000027936 - KB-1515 Validating access to java.sun.com, required for ITIM Handler XML parsing

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000027936
Applies ToAffected Versions: 4.X
IssueAfter sucessfully installing the ITIM Agent for use with ACM, the ITIM Handler needs to parse XML properties. In order for it to parse the XML properties it has to reference: http://java.sun.com/dtd/properties.dtd
Resolution

 


 


One method to confirm that the configuration can sucessfully connect to the java website for that parsing to suceed, is as follows, understanding that the ITIM node in this case is java.sun.com.


 


Ensuring Access to java site:


 


Note for this test and the ITIM config to work, you must ensure access to http://java.sun.com/dtd/properties.dtd


 


 


On the appliance


 


1 Add an entry to /etc/hosts, that references the java.sun.com site, for local loopback.


127.0.0.2 java.sun.com


 


2. Deploy the /dtd/properties.dtd on the jboss server. Do this by browsing (from another system that has internet access) to


http://java.sun.com/dtd/properties.dtd and get the contents of properties.dtd. Save it to a file named properties.dtd. Create a dtd folder off the web server root and copy the properties.dtd file there.


 


 


3. Make sure port 80 and 8445 are open in the firewall


 


 


 


 


Testing ability to parse required xml:


 


Once this is done, do the following:


 


1. Run this command:


 


telnet java.sun.com 80
Trying 127.0.0.2...
Connected to java.sun.com (127.0.0.2).
Escape character is '^]'.


 


2. Then input these lines:


GET /dtd/properties.dtd HTTP/1.1


host: java.sun.com


<line feed>


 


The expected output would be the contents of the properties.dtd, and this is returned:


 


<!--
Copyright 2006 Sun Microsystems, Inc. All rights reserved.
-->


<!-- DTD for properties -->


<!ELEMENT properties ( comment?, entry* ) >


<!ATTLIST properties version CDATA #FIXED "1.0">


<!ELEMENT comment (#PCDATA) >


<!ELEMENT entry (#PCDATA) >


<!ATTLIST entry key CDATA #REQUIRED>


 


 


 


As an example with a system that can almost ALWAYS be accessed, test this method by accessing Google.


This should return the Google index.html page:


 


telnet www.google.com 80


Trying 74.125.115.147...
Connected to
www.google.com (74.125.115.147).
Escape character is '^]'.


GET /index.html HTTP/1.1
host:
www.google.com


 


HTTP/1.1 200 OK
Date: Thu, 07 Jul 2011 15:56:08 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=adb1e7693860de6a:FF=0:TM=1310054168:LM=1310054168:S=svB1GZ3k_ODU4oLV; expires=Sat, 06-Jul-2013 15:56:08 GMT; path=/; domain=.google.com
Set-Cookie: NID=48=gugoEOKST-1KdC8zVcrn5Xv3Be1Hnv5FzUFcBV7TezlLMQ57wDvkJOgvIHeaCUVsONZjoH82CSoaKRFBmHprZaf_MMjcO_pLPHWt6IMRdmBQBvULCOk8wAHuWheH-FZ2; expires=Fri, 06-Jan-2012 15:56:08 GMT; path=/; domain=.google.com; HttpOnly
Server: gws
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked


1000
<!doctype html><html><head><meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"><meta name="description" content="Search the world&#39;s information,


 


...


...


...


 


 


 


Note that work is currently underway to remove the handler's dependency on the access to http://java.sun.com/dtd/properties.dtd, however until this is implemented in the product, this access is required.

Attachments

    Outcomes