I get an indication that it depends upon the kind of parser used by Axis, whether it picks up remotely located schemas or not (validating/non-validating parser). The question now is ..is it possible to configure Axis to use validating/non-validating parser explicitly ?? It seems that right now, (in my case), it is using non-validating..and therefore unplugging the network cable has no impact on my local webservice and it runs fine.
-----Original Message----- From: Mike Burati [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 8:13 PM To: '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]' Subject: RE: Remote DTD/Schema referencing I hate replying to my own mail messages :-) but I just ran across the reference after sending that previous message: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14105 -----Original Message----- From: Mike Burati Sent: Thursday, September 18, 2003 10:38 AM To: '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]' Subject: RE: Remote DTD/Schema referencing Automagically fetching remote entities from an incoming SOAP message is a known security issue and attack point (can't find the references I had about that at the moment). AXIS at some point introduced a DefaultEntityResolver which implements org.xml.sax.EntityResolver which basically does nothing (returns an empty InputSource), I believe to avoid this particular problem and attack point. See src\org\apache\axis\utils\DefaultEntityResolver.java and XmlUtils.java -----Original Message----- From: Yuvraj Waswani [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 1:57 AM To: '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]' Subject: RE: Remote DTD/Schema referencing I UNPLUGGED the network cable and made a 'localhost' web service call (web service also on my own machine) ...and it ran fine ! Doesnt that conclude that Axis server or client DOES NOT try to refer/fetch the DTD / Schema referenced by the URL/URI namespace? Glen, please answer that question in the context of only soap requests and responses for webservices, not for requesting wsdl or anything else. I just made a w/s call without network connectivity and it ran fine. Thanks. -----Original Message----- From: Dimuthu Leelarathne [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 10:29 AM To: [EMAIL PROTECTED] Subject: RE: Remote DTD/Schema referencing Thanx Glen for pointing that out. I was under a wrong impression. > Hi Dimuthu, all: > >> > Does anybody know if Axis performs 'Remote DTD/Schema referencing' ? >> Does it fetch all the XML schemas/DTD posted in a >> particular HTTP soap >> > request message? >> > >> No axis doesn't support romote XML schemas/DTD referecing >> yet. But if you >> want reference a schema you can include it in the wsdl of the >> web service. > > Actually it does (for schemas, not DTDs) - see test/wsdl/import* for > examples. > > --Glen
