"http://xml.org/sax/features/external-general-entities" Feature Is Not Supported (Doc ID 2254880.1)

Last updated on APRIL 13, 2017

Applies to:

Identity Manager - Version 11.1.2.3.0 to 11.1.2.3.170117 [Release 11g]
Information in this document applies to any platform.

Symptoms

You've installed OIM 11.1.2.3, and you're developing some customizations. However, you find that the http://xml.org/sax/features/external-general-entities feature that addresses Security vulnerability does not seem to be supported. The following exception is thrown:

org.xml.sax.SAXNotSupportedException: SAX feature 'http://xml.org/sax/features/external-general-entities' not supported.
at oracle.xml.parser.v2.NonValidatingParser.setFeature(NonValidatingParser.java:2268)
at oracle.xml.parser.v2.SAXParser.setFeature(SAXParser.java:282)
at weblogic.xml.jaxp.RegistryXMLReader.setFeature(RegistryXMLReader.java:424)
at weblogic.xml.jaxp.RegistryXMLReader.setFeature(RegistryXMLReader.java:424)
at com.gm.connectors.webexmeeting.message.MessageProcessor.processRequest(Unknown Source)
at com.gm.connectors.webexmeeting.message.LstsummaryUser.getUsers(Unknown Source)
at com.gm.connectors.webexmeeting.WebexMeetingCenterConnector.executeQuery(Unknown Source)
at com.gm.connectors.webexmeeting.WebexMeetingCenterConnector.executeQuery(Unknown Source)
at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:105)
at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:93)
at com.sun.proxy.$Proxy500.search(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
...

NOTE: See the following for more information on the security vulnerability:

A Vulnerability in the Java Runtime Environment XML Parsing Code May Allow URL Resources to be Accessed (Doc ID 1018967.1)



Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms