本文介绍了Java 1.7 xml 解析错误上的 Restlet 客户端“FEATURE_SECURE_PROCESSING:当存在安全管理器时,无法将该功能设置为 false."的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

31/OCT/2014 对此的修复是现在在 Restlet 2.2 和 master(未来 2.3)分支中可用

EDIT : 31/OCT/2014 The fix for this is now available in both Restlet 2.2 and master (future 2.3) branches

我们的 Netbeans Platform Restlet 客户端应用程序在 Java 1.6 上运行正常,但使用 1.7.0_11 时,我遇到安全运行时错误.

Our Netbeans Platform Restlet client app runs okay on Java 1.6 but with 1.7.0_11, I get security runtime errors.

有没有简单的方法可以防止这种情况发生?

Is there a easy way to prevent this?

WARN org.restlet.log():241 - Unable to unmarshal the XML representation
javax.xml.bind.JAXBException: Unable to create customized SAX source
 - with linked exception:
[javax.xml.parsers.ParserConfigurationException: FEATURE_SECURE_PROCESSING: Cannot set the feature to false when security manager is present.]
            at org.restlet.ext.jaxb.internal.Unmarshaller.unmarshal(Unmarshaller.java:201)
            at org.restlet.ext.jaxb.JaxbRepresentation.getObject(JaxbRepresentation.java:417)
            at org.restlet.ext.jaxb.JaxbConverter.toObject(JaxbConverter.java:172)
            at org.restlet.service.ConverterService.toObject(ConverterService.java:167)
            at org.restlet.resource.Resource.toObject(Resource.java:828)
            at org.restlet.engine.resource.ClientInvocationHandler.invoke(ClientInvocationHandler.java:240)
            <SNIP>
Caused by: javax.xml.parsers.ParserConfigurationException: FEATURE_SECURE_PROCESSING: Cannot set the feature to false when security manager is present.
            at com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl.setFeature(SAXParserFactoryImpl.java:122)
            at org.restlet.ext.jaxb.internal.Unmarshaller.unmarshal(Unmarshaller.java:190)
            ... 23 more

在两个 java 运行时中,我的 System.getSecurityManager()是 org.netbeans.TopSecurityManager 的一个实例

In both java runtimes, my System.getSecurityManager() is a instance of org.netbeans.TopSecurityManager

在 Simon Lehmann 的回答中提到对 Restlet 源进行更多研究后,我看到 JaxbConverter.java 调用

After a bit more research into Restlet source as mentioned in answer from Simon Lehmann I see JaxbConverter.java invokes

new JaxbRepresentation<T>(Representation source, Class<T> target).getObject();

然后……

public JaxbRepresentation(Representation xmlRepresentation, Class<T> type) { ...}

然后……

public JaxbRepresentation(Representation xmlRepresentation, String contextPath, ValidationEventHandler validationHandler, ClassLoader classLoader) {
    super((xmlRepresentation == null) ? null : xmlRepresentation
            .getMediaType());
    this.classLoader = classLoader;
    this.contextPath = contextPath;
    this.object = null;
    this.validationEventHandler = validationHandler;
    this.xmlRepresentation = xmlRepresentation;
}

在这个特定的构造函数中,this.secureProcessing 始终保持为 false,因此稍后我们会在 XML 解析器的 Java 7 安全处理功能中遇到错误(如果存在任何安全管理器).

In this particular constructor, this.secureProcessing always remains false so later we get errors with Java 7 secure processing feature of the XML parser if there is any security manager present.

不确定这是restlet中的错误还是我做错了什么?

Not sure if this is a bug in restlet or if I am doing something wrong ?

我在 1.7.0_11 上编写了小型 restlet 客户端测试程序,它与我们的服务器一起工作正常.我在我的完整客户端应用程序中猜测类路径中有一些坏"?

I wrote small restlet client test program on 1.7.0_11 which works ok with our server. I am guessing in my full client app that there is something 'bad' in the classpath ?

在小应用程序和完整应用程序中,我 打印工厂,两者都一样:

In both the small app and the full app I print the factories and it is same in both :

 [exec] DocumentBuilderFactory implementation: com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl loaded from: Java Runtime
 [exec] XPathFactory implementation: com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl loaded from: Java Runtime
 [exec] TransformerFactory implementation: com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl loaded from: Java Runtime
 [exec] SAXParserFactory implementation: com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl loaded from: Java Runtime

我通过 System.setProperty("jaxp.debug", "true") 打开额外的 JAXP 日志记录;并看到每个都不同:

I switch on extra JAXP logging via System.setProperty("jaxp.debug", "true"); and see it is different in each :

小型工作应用

[junit] JAXP: find factoryId =javax.xml.datatype.DatatypeFactory
[junit] JAXP: loaded from fallback value: com.sun.org.apache.xerces.internal.jaxp.datatype.DatatypeFactoryImpl
[junit] JAXP: created new instance of class com.sun.org.apache.xerces.internal.jaxp.datatype.DatatypeFactoryImpl using ClassLoader: null

[junit] JAXP: find factoryId =javax.xml.datatype.DatatypeFactory
[junit] JAXP: loaded from fallback value: com.sun.org.apache.xerces.internal.jaxp.datatype.DatatypeFactoryImpl
[junit] JAXP: created new instance of class com.sun.org.apache.xerces.internal.jaxp.datatype.DatatypeFactoryImpl using ClassLoader: null
[junit] JAXP: using thread context class loader (sun.misc.Launcher$AppClassLoader@6c5bdfae) for search
[junit] JAXP: Looking up system property 'javax.xml.xpath.XPathFactory:http://java.sun.com/jaxp/xpath/dom'
[junit] JAXP: The property is undefined.
[junit] JAXP: found null in $java.home/jaxp.properties
[junit] JAXP: no META-INF/services/javax.xml.xpath.XPathFactory file was found
[junit] JAXP: attempting to use the platform default W3C DOM XPath lib
[junit] JAXP: createInstance(com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl)
[junit] JAXP: loaded com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl from jar:file:/Library/Java/JavaVirtualMachines/jdk1.7.0_11.jdk/Contents/Home/jre/lib/rt.jar!/com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
[junit] JAXP: factory 'com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl' was found for http://java.sun.com/jaxp/xpath/dom

[junit] JAXP: find factoryId =javax.xml.transform.TransformerFactory
[junit] JAXP: loaded from fallback value: com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl
[junit] JAXP: created new instance of class com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl using ClassLoader: null

完整的 Netbeans 应用程序(失败)


Full Netbeans app (failing)

 [exec] JAXP: using thread context class loader (SystemClassLoader[420 modules]) for search
 [exec] JAXP: Looking up system property 'javax.xml.xpath.XPathFactory:http://java.sun.com/jaxp/xpath/dom'
 [exec] JAXP: The property is undefined.
 [exec] JAXP: found null in $java.home/jaxp.properties
 [exec] JAXP: no META-INF/services/javax.xml.xpath.XPathFactory file was found
 [exec] JAXP: attempting to use the platform default W3C DOM XPath lib
 [exec] JAXP: createInstance(com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl)
 [exec] JAXP: loaded com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl from jar:file:/Library/Java/JavaVirtualMachines/jdk1.7.0_11.jdk/Contents/Home/jre/lib/rt.jar!/com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
 [exec] JAXP: factory 'com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl' was found for http://java.sun.com/jaxp/xpath/dom
 [exec] JAXP: find factoryId =javax.xml.transform.TransformerFactory
 [exec] JAXP: found jar resource=META-INF/services/javax.xml.transform.TransformerFactory using ClassLoader: SystemClassLoader[420 modules]
 [exec] JAXP: loaded from fallback value: com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl
 [exec] JAXP: created new instance of class com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl using ClassLoader: null

推荐答案

当我从在 Java 6 上运行的 restlet 2.2m1 升级到在 Java 7 上运行的 restlet 2.2m5 时,我遇到了同样的问题.

I encountered the same problem - exactly - when I upgraded from restlet 2.2m1 running on Java 6 to restlet 2.2m5 running on Java 7.

我采用的解决方案是将您提到的 JaxbRepresentation 构造函数中的 secureProcessor 标志初始化为 true(并重建 restlet 代码).那为我解决了问题.目前尚不清楚该构造函数中没有对 secureProcessing 标志进行初始化是有意还是疏忽.

The solution I resorted to was to initialize the secureProcessor flag in the JaxbRepresentation constructor you mentioned to true (and rebuild the restlet code). That resolved the problem for me. It is not clear if the lack of initialization of the secureProcessing flag in that constructor is intentional or is an oversight.

我提交了一个关于它的错误:https://github.com/restlet/restlet-framework-java/issues/785

I filed a bug about it:https://github.com/restlet/restlet-framework-java/issues/785

这篇关于Java 1.7 xml 解析错误上的 Restlet 客户端“FEATURE_SECURE_PROCESSING:当存在安全管理器时,无法将该功能设置为 false."的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-16 16:08