TitleWebContainerAuthorizer fails without Internet Connection
Date02-Feb-2006 01:11:58 EET
Bug criticalityCriticalBug
Browser version
Bug statusClosedBug
PageProvider used
Servlet ContainerTomcat 5.5.15
Operating SystemW2K
Java versionSun 5.0.6

On checking if there is a security on in web.xml (clever idea, imho) WebContainerAuthorizer.getWebXml() fails with a java.net.UnknownHostException: java.sun.com if there is no connection to the internet because the DocumentBuilder tries to resolv http://java.sun.com/dtd/web-app_2_3.dtd

JDK 1.5 is using com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl

factory.setValidating( false ); seems to be ignored.

I tried your code snippet to parse web.xml in a webapp of mine, there it works, don't know why.

Sitation is made worse in WebContainerAuthorizer, because the resulting exception is not rethrown, but only logged (which effectively amounts to ignoring) and so login fails unexplainably. I strongly believe that absolutely no exception at all should be ignored with an empty catch block, all should be handled, either by the web app or the container.

Solutions: maybe a custom EntityResolver might help.

OK, I found a fix:

Upgrade web.xml to 2.4, then it works.

<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">

--J├╝rgen Weber, 02-Feb-2006

This fix works indeed for Tomcat 5 but for servers that do not support yet the 2.4 version (like Weblogic 8.1) the same problem still exists.

--Marc Patteet, 20-Feb-2006

I will check in a fix for this soon. The issue is that the XML parser is trying to resolve the DTD, which is it supposed to do. The fix I've put together (which works) will cache the DTD locally.

--AndrewJaquith, 21-Feb-2006

We've fixed this in the latest CVS builds. Give it a try and let us know if it doesn't work.

--Andrew Jaquith, 27-Feb-2006

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-6) was last changed on 27-Feb-2006 07:26 by