0

I've created a program in java that starts as JNLP (Java WebStart). This program can connect to a webdav service at the server, the JNLP was started from.

The first webdav request results in a security warning that some code tries to open a connection to w3.org. I'm using a external webdav client library which creates a document internaly. The library should not be manipulated or replaced.

Is there any possibility to prevent the download of the DTD from outside of the library?

Thank.

André
  • 2,313
  • 2
  • 25
  • 29
  • You can override the entity resolver. See http://stackoverflow.com/questions/155101/make-documentbuilder-parse-ignore-dtd-references – Julian Reschke Oct 18 '12 at 14:25
  • No chance to change the required instance. Do not have access to the code that loads the xml. – André Oct 19 '12 at 11:35

2 Answers2

0

The only solution was to sign the external jar file and grant the required permission for downloading the dtd file.

André
  • 2,313
  • 2
  • 25
  • 29
0

It depends on the nature of the library. You can probably either disable DTD validation via a call somewhere into the library, or download the DTD it wants manually and place it on your machine somewhere for it to find.

Walter Mundt
  • 24,753
  • 5
  • 53
  • 61
  • Unfortunately there is now possiblity to disable dtd validation via a call. Where is the place I can put the DTD localy so that the SAX XML parser will use them instead of requesting the remote one? – André Jun 25 '10 at 06:15