Is it safe to point to Internet for locating struts DTD files in struts TLDs and XML files?

Discussion in 'Java' started by Katie Wright, Jul 17, 2003.

  1. Katie Wright

    Katie Wright Guest

    Hello,

    I hope that this will be an easy question. I apologize if this is not
    the right forum for this question. I could not find a more
    appropriate newsgroup. Maybe someone can direct me to one?

    In the TLD and XML files used to configure and setup the struts
    framework, at the header is this:

    <!DOCTYPE struts-config PUBLIC
    "-//Apache Software Foundation//DTD Struts Configuration 1.1//EN"
    "http://jakarta.apache.org/struts/dtds/struts-config_1_1.dtd" [

    Which essentially means for this file to go out into the Internet,
    locate and use the DTD file. Most people have this reference and do
    this. Is this safe?
    Will Jakarta ever remove or move this file?

    I realize that you could copy the file locally on your system and then
    change your references to point to this file but I don't want to do
    this because then my understanding is that I would have to put
    absolute file pathing information to locate the file and this is
    undesired for my application.

    Is there a way in which struts XML and TLD files can see DTD files
    that exist in a WAR?

    Thanks for reading,

    Katie Wright
    Katie Wright, Jul 17, 2003
    #1
    1. Advertising

  2. "Katie Wright" <> wrote in message
    news:...
    > Hello,
    >
    > I hope that this will be an easy question. I apologize if this is not
    > the right forum for this question. I could not find a more
    > appropriate newsgroup. Maybe someone can direct me to one?
    >
    > In the TLD and XML files used to configure and setup the struts
    > framework, at the header is this:
    >
    > <!DOCTYPE struts-config PUBLIC
    > "-//Apache Software Foundation//DTD Struts Configuration 1.1//EN"
    > "http://jakarta.apache.org/struts/dtds/struts-config_1_1.dtd" [
    >
    > Which essentially means for this file to go out into the Internet,
    > locate and use the DTD file. Most people have this reference and do
    > this. Is this safe?
    > Will Jakarta ever remove or move this file?


    That's unlikely; too many people depend upon it. Of course there's no
    guarantee that their web site will be up 24/7.

    On the other hand, validation is expensive. I would guess that at run-time
    a non-validating parser is used to parse these files. If so, the DOCTYPE
    declaration is ignored.
    Mike Schilling, Jul 17, 2003
    #2
    1. Advertising

  3. Katie Wright

    Adam Maass Guest

    "Katie Wright" <> wrote:
    > Hello,
    >
    > I hope that this will be an easy question. I apologize if this is not
    > the right forum for this question. I could not find a more
    > appropriate newsgroup. Maybe someone can direct me to one?
    >
    > In the TLD and XML files used to configure and setup the struts
    > framework, at the header is this:
    >
    > <!DOCTYPE struts-config PUBLIC
    > "-//Apache Software Foundation//DTD Struts Configuration 1.1//EN"
    > "http://jakarta.apache.org/struts/dtds/struts-config_1_1.dtd" [
    >
    > Which essentially means for this file to go out into the Internet,
    > locate and use the DTD file. Most people have this reference and do
    > this. Is this safe?
    > Will Jakarta ever remove or move this file?
    >
    > I realize that you could copy the file locally on your system and then
    > change your references to point to this file but I don't want to do
    > this because then my understanding is that I would have to put
    > absolute file pathing information to locate the file and this is
    > undesired for my application.
    >
    > Is there a way in which struts XML and TLD files can see DTD files
    > that exist in a WAR?
    >
    > Thanks for reading,
    >


    My solution has been to grab the DTD and then set an EntityResolver on the
    parser to give the local copy when this request is encountered. That way,
    you don't have to modify your XML files, but you remove the uncertainty
    involved in retrieving a DTD from over the Internet. It's relatively
    straightforward to do once you figure out that that's what needs to be done.

    It is unlikely that Apache will move the DTD, but the site may not be up (or
    accessible) at all times when you need it. Additionally, there is no
    guarantee that Apache won't change the DTD on you. Better to have something
    under configuration control so you know exactly what's going on.

    My 2 cents. YMMV.

    -- Adam Maass
    Adam Maass, Jul 17, 2003
    #3
  4. Katie Wright

    Wendy S Guest

    > "Katie Wright" <> wrote:
    > > In the TLD and XML files used to configure and setup the struts
    > > framework, at the header is this:
    > > <!DOCTYPE struts-config PUBLIC
    > > "-//Apache Software Foundation//DTD Struts Configuration 1.1//EN"
    > > "http://jakarta.apache.org/struts/dtds/struts-config_1_1.dtd" [
    > > Which essentially means for this file to go out into the Internet,
    > > locate and use the DTD file.
    > > Is there a way in which struts XML and TLD files can see DTD files
    > > that exist in a WAR?


    Craig McClanahan has posted on this topic, it's a common misconception that
    the public identifier is really a URL.
    The DTD's are included in struts.jar and will be found there.

    http://www.mail-archive.com//msg65929.html

    --
    Wendy in Chandler, AZ
    Wendy S, Jul 17, 2003
    #4
  5. Katie Wright

    Katie Wright Guest

    Interesting ...

    I do agree that it is better to have something under my control. I
    did make copies of the DLD file but hesistate to make my application
    read my copies if I have to put absolute pathing (choosing the lesser
    of two evils) and cannot read the dld from either a jar or war.

    I visited the website referenced here and it said this "(Struts uses
    these internal copies when parsing, so that it works when you're
    disconnected from the Internet)."

    Do I have to do something in order to make it see the internal copy if
    disconnected from the Internet? This is similar to what I would like
    to do.

    I do think that the URL is an external URL and know for a fact that it
    will not work on my application when disconnected from the Internet
    because our network router went down one day and this the application
    would not deploy the ear which is what brought about me investigating
    this problem in the first place.

    Thank you for all your help,

    Katie Wright

    "Wendy S" <> wrote in message news:<bf6r06$bgs$>...
    > > "Katie Wright" <> wrote:
    > > > In the TLD and XML files used to configure and setup the struts
    > > > framework, at the header is this:
    > > > <!DOCTYPE struts-config PUBLIC
    > > > "-//Apache Software Foundation//DTD Struts Configuration 1.1//EN"
    > > > "http://jakarta.apache.org/struts/dtds/struts-config_1_1.dtd" [
    > > > Which essentially means for this file to go out into the Internet,
    > > > locate and use the DTD file.
    > > > Is there a way in which struts XML and TLD files can see DTD files
    > > > that exist in a WAR?

    >
    > Craig McClanahan has posted on this topic, it's a common misconception that
    > the public identifier is really a URL.
    > The DTD's are included in struts.jar and will be found there.
    >
    > http://www.mail-archive.com//msg65929.html
    Katie Wright, Jul 22, 2003
    #5
  6. Katie Wright

    derrick Guest

    Re: Is it safe to point to Internet for locating struts DTD files in struts TLDs and XML files?

    Wendy and/or Craig, if the public identifier is not a url and the dtd's
    in struts.jar are used then how come if one changes the http url to
    something that does not exist (to simulate no connection) then the
    struts-config.xml file can not be found and the app fails? Thank you in
    advance!


    Wendy S wrote:
    > > "Katie Wright" <> wrote:
    > > > In the TLD and XML files used to configure and setup the struts
    > > > framework, at the header is this:
    > > > <!DOCTYPE struts-config PUBLIC
    > > > "-//Apache Software Foundation//DTD Struts Configuration

    1.1//EN"
    > > > "http://jakarta.apache.org/struts/dtds/struts-config_1_1.dtd"

    [
    > > > Which essentially means for this file to go out into the

    Internet,
    > > > locate and use the DTD file.
    > > > Is there a way in which struts XML and TLD files can see DTD

    files
    > > > that exist in a WAR?

    >
    > Craig McClanahan has posted on this topic, it's a common

    misconception that
    > the public identifier is really a URL.
    > The DTD's are included in struts.jar and will be found there.
    >
    >

    http://www.mail-archive.com//msg65929.html
    >
    > --
    > Wendy in Chandler, AZ
    derrick, Jan 6, 2005
    #6
  7. Katie Wright

    Wendy S Guest

    Re: Is it safe to point to Internet for locating struts DTD files in struts TLDs and XML files?

    "derrick" <> wrote:
    > if the public identifier is not a url and the dtd's
    > in struts.jar are used then how come if one changes the http url to
    > something that does not exist (to simulate no connection) then the
    > struts-config.xml file can not be found and the app fails?


    First, I don't believe that changing the text is a correct way to simulate
    working offline.

    What is the exact error message you're getting?

    I think that url you changed is part of what the system uses to locate the
    dtd (which exists inside struts.jar). You told it to validate
    struts-config.xml, it can't find the dtd (because you messed up the
    identifier) and so it fails.

    The struts-config dtd buried inside struts.jar says this:

    <!--
    DTD for the Struts Application Configuration File, Version 1.1

    To support validation of your configuration file, include the following
    DOCTYPE element at the beginning (after the "xml" declaration):

    <!DOCTYPE struts-config PUBLIC
    "-//Apache Software Foundation//DTD Struts Configuration 1.1//EN"
    "http://jakarta.apache.org/struts/dtds/struts-config_1_1.dtd">

    $Id: struts-config_1_1.dtd 51429 2004-02-17 05:51:48Z martinc $
    -->

    So, unless you put *exactly* that <!DOCTYPE...> block in your
    struts-config.xml file, I'd expect exactly the result you got.

    --
    Wendy S
    Wendy S, Jan 7, 2005
    #7
  8. Katie Wright

    derrick Guest

    Re: Is it safe to point to Internet for locating struts DTD files in struts TLDs and XML files?

    Thanks for you time Wendy for making this so clear to me. You make
    perfect sense. I agree my test was flimsy, but I couldn't easily
    reproduce the connection/site/page being unvailable.

    Wendy S wrote:
    > "derrick" <> wrote:
    > > if the public identifier is not a url and the dtd's
    > > in struts.jar are used then how come if one changes the http url to
    > > something that does not exist (to simulate no connection) then the
    > > struts-config.xml file can not be found and the app fails?

    >
    > First, I don't believe that changing the text is a correct way to

    simulate
    > working offline.
    >
    > What is the exact error message you're getting?
    >
    > I think that url you changed is part of what the system uses to

    locate the
    > dtd (which exists inside struts.jar). You told it to validate
    > struts-config.xml, it can't find the dtd (because you messed up the
    > identifier) and so it fails.
    >
    > The struts-config dtd buried inside struts.jar says this:
    >
    > <!--
    > DTD for the Struts Application Configuration File, Version 1.1
    >
    > To support validation of your configuration file, include the

    following
    > DOCTYPE element at the beginning (after the "xml" declaration):
    >
    > <!DOCTYPE struts-config PUBLIC
    > "-//Apache Software Foundation//DTD Struts Configuration

    1.1//EN"
    > "http://jakarta.apache.org/struts/dtds/struts-config_1_1.dtd">
    >
    > $Id: struts-config_1_1.dtd 51429 2004-02-17 05:51:48Z martinc $
    > -->
    >
    > So, unless you put *exactly* that <!DOCTYPE...> block in your
    > struts-config.xml file, I'd expect exactly the result you got.
    >
    > --
    > Wendy S
    derrick, Jan 7, 2005
    #8
  9. Re: Is it safe to point to Internet for locating struts DTD filesin struts TLDs and XML files?

    This is interesting. Is there a standard way to look for a DTD in a jar
    file, or is it just struts?
    Most of the times using a regular URL works, but the best solution for
    me is to copy the DTDs locally.


    Wendy S wrote:
    > "derrick" <> wrote:
    >
    >>if the public identifier is not a url and the dtd's
    >>in struts.jar are used then how come if one changes the http url to
    >>something that does not exist (to simulate no connection) then the
    >>struts-config.xml file can not be found and the app fails?

    >
    >
    > First, I don't believe that changing the text is a correct way to simulate
    > working offline.
    >
    > What is the exact error message you're getting?
    >
    > I think that url you changed is part of what the system uses to locate the
    > dtd (which exists inside struts.jar). You told it to validate
    > struts-config.xml, it can't find the dtd (because you messed up the
    > identifier) and so it fails.
    >
    > The struts-config dtd buried inside struts.jar says this:
    >
    > <!--
    > DTD for the Struts Application Configuration File, Version 1.1
    >
    > To support validation of your configuration file, include the following
    > DOCTYPE element at the beginning (after the "xml" declaration):
    >
    > <!DOCTYPE struts-config PUBLIC
    > "-//Apache Software Foundation//DTD Struts Configuration 1.1//EN"
    > "http://jakarta.apache.org/struts/dtds/struts-config_1_1.dtd">
    >
    > $Id: struts-config_1_1.dtd 51429 2004-02-17 05:51:48Z martinc $
    > -->
    >
    > So, unless you put *exactly* that <!DOCTYPE...> block in your
    > struts-config.xml file, I'd expect exactly the result you got.
    >
    Andrea Desole, Jan 7, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Joseph Tilian
    Replies:
    0
    Views:
    349
    Joseph Tilian
    Dec 21, 2004
  2. test
    Replies:
    2
    Views:
    2,015
    Oliver Wong
    Jul 28, 2006
  3. Replies:
    0
    Views:
    1,813
  4. Roedy Green

    new TLDs and extended domain names.

    Roedy Green, Jun 26, 2008, in forum: Java
    Replies:
    26
    Views:
    826
    Arne Vajhøj
    Jul 21, 2008
  5. Saraswati lakki
    Replies:
    0
    Views:
    1,321
    Saraswati lakki
    Jan 6, 2012
Loading...

Share This Page