编辑:2014 年 10 月 31 日此问题的修复程序现在在 Restlet 2.2 和 master(未来 2.3)分支中都可用
我们的 Netbeans Platform Restlet 客户端应用程序在 Java 1.6 上运行良好,但在 1.7.0_11 上,我得到了安全运行时错误。
有没有简单的方法来防止这种情况?
WARN org.restlet.log():241 - Unable to unmarshal the XML representation
javax.xml.bind.JAXBException: Unable to create customized SAX source
- with linked exception:
[javax.xml.parsers.ParserConfigurationException: FEATURE_SECURE_PROCESSING: Cannot set the feature to false when security manager is present.]
at org.restlet.ext.jaxb.internal.Unmarshaller.unmarshal(Unmarshaller.java:201)
at org.restlet.ext.jaxb.JaxbRepresentation.getObject(JaxbRepresentation.java:417)
at org.restlet.ext.jaxb.JaxbConverter.toObject(JaxbConverter.java:172)
at org.restlet.service.ConverterService.toObject(ConverterService.java:167)
at org.restlet.resource.Resource.toObject(Resource.java:828)
at org.restlet.engine.resource.ClientInvocationHandler.invoke(ClientInvocationHandler.java:240)
<SNIP>
Caused by: javax.xml.parsers.ParserConfigurationException: FEATURE_SECURE_PROCESSING: Cannot set the feature to false when security manager is present.
at com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl.setFeature(SAXParserFactoryImpl.java:122)
at org.restlet.ext.jaxb.internal.Unmarshaller.unmarshal(Unmarshaller.java:190)
... 23 more
在两个 java 运行时中,我的 System.getSecurityManager() 是 org.netbeans.TopSecurityManager 的一个实例
编辑 1
在对 Simon Lehmann 的回答中提到的 Restlet 源进行了更多研究之后,我看到了JaxbConverter.java调用
new JaxbRepresentation<T>(Representation source, Class<T> target).getObject();
然后 ...
public JaxbRepresentation(Representation xmlRepresentation, Class<T> type) { ...}
然后 ...
public JaxbRepresentation(Representation xmlRepresentation, String contextPath, ValidationEventHandler validationHandler, ClassLoader classLoader) {
super((xmlRepresentation == null) ? null : xmlRepresentation
.getMediaType());
this.classLoader = classLoader;
this.contextPath = contextPath;
this.object = null;
this.validationEventHandler = validationHandler;
this.xmlRepresentation = xmlRepresentation;
}
在这个特定的构造函数中,this.secureProcessing始终保持为假,因此如果存在任何安全管理器,那么稍后我们会收到 XML 解析器的 Java 7 安全处理功能的错误。
不确定这是restlet中的错误还是我做错了什么?
编辑 2(简单的 Java 7 应用程序与一个完整的应用程序)
我在 1.7.0_11 上编写了小型 restlet 客户端测试程序,它适用于我们的服务器。我猜在我的完整客户端应用程序中,类路径中有一些“坏”的东西?
在小型应用程序和完整应用程序中,我打印工厂,两者都是相同的:
[exec] DocumentBuilderFactory implementation: com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl loaded from: Java Runtime
[exec] XPathFactory implementation: com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl loaded from: Java Runtime
[exec] TransformerFactory implementation: com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl loaded from: Java Runtime
[exec] SAXParserFactory implementation: com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl loaded from: Java Runtime
我通过 System.setProperty("jaxp.debug", "true"); 打开额外的 JAXP 日志记录 并看到它在每个方面都不同:
小型工作应用程序
[junit] JAXP: find factoryId =javax.xml.datatype.DatatypeFactory
[junit] JAXP: loaded from fallback value: com.sun.org.apache.xerces.internal.jaxp.datatype.DatatypeFactoryImpl
[junit] JAXP: created new instance of class com.sun.org.apache.xerces.internal.jaxp.datatype.DatatypeFactoryImpl using ClassLoader: null
[junit] JAXP: find factoryId =javax.xml.datatype.DatatypeFactory
[junit] JAXP: loaded from fallback value: com.sun.org.apache.xerces.internal.jaxp.datatype.DatatypeFactoryImpl
[junit] JAXP: created new instance of class com.sun.org.apache.xerces.internal.jaxp.datatype.DatatypeFactoryImpl using ClassLoader: null
[junit] JAXP: using thread context class loader (sun.misc.Launcher$AppClassLoader@6c5bdfae) for search
[junit] JAXP: Looking up system property 'javax.xml.xpath.XPathFactory:http://java.sun.com/jaxp/xpath/dom'
[junit] JAXP: The property is undefined.
[junit] JAXP: found null in $java.home/jaxp.properties
[junit] JAXP: no META-INF/services/javax.xml.xpath.XPathFactory file was found
[junit] JAXP: attempting to use the platform default W3C DOM XPath lib
[junit] JAXP: createInstance(com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl)
[junit] JAXP: loaded com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl from jar:file:/Library/Java/JavaVirtualMachines/jdk1.7.0_11.jdk/Contents/Home/jre/lib/rt.jar!/com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
[junit] JAXP: factory 'com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl' was found for http://java.sun.com/jaxp/xpath/dom
[junit] JAXP: find factoryId =javax.xml.transform.TransformerFactory
[junit] JAXP: loaded from fallback value: com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl
[junit] JAXP: created new instance of class com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl using ClassLoader: null
完整的 Netbeans 应用程序(失败)
[exec] JAXP: using thread context class loader (SystemClassLoader[420 modules]) for search
[exec] JAXP: Looking up system property 'javax.xml.xpath.XPathFactory:http://java.sun.com/jaxp/xpath/dom'
[exec] JAXP: The property is undefined.
[exec] JAXP: found null in $java.home/jaxp.properties
[exec] JAXP: no META-INF/services/javax.xml.xpath.XPathFactory file was found
[exec] JAXP: attempting to use the platform default W3C DOM XPath lib
[exec] JAXP: createInstance(com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl)
[exec] JAXP: loaded com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl from jar:file:/Library/Java/JavaVirtualMachines/jdk1.7.0_11.jdk/Contents/Home/jre/lib/rt.jar!/com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
[exec] JAXP: factory 'com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl' was found for http://java.sun.com/jaxp/xpath/dom
[exec] JAXP: find factoryId =javax.xml.transform.TransformerFactory
[exec] JAXP: found jar resource=META-INF/services/javax.xml.transform.TransformerFactory using ClassLoader: SystemClassLoader[420 modules]
[exec] JAXP: loaded from fallback value: com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl
[exec] JAXP: created new instance of class com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl using ClassLoader: null