The December 2009 Blog
send me a comment

Domino DXL and Agent Restrictions (Wednesday, Dec 23)
[ permalink ] [ e-mail me ] [ ]

Consider the following snippet of Java code, which loads the DXL of a Lotus Notes document into an XML DOM parser for processing:

Session session = getSession();
AgentContext agentContext = session.getAgentContext();
Database db = agentContext.getCurrentDatabase();
lotus.domino.Document doc = db.getAllDocuments().getFirstDocument();

DxlExporter exporter = session.createDxlExporter();
exporter.setOutputDOCTYPE(false);    // avoid restricted access errors
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setValidating(false);
org.w3c.dom.Document domDoc = factory.newDocumentBuilder().parse(
    new ByteArrayInputStream( exporter.exportDxl(doc).getBytes() ));
doc.recycle();

When you run this on a Domino server in an agent, the "exporter.setOutputDOCTYPE(false);" line is important. If you do not include that line, your agent will need to have a runtime security level of "2. Allow restricted operations" to avoid getting java.lang.SecurityException and lotus.notes.AgentSecurityManager errors -- and the ID it runs under will need to have unrestricted access on the server. If you do include that line, the agent can run under the standard runtime security of "no restricted operations".

That's my experience on a Domino 8.5.1 server anyway. If this lesson has been covered already, I either didn't see it or had to learn it for myself.