java 升级到 java7u25 后出现 XML dig sig 错误
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17331187/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
XML dig sig error after upgrade to java7u25
提问by kresok
I have a Java application for signing XML documents. After upgrading Java to the latest version (Java7u25) it stops working. I get the following error:
我有一个用于签署 XML 文档的 Java 应用程序。将 Java 升级到最新版本 (Java7u25) 后,它停止工作。我收到以下错误:
javax.xml.crypto.dsig.XMLSignatureException:
javax.xml.crypto.URIReferenceException:
com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException:
Cannot resolve element with ID ...
Reverting back to java7u21 solves the problem. Is there any change in the XML Dig Sig API that causes this error?
恢复到 java7u21 解决了这个问题。XML Dig Sig API 是否有任何更改导致此错误?
回答by Cerber
Same problem here. Seems to be a bug inside the JVM due to an evolution.
同样的问题在这里。由于进化,似乎是 JVM 内部的错误。
I've traked it down to com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment
我已经把它归结为 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment
In java 7u21 & before :
在 java 7u21 及之前:
91: // Element selectedElem = doc.getElementById(id);
92: selectedElem = IdResolver.getElementById(doc, id);
In java 7u25 :
在 java 7u25 中:
87: selectedElem = doc.getElementById(id);
//...
93: if (secureValidation) {
secureValidationrefers to java 7u25 evolution on XML Sig validation (see changelog) so they must have brokenchanged something elsewhile working on this evolution.
secureValidation指的是 XML Sig 验证上的 java 7u25 演化(请参阅更改日志),因此在进行此演化时,他们必须破坏更改了其他内容。
We've worked around this issue by providing a custom javax.xml.crypto.URIDereferencerto javax.xml.crypto.dom.DOMCryptoContext.setURIDereferencer(URIDereferencer)which is able to resolve node which are not yet in the DOM document tree (fragments in XMLObject).
我们通过提供一个自定义javax.xml.crypto.URIDereferencer来解决这个问题,该自定义javax.xml.crypto.dom.DOMCryptoContext.setURIDereferencer(URIDereferencer)能够解析尚未在 DOM 文档树中的节点(XMLObject 中的片段)。
I'm reporting this to Oracle right now, I'll update the answer with the bug id.
我现在正在向 Oracle 报告此问题,我将使用错误 ID 更新答案。
EDIT :found this in apache SVN
编辑:在apache SVN 中找到了这个
Edit 2 :Thanks to this bug reportI've understood that this was an evolution in XML "Id" attributes handling.
编辑 2:多亏了这个错误报告,我才明白这是 XML“Id”属性处理的演变。
Previous versions of java/JSR-105/SANTUARIO used to be very tolerant on "Id" attributes used in document.getElementById(...)but this new version requires an attribute that is identified as IDXML speaking. I mean that naming the attribute "Id" or "ID" is not sufficient anymore, you need to get it marked as ID, eventually by an XSD/DTD schema validation.
以前版本的 java/JSR-105/SANTUARIO 曾经对 中使用的“Id”属性非常宽容,document.getElementById(...)但这个新版本需要一个被标识为IDXML的属性。我的意思是命名属性“Id”或“ID”不再足够,您需要将其标记为 ID,最终通过 XSD/DTD 模式验证。
Unfortunalty, I'm following a schema that is not valid and therefore not parsable by Java.
不幸的是,我遵循的模式无效,因此无法被 Java 解析。
If you are in the same situation see my solution below. Otherwise, if you're XML document does have a valid schema, have a look at @sherb solution https://stackoverflow.com/a/17437919/233906
如果您处于相同的情况,请参阅下面的解决方案。否则,如果您的 XML 文档确实具有有效架构,请查看 @sherb 解决方案https://stackoverflow.com/a/17437919/233906
Solution
解决方案
Fortunately, you can tagan attribute as an ID using methods like Element.setIdAttributeNode(org.w3c.dom.Attr,boolean).
幸运的是,您可以使用类似的方法将属性标记为 ID Element.setIdAttributeNode(org.w3c.dom.Attr,boolean)。
Combining with a little XPath like descendant-or-self::*/@Idto fetch Attr"Id" nodes plus a little Java ((Element)attr.getOwnerElement()).setIdAttributeNode(attr,true)should get you out of trouble.
结合一些像descendant-or-self::*/@Id获取Attr“Id”节点的XPath加上一些 Java((Element)attr.getOwnerElement()).setIdAttributeNode(attr,true)应该会让你摆脱困境。
But be carefull :setIdAttributeXXX()is valid only for the current document & node. If you clone/adopt/importyou need to do a setIdAttributeXXX()on the new nodes of each DOM tree
但要小心:setIdAttributeXXX()仅对当前文档和节点有效。如果你clone/ adopt/import你需要做setIdAttributeXXX()的每个DOM树的新节点上
回答by sherb
I also found the responses to this question quite helpful, but my solution was a bit different. I'm working with OpenSAML 2.6.0, and assigning a schema to the DocumentBuilderFactory just before parsing the incoming document resolved the ResourceResolverException: Cannot resolve element with ID...exception by properly marking the ID attributes. Here's an example:
我也发现对这个问题的回答很有帮助,但我的解决方案有点不同。我正在使用 OpenSAML 2.6.0,并在解析传入文档之前将架构分配给 DocumentBuilderFactoryResourceResolverException: Cannot resolve element with ID...通过正确标记 ID 属性解决了异常。下面是一个例子:
InputStream in = new ByteArrayInputStream(assertion.getBytes());
SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
Schema schema = schemaFactory.newSchema(new URL("http://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd"));
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
factory.setSchema(schema);
Document document = factory.newDocumentBuilder().parse(in);
回答by Papa Thierno Diop
I had the same probleme with the code :
我对代码有同样的问题:
element.setAttributeNS(null, "Id", elementID);
FIX :specify id
修复:指定id
element.setAttributeNS(null, "Id", elementID);
Attr idAttr = element.getAttributeNode("Id");
element.setIdAttributeNode(idAttr, true);
回答by SeppSeppler
i faced the same issue and also tracked it down to the code snippets mentioned by Cerber. I'm curious whether this is a bug or a change made on purpose.
我遇到了同样的问题,并将其追溯到 Cerber 提到的代码片段。我很好奇这是一个错误还是故意进行的更改。
With the information given in this thread Java XML DOM: how are id Attributes special?i was able to get things back to work again.
使用此线程中给出的信息 Java XML DOM: how are id Attributes special? 我能够让事情重新开始工作。
In a nutshell the 'ID' attribute has to be of type 'xs:ID' (and not e.g. 'xs:string') for the Dereferencer to find it. Also note that depending on your use of a DocumentBuilderFactory the XML schema must be set.
简而言之,“ID”属性必须是“xs:ID”类型(而不是例如“xs:string”),解引用器才能找到它。另请注意,根据您对 DocumentBuilderFactory 的使用,必须设置 XML 模式。
回答by Jaime Hablutzel
If you have
如果你有
dsObjectChild.setAttribute("Id", "My-id-value");
Change it to
将其更改为
dsObjectChild.setAttribute("Id", "My-id-value");
dsObjectChild.setIdAttribute("Id", true);
It is working with java 1.7.0_45
它正在使用 java 1.7.0_45
回答by rajesh kumar
I am facing the same issue only when ID is set with random UUID [guidForSignature ="_" + UUID.randomUUID().toString();] and when there are concurrent requests triggered at run time(Java 1.8).
只有当 ID 设置为随机 UUID [ guidForSignature ="_" + UUID.randomUUID().toString();] 并且在运行时触发并发请求时(Java 1.8),我才会面临同样的问题。
I have tried setting the ID attribute like below which didn't help me. However, setting the ID attribute to constant ID value for all the requests resolved the issue.
我曾尝试设置如下所示的 ID 属性,但对我没有帮助。但是,将所有请求的 ID 属性设置为常量 ID 值解决了该问题。
Element element1= doc.getDocumentElement().setIdAttribute("ID", true);
OR
或者
Element e1 =(Element)doc.getElementsByTagName("Assertion").item(0);
e1.setIdAttribute("ID", true);
