How to disable accessExternalDTD and entityExpansi

2019-03-10 19:49发布

问题:

I'm using logback with groovy and get lots of warnings showing up when parsing xml. I am aware of the bug in JDK1.7_u45 that is causing this.

Warning:  org.apache.xerces.parsers.SAXParser: Property 'http://javax.xml.XMLConstants/property/accessExternalDTD' is not recognized.
Warning:  org.apache.xerces.parsers.SAXParser: Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized.

Is there any way to turn off this log warnings from showing up in DEBUG? I tried writing a filter using Filter, but didn't help.

回答1:

This is a known bug in the JRE that reports this as an warning. See bug reports here and here

The issue happens only when you have xerces jar in your classpath, the xerces implementation does not recognize the property and throws an exception on org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.setProperty() which results in a warning log (to System.err) from the com.sun.org.apache.xalan.internal.xsltc.compiler.Parser.parse()

The easy (if possible) solution is remove xerces jar from your classpath.

Your log filter does not work since the error is never sent to slf4j. Which kind of suggests a convoluted way of fixing the issue - redirect System.err to slf4j and then use a logging filter on it.

Sample code to reproduce the issue (based on the issue report):

import java.io.IOException;
import java.net.URL;

import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.stream.StreamSource;

public class XercesTest {
    public static void main(String[] args) throws IOException, TransformerConfigurationException {
        TransformerFactory tf = TransformerFactory.newInstance();
        URL xsl = MainClass.class.getResource("build.xsl");
        StreamSource stylesheetSource = new StreamSource(
            xsl.openStream(), xsl.toExternalForm());
        tf.newTransformer(stylesheetSource);
    }
}

build.xsl

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
    <xsl:template match="/">
        <!-- TODO: Auto-generated template -->
    </xsl:template>
</xsl:stylesheet>

And maven dependency:

<dependency>
    <groupId>xerces</groupId>
    <artifactId>xercesImpl</artifactId>
    <version>2.11.0</version>
</dependency>


回答2:

I also had this error in a project. As I understand it, newer versions of the JRE have the Xerces implementation built into it. More importantly, the JRE version properly supports the accessExternalDTD and entityExpansionLimit properties.

Because I had a downstream dependency that was including xercesImpl.jar in my war file, my solution was to just yank it using the code below in my build.gradle and let the JRE implementation of xerces take over in the class path.

warApplication {
    from '/WEB-INF/lib'
        exclude 'xercesImpl*.jar'
}