JBoss.org now redirecting from http to https
Updated -
What is changing
Requests to http://www.jboss.org will be redirected to https://www.jboss.org
Why the change
For security reasons, the http will be redirected to the secure https to prevent any 'man in the middle' issues where the wrong dtd/schema could be used.
Concerns with older frameworks
Some older frameworks and JBoss components may be enabling schema / dtd validation when parsing xmls, and if the xml references one of these via http, then they will be redirected to https, which Apache Xerces will not handle successfully.
http://www.jboss.org/schema/jbossas/
http://www.jboss.org/dtd/jbossas/
Xmls should be updated to reference the https URL, such as:
https://www.jboss.org/schema/jbossas/
https://www.jboss.org/dtd/jbossas/
Updating XSD Schema Example
Change xsi:schemaLocation xsd url from http to https, for example in an old Seam framework if your application has a pageflow.jpdl.xml packaged in the application and it has the schema reference http://jboss.org/schema/seam/pageflow-2.3.xsd it should be changed to https://www.jboss.org/schema/seam/pageflow-2.3.xsd. So any xml packaged in the application that lists http://wwww.jboss.org or http://jboss.org in the xsi:schemaLocation should be changed to https
From:
<pageflow-definition
xmlns="http://jboss.org/schema/seam/pageflow"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://jboss.org/schema/seam/pageflow
http://jboss.org/schema/seam/pageflow-2.3.xsd"
name="pageflow3.jpdl.xml">
To:
<pageflow-definition
xmlns="http://jboss.org/schema/seam/pageflow"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://jboss.org/schema/seam/pageflow
https://www.jboss.org/schema/seam/pageflow-2.3.xsd"
name="pageflow3.jpdl.xml">
Updating DTD Example
Change from:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE jboss-app
PUBLIC "-//JBoss//DTD J2EE Application 1.4//EN"
"http://www.jboss.org/j2ee/dtd/jboss-app_4_0.dtd"
>
<jboss-app>
...
To
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE jboss-app
PUBLIC "-//JBoss//DTD J2EE Application 1.4//EN"
"https://www.jboss.org/j2ee/dtd/jboss-app_4_0.dtd"
>
<jboss-app>
...
What will happen if an old framework is using http for schemas after the redirect is enabled?
The xml parsing can fail with an exception such as:
Caused by: org.xml.sax.SAXParseException; Premature end of file.
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:196)
at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:175)
at org.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:394)
at org.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:322)
at org.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:281)
at org.apache.xerces.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:203)
at org.apache.xerces.impl.xs.opti.SchemaParsingConfig.parse(SchemaParsingConfig.java:551)
at org.apache.xerces.impl.xs.opti.SchemaParsingConfig.parse(SchemaParsingConfig.java:654)
at org.apache.xerces.impl.xs.opti.SchemaDOMParser.parse(SchemaDOMParser.java:523)
at org.apache.xerces.impl.xs.traversers.XSDHandler.getSchemaDocument(XSDHandler.java:1800)
at org.apache.xerces.impl.xs.traversers.XSDHandler.parseSchema(XSDHandler.java:521)
at org.apache.xerces.impl.xs.XMLSchemaLoader.loadSchema(XMLSchemaLoader.java:554)
at org.apache.xerces.impl.xs.XMLSchemaValidator.findSchemaGrammar(XMLSchemaValidator.java:2526)
at org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(XMLSchemaValidator.java:1813)
at org.apache.xerces.impl.xs.XMLSchemaValidator.startElement(XMLSchemaValidator.java:724)
at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:283)
at org.apache.xerces.impl.XMLNSDocumentScannerImpl$NSContentDispatcher.scanRootElementHook(XMLNSDocumentScannerImpl.java:733)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1754)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:324)
at org.apache.xerces.parsers.XML11Configuration.parse(XML11Configuration.java:845)
at org.apache.xerces.parsers.XML11Configuration.parse(XML11Configuration.java:768)
at org.apache.xerces.parsers.XMLParser.parse(XMLParser.java:108)
at org.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1196)
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:555)
at org.apache.xerces.jaxp.SAXParserImpl.parse(SAXParserImpl.java:289)
at org.jboss.as.weld.deployment.BeansXmlParser.parse(BeansXmlParser.java:95)
... 8 more
Caused by: java.lang.RuntimeException: org.dom4j.DocumentException: Error on line 1 of document http://jboss.com/index.html : The markup declarations contained or pointed to by the document type declaration must be well-formed. Nested exception: The markup declarations contained or pointed to by the document type declaration must be well-formed.
at org.jboss.seam.navigation.Pages.getDocumentRoot(Pages.java:971)
at org.jboss.seam.navigation.Pages.parse(Pages.java:929)
at org.jboss.seam.navigation.Pages.initialize(Pages.java:110)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.jboss.seam.util.Reflections.invoke(Reflections.java:21)
at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:125)
at org.jboss.seam.Component.callComponentMethod(Component.java:2092)
Comments