Geek Answers Handbook

How to trick Java Provider API (jaxp)

I have an applet that needs to be called by JAXP, in particular SAXParserFactory . Now, as you can see from Javadoc, this internally uses the service provider's mechanism, as described here :

In particular, if he does not find the file in any of the JAR applications of my application called META-INF/services/javax.xml.parsers.SAXParserFactory , he will try to extract it from my application code base. If I have deployed the applet as follows:

 <applet code="com.example.applets.MyApplet" codebase="http://www.example.com/myapp/" archive="myapp.jar, dom4j.jar">

He will then try to make an HTTP request http://www.example.com/myapp/META-INF/services/javax.xml.parsers.SAXParserFactory

I would rather not do this, especially because my applet is signed up and this extra HTTP call triggers a warning about unsigned code .

Now the obvious solution is to just put the META-INF / services file into my JAR application, as it says, but how do I do it, but still get it to use JERX JERX for the user JRE? Alternatively, is there a way to convince the applet runtime to search only in my JAR files, and not in the codebase for this file?

Note. I know that I could also deploy my own copy of JAXP-RI, but this is pretty hard for the applet.

+4
source share
1 answer

Disable code search:

 <applet ...> <param name="codebase_lookup" value="false"> </applet>

AppletClassLoader checks the boolean property sun.applet.AppletClassLoader.codebaseLookup , which can be affected by the setting of the above parameter. The sun.applet.AppletPanel.init() method will read the parameter and set it to AppletClassLoader . After disconnecting, AppletClassLoader will no longer perform remote search for classes and resources in the code base, that is, the URL specified by codebase="http://www.example.com/myapp/" , and just look at the paths of the archives and the system class.

Note. I have not tested this myself, but according to the code review in the parsed code, I sincerely believe that it can work.

It is also documented in JavaSE - Technical Notes - Plugin Developer's Guide - Special Attributes :

codebase_lookup

When the applet class loader needs to load a class or resource (for example, configuration files for plug-in service providers in the META-INF / services directory), it first looks for the necessary files in the applet JAR files, and then from the applet. Typically, applets are deployed with all the required classes and resources stored in the applet JAR files. In this case, a code search is not needed.

If a class or resource is not available from the JAR files in the applet, it might be better to reset the class loader rather than trying to find the code. Otherwise, you must connect to the applet’s codebase to search for a class or resource, and this may affect performance during applet execution.

+11
source

More articles:


All Articles