Aws-sdk-java: "Unable to configure DocumentBuilderFactory to protect against XXE attacks", 1.1.709+

Hi @fivesixzero can you tell me what JVM version you're using? This is intended to be best effort atm because issues like that where the actual DocumentBuilderFactory implementation may not accept the configuration. Are you still able to successfully call the receiveMessages API even when this warning is logged?

~It does look like we’re receiving messages, yep.~ For now I’ve only run it in a limited test environment though. I haven’t opened the flood gates for more comprehensive message receipt and handling tasks yet with newer AWS SDK versions, pending a better understanding of this exception.

Current JVM in use is Oracle 1.8.0_66.

Edit: The receiveMessages call is excepting before return. See below comment for more information

Ah okay, that's good that you're still able to call the API.

As I mentioned, this is best effort since not all implementations may support the given configurations. If the configurations could not apply, then there is no change from previous version, but as the warning says, we could not guard against XXE attacks in this case. We should understand exactly why in this case the configuration options didn't work.

I've taken a closer look and I can see that we're actually not receiving any messages when we hit this exception, even if there are messages on the queue. The call results in a RuntimeException (IllegalArgumentException) being thrown, which stops it in its tracks.

As far as the SDK's operation, it looks like we're sending the request for messages, receiving a response, but excepting before we can fully parse and process the response, stopping before we return anything.

Our use pattern is a bit more complex than most may be, so I'll explain it a bit since it could help with investigating this.

We're being a bit more paranoid with exception handling in this particular project since a lot of the packages we're depending on have inconsistent exception throwing models. For instance, a few packages just throw RuntimeException for any little failure, which can create unexpected behavior in a many-threaded

For message receipt, we have to do some work each loop regardless of whether the SQS message receipt succeeds and, if it doesn't succeed, we need to handle different failure conditions differently.

The code we use to regularly request messages from our SQS queue for each queue we're monitoring looks something like this.

boolean active = true;

// Setup SQS client and ReceiveMessageRequest
try {
  AmazonSQS sqsClient = awsSqsUtil.buildClient(monitorId);
  ReceiveMessageRequest sqsReceiveMessageRequest = awsSqsUtil.buildReceiveMessageRequest(monitorId);
} catch (ProjectAwsSdkException sdkEx) {
  throw new ProjectMonitorException("Error initializing monitor", sdkEx);
}

while(active) {
  List<Message> sqsMessages = new ArrayList<>();
  List<Exception> handlerExceptions = new ArrayList<>();
  Exception inLoopSqsException;

  // Receive new messages from the queue
  try {
    sqsMessages = awsSqsUtil.receiveMessages(sqsClient, sqsReceiveMessageRequest);
  } catch {ProjectAwsSdkException sdkEx} {
    inLoopSqsException = sdkEx;
    log.warn("Error during SQS message request, " + sdkEx.getMessage());
  }

  if (CollectionUtils.isNotEmpty(sqsMessages)) {
    // Handle our new messages
    handlerExceptions = messageHandler.handleMessages(sqsMesssages);
  }  else {
    // Check on the state of the remote service we expect to be hearing from to make sure that we should expect more later
    active = remoteSericeUtil.determineRemoteServiceState(remoteServiceId)
  }

  if (inLoopException == null) {
    // If we actually got messages and didn't hit exceptions, delete the ones we know we handled right
    if (CollectionUtils.isEmpty(handlerExceptions)) {
      awsSqsUtil.deleteMessages(sqsMessages);
    } else {
      awsSqsUtil.handlePartialMessageDelete(handlerExceptions, sqsMessages);
    }
    // Check with our service core to make sure this thread still needs to be active
    active = serviceCoreUtil.checkStatusForMonitorThread(monitorThreadId);
    sleepLoop(projectConfig.getLoopSleep())
  } else {
    // If we got an exception, take case-specific action and, if absolutely required, update our loop active state
    active = exceptionUtil.handleSqsReceiveException(inLoopSqsException);
  }
}

Our AWS util class catches any SdkExceptions or RuntimeExceptions then wrapps them in a project-specific exception that gets thrown to the caller.

In this caller's case, the action we need take is conditional based on the cause of the exception and it needs to happen only after some other work gets done.

For example, we want to make sure we retry rather than fail on HttpConnectException exceptions or QueueNotFoundException but each case needs to have its own timer for any thread sleep we do between loop iterations. If we run into exceptions we haven't seen before or didn't expect, like this one, we handle them by logging them with some extra contextual detail before retrying later on a longer per-loop sleep timer, up to a reasonable count, before killing the monitor.

So in this case our paranoid pattern is protecting our while loop and our thread from being disrupted by the IllegalArgumentException/RuntimeException that ends up getting thrown from the factory.setAttribute calls within XPathUtils. This probably won't be the case in less paranoid projects where that RuntimeException could end up causing unexpected behavior if it floats up from the SDK.

If this is intended to be a best effort, it may be preferable to catch any IllegalArgumentException within XPathUtils and decide what to do with it before letting a RuntimeException from the SDK make its way into a caller that may not be ready for it. But I might just be paranoid. :)

Hmm here is where the exception (IllegalArgumentException) is caught and logged in XpathUtils:

https://github.com/aws/aws-sdk-java/blob/d761e0569573abc8c7732b7bd48a24eaedb76145/aws-java-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java#L653-L663

We don't rethrow the exception so it should not be bubbling up to the caller. Do you have a stacktrace when your code gets the IllegalArgumentException from XpathUtils?

While stepping through more thoroughly in the debugger it looks like I had misinterpreted the sequence and success/failure of events in my analysis above. Sorry about that. I incorrectly mistook the stacktrace output in the logs as evidence of an uncaught RuntimeException. 🤦‍♂

Thank you for calling out the try/catch in XPathUtils, which I apparently totally missed in my initial analysis. With a better understanding of that, it looks like this could be a simple logging issue. It might be related to configureXercesFactory throwing an undeclared exception, sending the stacktrace to stdout/logs.

This is the stack trace from starting from our util class caller from the most recent test iteration.

[13:08:29.283  WARN pair-718-27    mazonaws.util.XpathUtils] Unable to configure DocumentBuilderFactory to protect against XXE attacks
java.lang.IllegalArgumentException: Property 'http://xml.org/sax/features/external-general-entities' is not recognized.
    at org.apache.xerces.jaxp.DocumentBuilderFactoryImpl.setAttribute(Unknown Source)
    at com.amazonaws.util.XpathUtils.configureXercesFactory(XpathUtils.java:674)
    at com.amazonaws.util.XpathUtils.initialConfigureDocumentBuilderFactory(XpathUtils.java:655)
    at com.amazonaws.util.XpathUtils.configureDocumentBuilderFactory(XpathUtils.java:643)
    at com.amazonaws.util.XpathUtils.documentFrom(XpathUtils.java:178)
    at com.amazonaws.util.XpathUtils.documentFrom(XpathUtils.java:192)
    at com.amazonaws.http.DefaultErrorResponseHandler.parseXml(DefaultErrorResponseHandler.java:124)
    at com.amazonaws.http.DefaultErrorResponseHandler.documentFromContent(DefaultErrorResponseHandler.java:105)
    at com.amazonaws.http.DefaultErrorResponseHandler.createAse(DefaultErrorResponseHandler.java:84)
    at com.amazonaws.http.DefaultErrorResponseHandler.handle(DefaultErrorResponseHandler.java:71)
    at com.amazonaws.http.DefaultErrorResponseHandler.handle(DefaultErrorResponseHandler.java:47)
    at com.amazonaws.http.AwsErrorResponseHandler.handleAse(AwsErrorResponseHandler.java:53)
    at com.amazonaws.http.AwsErrorResponseHandler.handle(AwsErrorResponseHandler.java:41)
    at com.amazonaws.http.AwsErrorResponseHandler.handle(AwsErrorResponseHandler.java:26)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1724)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1371)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1347)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1127)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:784)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:752)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:726)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:686)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:668)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:532)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:512)
    at com.amazonaws.services.sqs.AmazonSQSClient.doInvoke(AmazonSQSClient.java:2207)
    at com.amazonaws.services.sqs.AmazonSQSClient.invoke(AmazonSQSClient.java:2174)
    at com.amazonaws.services.sqs.AmazonSQSClient.invoke(AmazonSQSClient.java:2163)
    at com.amazonaws.services.sqs.AmazonSQSClient.executeReceiveMessage(AmazonSQSClient.java:1607)
    at com.amazonaws.services.sqs.AmazonSQSClient.receiveMessage(AmazonSQSClient.java:1578)
    at com.company.project.util.AwsUtilImpl.receiveMessages(AwsUtilImpl.java:91)

The AWS SDK version in use in this build is 1.1.714 and the test case is a request for messages from a queue that doesn't exist yet. The receiveMessage call is actually working properly and in its entirety. We're sending the request, getting the response back indicating that the queue doesn't exist, and the SDK is properly throwing the expected exception back to the utility class caller.

After that something in our subsequent handling appears to go off the rails, ironically causing our exception handler util to except, killing our loop/thread. That's the part I'm currently stepping through during iterative tests. Although this doesn't behave badly with 1.1.708 I'm not convinced its SDK related just yet, so I'll provide an update when this deeper debugging yields results.

Looks like the issue we had with things going off the rails was related to the way our exception util was handling the checking exception chains. Refactoring it to use ExceptionUtils fixed an NPE in there.

So this issue looks like its purely a logging thing rather than some critical failure or an unchecked RuntimeException.

Just ran into this warning as well. Per this and OWASP, you should use the setFeature method and not the setAttribute method with an empty string :

factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", false);

Any update on the fix suggested by @jebeaudet

using 1.11.838 (latest aws-sdk-java version as of today) and still getting this error. is this ever going to be addressed?

[XpathUtils.java:661][initialConfigureDocumentBuilderFactory:main] Unable to configure DocumentBuilderFactory to protect against XXE attacks
java.lang.IllegalArgumentException: Property 'http://xml.org/sax/features/external-general-entities' is not recognized.
    at org.apache.xerces.jaxp.DocumentBuilderFactoryImpl.setAttribute(Unknown Source)
    at com.amazonaws.util.XpathUtils.configureXercesFactory(XpathUtils.java:675)
    at com.amazonaws.util.XpathUtils.initialConfigureDocumentBuilderFactory(XpathUtils.java:655)
    at com.amazonaws.util.XpathUtils.configureDocumentBuilderFactory(XpathUtils.java:643)
    at com.amazonaws.util.XpathUtils.documentFrom(XpathUtils.java:173)
    at com.amazonaws.util.XpathUtils.documentFrom(XpathUtils.java:187)
    at com.amazonaws.http.DefaultErrorResponseHandler.parseXml(DefaultErrorResponseHandler.java:124)
    at com.amazonaws.http.DefaultErrorResponseHandler.documentFromContent(DefaultErrorResponseHandler.java:105)
    at com.amazonaws.http.DefaultErrorResponseHandler.createAse(DefaultErrorResponseHandler.java:84)
    at com.amazonaws.http.DefaultErrorResponseHandler.handle(DefaultErrorResponseHandler.java:71)
    at com.amazonaws.http.DefaultErrorResponseHandler.handle(DefaultErrorResponseHandler.java:47)
    at com.amazonaws.http.AwsErrorResponseHandler.handleAse(AwsErrorResponseHandler.java:58)
    at com.amazonaws.http.AwsErrorResponseHandler.handle(AwsErrorResponseHandler.java:45)
    at com.amazonaws.http.AwsErrorResponseHandler.handle(AwsErrorResponseHandler.java:27)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1793)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1395)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1371)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704)
    at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550)
    at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530)
    at com.amazonaws.services.sqs.AmazonSQSClient.doInvoke(AmazonSQSClient.java:2202)
    at com.amazonaws.services.sqs.AmazonSQSClient.invoke(AmazonSQSClient.java:2169)
    at com.amazonaws.services.sqs.AmazonSQSClient.invoke(AmazonSQSClient.java:2158)
    at com.amazonaws.services.sqs.AmazonSQSClient.executeGetQueueUrl(AmazonSQSClient.java:1196)
    at com.amazonaws.services.sqs.AmazonSQSClient.getQueueUrl(AmazonSQSClient.java:1168)
    at org.springframework.cloud.aws.messaging.support.destination.DynamicQueueUrlDestinationResolver.resolveDestination(DynamicQueueUrlDestinationResolver.java:94)
    at org.springframework.cloud.aws.messaging.support.destination.DynamicQueueUrlDestinationResolver.resolveDestination(DynamicQueueUrlDestinationResolver.java:38)
    at org.springframework.messaging.core.CachingDestinationResolverProxy.resolveDestination(CachingDestinationResolverProxy.java:88)
    at org.springframework.cloud.aws.messaging.listener.AbstractMessageListenerContainer.queueAttributes(AbstractMessageListenerContainer.java:321)
    at org.springframework.cloud.aws.messaging.listener.AbstractMessageListenerContainer.initialize(AbstractMessageListenerContainer.java:293)
    at org.springframework.cloud.aws.messaging.listener.SimpleMessageListenerContainer.initialize(SimpleMessageListenerContainer.java:111)
    at org.springframework.cloud.aws.messaging.listener.AbstractMessageListenerContainer.afterPropertiesSet(AbstractMessageListenerContainer.java:268)
    at org.springframework.cloud.aws.messaging.listener.SimpleMessageListenerContainer.afterPropertiesSet(SimpleMessageListenerContainer.java:45)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1687)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1624)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:555)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:866)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:542)
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1118)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1107)
    at com.sophos.central.Main.main(Main.java:29)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
    at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
    at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
    at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51)

@jebeaudet Thanks for pointing that out. I'll take a look.

@srperetz Can you share your Apache Xerces dependency in your POM so we can reproduce this?

@dagnir no POM to speak of, since it's (a) gradle and (b) a transitive dependency, but the jar that's pulled in is xerces:xercesImpl:2.11.0. the dependency tree shown by gradle dependencyInsight --dependency xercesImpl looks like this:

xerces:xercesImpl:2.11.0
\--- net.sourceforge.nekohtml:nekohtml:1.9.22
     \--- org.codehaus.groovy.modules.http-builder:http-builder:0.7.1

@srperetz Thanks for the info!

Getting similar warning message while fetching login profile of IAM
WARN [com.amazonaws.util.XpathUtils] - Unable to configure DocumentBuilderFactory to protect against XXE attacks
java.lang.IllegalArgumentException: Property 'http://xml.org/sax/features/external-general-entities' is not recognized.
at org.apache.xerces.jaxp.DocumentBuilderFactoryImpl.setAttribute(Unknown Source)
at com.amazonaws.util.XpathUtils.configureXercesFactory(XpathUtils.java:675)
at com.amazonaws.util.XpathUtils.initialConfigureDocumentBuilderFactory(XpathUtils.java:655)
at com.amazonaws.util.XpathUtils.configureDocumentBuilderFactory(XpathUtils.java:643)
at com.amazonaws.util.XpathUtils.documentFrom(XpathUtils.java:173)
at com.amazonaws.util.XpathUtils.documentFrom(XpathUtils.java:187)
at com.amazonaws.http.DefaultErrorResponseHandler.parseXml(DefaultErrorResponseHandler.java:124)
at com.amazonaws.http.DefaultErrorResponseHandler.documentFromContent(DefaultErrorResponseHandler.java:105)
at com.amazonaws.http.DefaultErrorResponseHandler.createAse(DefaultErrorResponseHandler.java:84)
at com.amazonaws.http.DefaultErrorResponseHandler.handle(DefaultErrorResponseHandler.java:71)
at com.amazonaws.http.DefaultErrorResponseHandler.handle(DefaultErrorResponseHandler.java:47)
at com.amazonaws.http.AwsErrorResponseHandler.handleAse(AwsErrorResponseHandler.java:58)
at com.amazonaws.http.AwsErrorResponseHandler.handle(AwsErrorResponseHandler.java:45)
at com.amazonaws.http.AwsErrorResponseHandler.handle(AwsErrorResponseHandler.java:27)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1793)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1395)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1371)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530)
at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.doInvoke(AmazonIdentityManagementClient.java:10725)
at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.invoke(AmazonIdentityManagementClient.java:10692)
at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.invoke(AmazonIdentityManagementClient.java:10681)
at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.executeGetLoginProfile(AmazonIdentityManagementClient.java:5005)
at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.getLoginProfile(AmazonIdentityManagementClient.java:4976)

I am also facing this issue when trying to get the queueUrl for a queue in a different aws account. If I use a queue in the same account as my component - everything works correctly

I am working in kotlin and using the java sdk (version 1.11.800) and xerces version 2.12.0

val request = GetQueueUrlRequest(queueName) request.queueOwnerAWSAccountId = "<12 digit account number>" val queueUrl = client.getQueueUrl( request) println("the queue url is $queueUrl") return client.sendMessageBatch( SendMessageBatchRequest( queueUrl.queueUrl, toSendMessageBatchEntries(messages) ) )

This is my stack trace:
Sep 10, 2020 7:05:27 AM org.springframework.test.context.transaction.TransactionContext startTransaction INFO: Began transaction (1) for test context [DefaultTestContext@414f87a9 testClass = OperationalRetentionScoresTest, testInstance = com.starfish.officehours.dao.operational.retention.score.OperationalRetentionScoresTest@1ddc6db2, testMethod = getDataNow@OperationalRetentionScoresTest, testException = [null], mergedContextConfiguration = [MergedContextConfiguration@92d1782 testClass = OperationalRetentionScoresTest, locations = '{}', classes = '{class com.starfish.dbtest.config.DBConfig, class com.starfish.officehours.service.impl.batch.operational.retention.score.OperationalRetentionScoreConfig}', contextInitializerClasses = '[]', activeProfiles = '{}', propertySourceLocations = '{}', propertySourceProperties = '{}', contextCustomizers = set[[empty]], contextLoader = 'org.springframework.test.context.support.DelegatingSmartContextLoader', parent = [null]]]; transaction manager [org.springframework.jdbc.datasource.DataSourceTransactionManager@39c1fe0b]; rollback [true] Sep 10, 2020 7:05:28 AM com.amazonaws.util.XpathUtils initialConfigureDocumentBuilderFactory WARNING: Unable to configure DocumentBuilderFactory to protect against XXE attacks java.lang.IllegalArgumentException: Property 'http://xml.org/sax/features/external-general-entities' is not recognized. at org.apache.xerces.jaxp.DocumentBuilderFactoryImpl.setAttribute(Unknown Source) at com.amazonaws.util.XpathUtils.configureXercesFactory(XpathUtils.java:675) at com.amazonaws.util.XpathUtils.initialConfigureDocumentBuilderFactory(XpathUtils.java:655) at com.amazonaws.util.XpathUtils.configureDocumentBuilderFactory(XpathUtils.java:643) at com.amazonaws.util.XpathUtils.documentFrom(XpathUtils.java:173) at com.amazonaws.util.XpathUtils.documentFrom(XpathUtils.java:187) at com.amazonaws.http.DefaultErrorResponseHandler.parseXml(DefaultErrorResponseHandler.java:124) at com.amazonaws.http.DefaultErrorResponseHandler.documentFromContent(DefaultErrorResponseHandler.java:105) at com.amazonaws.http.DefaultErrorResponseHandler.createAse(DefaultErrorResponseHandler.java:84) at com.amazonaws.http.DefaultErrorResponseHandler.handle(DefaultErrorResponseHandler.java:71) at com.amazonaws.http.DefaultErrorResponseHandler.handle(DefaultErrorResponseHandler.java:47) at com.amazonaws.http.AwsErrorResponseHandler.handleAse(AwsErrorResponseHandler.java:58) at com.amazonaws.http.AwsErrorResponseHandler.handle(AwsErrorResponseHandler.java:45) at com.amazonaws.http.AwsErrorResponseHandler.handle(AwsErrorResponseHandler.java:27) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1793) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1395) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1371) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704) at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530) at com.amazonaws.services.sqs.AmazonSQSClient.doInvoke(AmazonSQSClient.java:2207) at com.amazonaws.services.sqs.AmazonSQSClient.invoke(AmazonSQSClient.java:2174) at com.amazonaws.services.sqs.AmazonSQSClient.invoke(AmazonSQSClient.java:2163) at com.amazonaws.services.sqs.AmazonSQSClient.executeGetQueueUrl(AmazonSQSClient.java:1201) at com.amazonaws.services.sqs.AmazonSQSClient.getQueueUrl(AmazonSQSClient.java:1173) at com.starfish.aws.AWSSqsClientWrapperImpl.sendMessages(AWSSqsClientWrapperImpl.kt:28) at com.starfish.officehours.dao.operational.retention.score.OperationalRetentionScoreSender.processRow(OperationalRetentionScoreSender.kt:30) at org.springframework.jdbc.core.JdbcTemplate$RowCallbackHandlerResultSetExtractor.extractData(JdbcTemplate.java:1580)

@jumpinjan Which JDK version are you using?

I am using openjdk 11.0.2 2019-01-15
OpenJDK Runtime Environment 18.9 (build 11.0.2+9)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.2+9, mixed mode)