CODEWITHSUNDEEP
xmlproxywso2-esb
Phani
Phani

Reputation: 5427

Proxy Service with DTD

I have created a proxy service to receive the XML from the web. Works fine for the XML with XSD but fails when have DOCTYPE declaration with DTD. I have added the parameter 'ApplicationXMLBuilder.allowDTD' but still see the errors. Any ideas?

Proxy Config:

<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
   name="cx.soa.poxRouter"
   transports="https,http"
   statistics="disable"
   trace="disable"
   startOnLoad="true">
  <target>
  <inSequence>
     <router>
        <route xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
               expression="local-name(/env:Body/*)"
               match="Invoice">
           <target to="" soapAction="urn:process">
              <sequence>
                 <class name="cx.wso2.mediators.addNamespace">
                    <property name="nsToAdd" value="http://xmlns.ingram.com/invoice"/>
                 </class>
                 <log level="full"/>
                 <send>
                    <endpoint key="invoice.incoming.ingram.cxtec.prd.endpoint"/>
                 </send>
              </sequence>
           </target>
        </route>
        <route expression="true()">
           <target to="" soapAction="">
              <sequence>
                 <makefault version="soap11">
                    <code xmlns:soap11Env="http://schemas.xmlsoap.org/soap/envelope/"
                          value="soap11Env:Server"/>
                    <reason value="Message Not Understood"/>
                    <role/>
                 </makefault>
                 <property name="RESPONSE" value="true"/>
                 <send/>
              </sequence>
           </target>
        </route>
     </router>
  </inSequence>
</target>
<parameter name="ApplicationXMLBuilder.allowDTD">true</parameter>
<parameter name="transport.vfs.ContentType">application/xml</parameter>
<parameter name="serviceType">proxy</parameter>
<description/>
</proxy>

Sample Request XML:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cXML SYSTEM "http://xml.cxml.org/schemas/cXML/1.2.025/cXML.dtd">
<cXML payloadID="[email protected]"
timestamp="2015-04-24T05:50:33-07:00" version="1.2.025" xml:lang="en-US">
  <Header>      
  </Header>
  <Request deploymentMode="test">
  </Request>
</cXML>

Error log:

TID: [0] [ESB] [2015-04-24 09:18:31,100] ERROR {org.apache.synapse.transport.passthru.util.RelayUtils} -  Error while building Passthrough stream {org.apache.synapse.transport.passthru.util.RelayUtils}
org.apache.axiom.om.OMException: javax.xml.stream.XMLStreamException: DOCTYPE is not allowed
    at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:296)
    at org.apache.axiom.om.impl.llom.OMDocumentImpl.getOMDocumentElement(OMDocumentImpl.java:109)
    at org.apache.axiom.om.impl.builder.StAXOMBuilder.getDocumentElement(StAXOMBuilder.java:570)
    at org.apache.axiom.om.impl.builder.StAXOMBuilder.getDocumentElement(StAXOMBuilder.java:566)
    at org.apache.axis2.builder.ApplicationXMLBuilder.processDocument(ApplicationXMLBuilder.java:81)
    at org.apache.synapse.transport.passthru.util.DeferredMessageBuilder.getDocument(DeferredMessageBuilder.java:118)
    at org.apache.synapse.transport.passthru.util.RelayUtils.builldMessage(RelayUtils.java:116)
    at org.apache.synapse.transport.passthru.util.RelayUtils.buildMessage(RelayUtils.java:91)
    at org.apache.synapse.transport.passthru.util.TraceMessageBuilderDispatchHandler.build(TraceMessageBuilderDispatchHandler.java:73)
    at org.apache.synapse.transport.passthru.util.TraceMessageBuilderDispatchHandler.invoke(TraceMessageBuilderDispatchHandler.java:64)
    at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
    at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
    at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)

Upvotes: 1

Views: 838

Answers (1)

Phani
Phani

Reputation: 5427

After discussion with Production support of WSO2 ESB team, following are the list of options to make it work:

1. Enable DTD processing globally

If you are using message tracer, then you will have to enable the the DTD processing globally. Enable DTD processing globally by adding the following property to 'ESB_HOME/repository/conf/axis2/axis2.xml'.

<parameter name="ApplicationXMLBuilder.allowDTD">true</parameter>

There is a security concern regarding enabling DTD processing in Apache Axis. DTD Security Concerns

2. Disable message tracing

In a production environment, It's not recommend to enable the message tracing as it adds significant performance overhead. If we disable tracing, then the above issue wouldn't occur in the first place.

In our case, we had to enable Message Tracing for other reasons, so following the case (1) resolved the issue.

Upvotes: 1

Related Questions