/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- After migrating to JDK 21 and Spring Security 6.2, POST requests to /punchout/cxml/setup return 403 Forbidden when sent as cXML from an external procurement system.
-
Application logs show:
"message":
"Could not unmarshal to [class org.cxml.CXML]: jakarta.xml.bind.UnmarshalException - with linked exception:
[org.xml.sax.SAXParseException; lineNumber: 2; columnNumber: 10; DOCTYPE is disallowed when the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true.]",
"name":"org.springframework.http.converter.HttpMessageNotReadableException",
"cause":{"commonElementCount":128,"name":"jakarta.xml.bind.UnmarshalException",
"cause":{"commonElementCount":128,"localizedMessage":"DOCTYPE is disallowed when the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true.",
"message":"DOCTYPE is disallowed when the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true.",
"name":"org.xml.sax.SAXParseException"
Read more...
Environment
SAP Commerce Cloud
Product
SAP Commerce Cloud 2211 for JDK21
Keywords
punchout, cxml, doctype, disallow-doctype-decl, jdk21, java 21, spring security 6.2, jaxb, 404 error, httpmessagenotreadableexception, unmarshallexception, saxparseexception , KBA , CEC-SCC-COM-BBA-PUN , Punchout , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)