[jboss-dev] obfuscating xml/xsl jars
Scott M Stark
sstark at redhat.com
Fri Jan 4 03:30:17 EST 2008
The bundling of apache xml/xsl jars in jbossas using the jar extension
mechanism prevents web apps from overriding these. This is due to tomcat
looking to the system class loader for classes, and if found, ignoring
any web app version of the class. This is overly strict for extension
classes that can be loaded via the thread context class loader using the
jar services mechanism.
For example, the javax.xml.transform.TransformerFactory looks for a
META-INF/services/javax.xml.transform.TransformerFactory resource that
names the TransformerFactory implementation to use. A war with a
WEB-INF/lib/xalan.jar that has such a resource that points to an
alternate xalan implementation version, but still uses the same
org.apache.xalan.processor.TransformerFactoryImpl class name as used by
the jbossas endorsed lib version, will not be able to override this
because of the tomcat WebappClassLoader check against the system class
loader. A web app should be able to drop the xalan 2.7.1 jar into its
WEB-INF/lib to override the bundled 2.7.0 version for example. This does
not work currently.
We should obfuscate the apache xml/xsl endorsed jars using an org.jboss
prefix similar to how a com.sun prefix is used for the apache xml code
bundled in the sun jdk.
More information about the jboss-development
mailing list