使用 DTD 的代理服务
Proxy Service with DTD
我已经创建了一个代理服务来接收来自网络的 XML。对于 XML 和 XSD 可以正常工作,但是当 DOCTYPE 声明和 DTD[= 时失败28=]。我添加了参数 'ApplicationXMLBuilder.allowDTD' 但仍然看到错误。有什么想法吗?
代理配置:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="cx.soa.poxRouter"
transports="https,http"
statistics="disable"
trace="disable"
startOnLoad="true">
<target>
<inSequence>
<router>
<route xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
expression="local-name(/env:Body/*)"
match="Invoice">
<target to="" soapAction="urn:process">
<sequence>
<class name="cx.wso2.mediators.addNamespace">
<property name="nsToAdd" value="http://xmlns.ingram.com/invoice"/>
</class>
<log level="full"/>
<send>
<endpoint key="invoice.incoming.ingram.cxtec.prd.endpoint"/>
</send>
</sequence>
</target>
</route>
<route expression="true()">
<target to="" soapAction="">
<sequence>
<makefault version="soap11">
<code xmlns:soap11Env="http://schemas.xmlsoap.org/soap/envelope/"
value="soap11Env:Server"/>
<reason value="Message Not Understood"/>
<role/>
</makefault>
<property name="RESPONSE" value="true"/>
<send/>
</sequence>
</target>
</route>
</router>
</inSequence>
</target>
<parameter name="ApplicationXMLBuilder.allowDTD">true</parameter>
<parameter name="transport.vfs.ContentType">application/xml</parameter>
<parameter name="serviceType">proxy</parameter>
<description/>
</proxy>
样品请求XML:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cXML SYSTEM "http://xml.cxml.org/schemas/cXML/1.2.025/cXML.dtd">
<cXML payloadID="1429879833205-3629664823566250562@216.109.111.63"
timestamp="2015-04-24T05:50:33-07:00" version="1.2.025" xml:lang="en-US">
<Header>
</Header>
<Request deploymentMode="test">
</Request>
</cXML>
错误日志:
TID: [0] [ESB] [2015-04-24 09:18:31,100] ERROR {org.apache.synapse.transport.passthru.util.RelayUtils} - Error while building Passthrough stream {org.apache.synapse.transport.passthru.util.RelayUtils}
org.apache.axiom.om.OMException: javax.xml.stream.XMLStreamException: DOCTYPE is not allowed
at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:296)
at org.apache.axiom.om.impl.llom.OMDocumentImpl.getOMDocumentElement(OMDocumentImpl.java:109)
at org.apache.axiom.om.impl.builder.StAXOMBuilder.getDocumentElement(StAXOMBuilder.java:570)
at org.apache.axiom.om.impl.builder.StAXOMBuilder.getDocumentElement(StAXOMBuilder.java:566)
at org.apache.axis2.builder.ApplicationXMLBuilder.processDocument(ApplicationXMLBuilder.java:81)
at org.apache.synapse.transport.passthru.util.DeferredMessageBuilder.getDocument(DeferredMessageBuilder.java:118)
at org.apache.synapse.transport.passthru.util.RelayUtils.builldMessage(RelayUtils.java:116)
at org.apache.synapse.transport.passthru.util.RelayUtils.buildMessage(RelayUtils.java:91)
at org.apache.synapse.transport.passthru.util.TraceMessageBuilderDispatchHandler.build(TraceMessageBuilderDispatchHandler.java:73)
at org.apache.synapse.transport.passthru.util.TraceMessageBuilderDispatchHandler.invoke(TraceMessageBuilderDispatchHandler.java:64)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
在与 WSO2 ESB 团队的 生产支持 讨论后,以下是使其工作的选项列表:
1. Enable DTD processing globally
如果您正在使用消息跟踪器,那么您将必须全局启用 DTD 处理。通过将以下 属性 添加到 'ESB_HOME/repository/conf/axis2/axis2.xml'.
来全局启用 DTD 处理
<parameter name="ApplicationXMLBuilder.allowDTD">true</parameter>
在 Apache Axis 中启用 DTD 处理存在安全问题。 DTD Security Concerns
2. Disable message tracing
在生产环境中,不建议启用消息跟踪,因为它会增加显着的性能开销。如果我们禁用跟踪,那么首先就不会出现上述问题。
在我们的案例中,出于其他原因,我们不得不启用消息跟踪,因此按照案例 (1) 解决了问题。
我已经创建了一个代理服务来接收来自网络的 XML。对于 XML 和 XSD 可以正常工作,但是当 DOCTYPE 声明和 DTD[= 时失败28=]。我添加了参数 'ApplicationXMLBuilder.allowDTD' 但仍然看到错误。有什么想法吗?
代理配置:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="cx.soa.poxRouter"
transports="https,http"
statistics="disable"
trace="disable"
startOnLoad="true">
<target>
<inSequence>
<router>
<route xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
expression="local-name(/env:Body/*)"
match="Invoice">
<target to="" soapAction="urn:process">
<sequence>
<class name="cx.wso2.mediators.addNamespace">
<property name="nsToAdd" value="http://xmlns.ingram.com/invoice"/>
</class>
<log level="full"/>
<send>
<endpoint key="invoice.incoming.ingram.cxtec.prd.endpoint"/>
</send>
</sequence>
</target>
</route>
<route expression="true()">
<target to="" soapAction="">
<sequence>
<makefault version="soap11">
<code xmlns:soap11Env="http://schemas.xmlsoap.org/soap/envelope/"
value="soap11Env:Server"/>
<reason value="Message Not Understood"/>
<role/>
</makefault>
<property name="RESPONSE" value="true"/>
<send/>
</sequence>
</target>
</route>
</router>
</inSequence>
</target>
<parameter name="ApplicationXMLBuilder.allowDTD">true</parameter>
<parameter name="transport.vfs.ContentType">application/xml</parameter>
<parameter name="serviceType">proxy</parameter>
<description/>
</proxy>
样品请求XML:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cXML SYSTEM "http://xml.cxml.org/schemas/cXML/1.2.025/cXML.dtd">
<cXML payloadID="1429879833205-3629664823566250562@216.109.111.63"
timestamp="2015-04-24T05:50:33-07:00" version="1.2.025" xml:lang="en-US">
<Header>
</Header>
<Request deploymentMode="test">
</Request>
</cXML>
错误日志:
TID: [0] [ESB] [2015-04-24 09:18:31,100] ERROR {org.apache.synapse.transport.passthru.util.RelayUtils} - Error while building Passthrough stream {org.apache.synapse.transport.passthru.util.RelayUtils}
org.apache.axiom.om.OMException: javax.xml.stream.XMLStreamException: DOCTYPE is not allowed
at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:296)
at org.apache.axiom.om.impl.llom.OMDocumentImpl.getOMDocumentElement(OMDocumentImpl.java:109)
at org.apache.axiom.om.impl.builder.StAXOMBuilder.getDocumentElement(StAXOMBuilder.java:570)
at org.apache.axiom.om.impl.builder.StAXOMBuilder.getDocumentElement(StAXOMBuilder.java:566)
at org.apache.axis2.builder.ApplicationXMLBuilder.processDocument(ApplicationXMLBuilder.java:81)
at org.apache.synapse.transport.passthru.util.DeferredMessageBuilder.getDocument(DeferredMessageBuilder.java:118)
at org.apache.synapse.transport.passthru.util.RelayUtils.builldMessage(RelayUtils.java:116)
at org.apache.synapse.transport.passthru.util.RelayUtils.buildMessage(RelayUtils.java:91)
at org.apache.synapse.transport.passthru.util.TraceMessageBuilderDispatchHandler.build(TraceMessageBuilderDispatchHandler.java:73)
at org.apache.synapse.transport.passthru.util.TraceMessageBuilderDispatchHandler.invoke(TraceMessageBuilderDispatchHandler.java:64)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
在与 WSO2 ESB 团队的 生产支持 讨论后,以下是使其工作的选项列表:
1. Enable DTD processing globally
如果您正在使用消息跟踪器,那么您将必须全局启用 DTD 处理。通过将以下 属性 添加到 'ESB_HOME/repository/conf/axis2/axis2.xml'.
来全局启用 DTD 处理<parameter name="ApplicationXMLBuilder.allowDTD">true</parameter>
在 Apache Axis 中启用 DTD 处理存在安全问题。 DTD Security Concerns
2. Disable message tracing
在生产环境中,不建议启用消息跟踪,因为它会增加显着的性能开销。如果我们禁用跟踪,那么首先就不会出现上述问题。
在我们的案例中,出于其他原因,我们不得不启用消息跟踪,因此按照案例 (1) 解决了问题。