In addition it sets the new properties XMLConstants.ACCESS_EXTERNAL_DTD and XMLConstants.ACCESS_EXTERNAL_SCHEMA to "" (no external access).

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.