You are viewing a plain text version of this content. The canonical link for it is here.

Posted to j-dev@xerces.apache.org by bu...@apache.org on 2003/03/07 15:37:02 UTC

DO NOT REPLY [Bug 17772] New: - reading "xerces.properties" causes SecurityException

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17772>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17772

reading "xerces.properties" causes SecurityException

           Summary: reading "xerces.properties" causes SecurityException
           Product: Xerces2-J
           Version: 2.3.0
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Blocker
          Priority: Other
         Component: Other
        AssignedTo: xerces-j-dev@xml.apache.org
        ReportedBy: roth@dynamik.fb10.tu-berlin.de


I am complaining about a wrong behaviour of building Xerces parsers. 
As described in the odd file "xerces.properties" there is some mechanism 
which enables a dynamic configuration of the parser.
I use Xerces inside an applet which means:
- I can't write system properties
- I cannot access any files from within the applet!!

Therefore the frist step to find this configuration fails (not able to set
system properties from within applets).
The second step is programmed that silly that it looks up some file
"xerces.properties" in the JRE/lib directory. Here the applet-environment causes
a SecurityException which is obviously never catched inside Xerces! Therefore
inside the applet there's a security exception and step three (to look up the
user's JAR-Files for some damn configuration) is never reached. The application
simply crashes when run as applet. Also step four is never reached: To take some
damn hard-coded default configuration .
This can't be real, that Xerces depends on reading files!! If you try to read
files then catch SecurityExceptions instead of bombing down the application!

I guess this is something for Neil Graham, who invented this whole confiuration
file.

---------------------------------------------------------------------
To unsubscribe, e-mail: xerces-j-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xerces-j-dev-help@xml.apache.org