• file
• revisions
• annotate
• diff
• comparison
• raw

src/share/jaxws_classes/com/sun/xml/internal/ws/util/xml/XmlUtil.java@65d3b0e44551 (annotated)

src/share/jaxws_classes/com/sun/xml/internal/ws/util/xml/XmlUtil.java

Sun, 25 Jun 2017 00:13:53 +0100

author

aefimov

date

Sun, 25 Jun 2017 00:13:53 +0100

changeset 1386

65d3b0e44551

parent 721

06807f9a6835

child 1435

a90b319bae7a

permissions

-rw-r--r--

8182054: Improve wsdl support
Summary: Also reviewed by Roman Grigoriadi <roman.grigoriadi@oracle.com>
Reviewed-by: joehw, lancea

ohair@286	1	/*
aefimov@1386	2	* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
ohair@286	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
ohair@286	4	*
ohair@286	5	* This code is free software; you can redistribute it and/or modify it
ohair@286	6	* under the terms of the GNU General Public License version 2 only, as
ohair@286	7	* published by the Free Software Foundation. Oracle designates this
ohair@286	8	* particular file as subject to the "Classpath" exception as provided
ohair@286	9	* by Oracle in the LICENSE file that accompanied this code.
ohair@286	10	*
ohair@286	11	* This code is distributed in the hope that it will be useful, but WITHOUT
ohair@286	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
ohair@286	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
ohair@286	14	* version 2 for more details (a copy is included in the LICENSE file that
ohair@286	15	* accompanied this code).
ohair@286	16	*
ohair@286	17	* You should have received a copy of the GNU General Public License version
ohair@286	18	* 2 along with this work; if not, write to the Free Software Foundation,
ohair@286	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
ohair@286	20	*
ohair@286	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
ohair@286	22	* or visit www.oracle.com if you need additional information or have any
ohair@286	23	* questions.
ohair@286	24	*/
ohair@286	25
ohair@286	26	package com.sun.xml.internal.ws.util.xml;
ohair@286	27
ohair@286	28	import com.sun.istack.internal.Nullable;
ohair@286	29	import com.sun.org.apache.xml.internal.resolver.Catalog;
ohair@286	30	import com.sun.org.apache.xml.internal.resolver.CatalogManager;
ohair@286	31	import com.sun.org.apache.xml.internal.resolver.tools.CatalogResolver;
ohair@286	32	import com.sun.xml.internal.ws.server.ServerRtException;
ohair@286	33	import com.sun.xml.internal.ws.util.ByteArrayBuffer;
ohair@286	34	import org.w3c.dom.Attr;
ohair@286	35	import org.w3c.dom.Element;
ohair@286	36	import org.w3c.dom.EntityReference;
ohair@286	37	import org.w3c.dom.Node;
ohair@286	38	import org.w3c.dom.NodeList;
ohair@286	39	import org.w3c.dom.Text;
alanb@368	40	import org.xml.sax.*;
ohair@286	41
alanb@368	42	import javax.xml.XMLConstants;
ohair@286	43	import javax.xml.namespace.QName;
alanb@368	44	import javax.xml.parsers.DocumentBuilderFactory;
ohair@286	45	import javax.xml.parsers.ParserConfigurationException;
ohair@286	46	import javax.xml.parsers.SAXParserFactory;
alanb@368	47	import javax.xml.stream.XMLInputFactory;
ohair@286	48	import javax.xml.transform.Result;
ohair@286	49	import javax.xml.transform.Source;
ohair@286	50	import javax.xml.transform.Transformer;
ohair@286	51	import javax.xml.transform.TransformerConfigurationException;
ohair@286	52	import javax.xml.transform.TransformerException;
ohair@286	53	import javax.xml.transform.TransformerFactory;
ohair@286	54	import javax.xml.transform.sax.SAXTransformerFactory;
ohair@286	55	import javax.xml.transform.sax.TransformerHandler;
ohair@286	56	import javax.xml.transform.stream.StreamSource;
mkos@397	57	import javax.xml.validation.SchemaFactory;
ohair@286	58	import javax.xml.ws.WebServiceException;
alanb@368	59	import javax.xml.xpath.XPathFactory;
alanb@368	60	import javax.xml.xpath.XPathFactoryConfigurationException;
ohair@286	61	import java.io.IOException;
ohair@286	62	import java.io.InputStream;
ohair@286	63	import java.io.OutputStreamWriter;
ohair@286	64	import java.io.Writer;
ohair@286	65	import java.net.URL;
mkos@721	66	import java.security.AccessController;
mkos@721	67	import java.security.PrivilegedAction;
ohair@286	68	import java.util.ArrayList;
ohair@286	69	import java.util.Enumeration;
ohair@286	70	import java.util.Iterator;
ohair@286	71	import java.util.List;
ohair@286	72	import java.util.StringTokenizer;
alanb@368	73	import java.util.logging.Level;
alanb@368	74	import java.util.logging.Logger;
ohair@286	75
ohair@286	76	/**
ohair@286	77	* @author WS Development Team
ohair@286	78	*/
ohair@286	79	public class XmlUtil {
mkos@397	80
mkos@397	81	// not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used
mkos@397	82	private static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema";
mkos@397	83
ohair@286	84	private final static String LEXICAL_HANDLER_PROPERTY =
ohair@286	85	"http://xml.org/sax/properties/lexical-handler";
ohair@286	86
aefimov@1386	87	private static final String DISALLOW_DOCTYPE_DECL = "http://apache.org/xml/features/disallow-doctype-decl";
aefimov@1386	88
aefimov@1386	89	private static final String EXTERNAL_GE = "http://xml.org/sax/features/external-general-entities";
aefimov@1386	90
aefimov@1386	91	private static final String EXTERNAL_PE = "http://xml.org/sax/features/external-parameter-entities";
aefimov@1386	92
aefimov@1386	93	private static final String LOAD_EXTERNAL_DTD = "http://apache.org/xml/features/nonvalidating/load-external-dtd";
aefimov@1386	94
alanb@368	95	private static final Logger LOGGER = Logger.getLogger(XmlUtil.class.getName());
alanb@368	96
mkos@721	97	private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.ws.disableXmlSecurity";
alanb@368	98
mkos@721	99	private static boolean XML_SECURITY_DISABLED = AccessController.doPrivileged(
mkos@721	100	new PrivilegedAction<Boolean>() {
mkos@721	101	@Override
mkos@721	102	public Boolean run() {
mkos@721	103	return Boolean.getBoolean(DISABLE_XML_SECURITY);
mkos@721	104	}
mkos@721	105	}
mkos@721	106	);
alanb@368	107
ohair@286	108	public static String getPrefix(String s) {
ohair@286	109	int i = s.indexOf(':');
ohair@286	110	if (i == -1)
ohair@286	111	return null;
ohair@286	112	return s.substring(0, i);
ohair@286	113	}
ohair@286	114
ohair@286	115	public static String getLocalPart(String s) {
ohair@286	116	int i = s.indexOf(':');
ohair@286	117	if (i == -1)
ohair@286	118	return s;
ohair@286	119	return s.substring(i + 1);
ohair@286	120	}
ohair@286	121
ohair@286	122
ohair@286	123
ohair@286	124	public static String getAttributeOrNull(Element e, String name) {
ohair@286	125	Attr a = e.getAttributeNode(name);
ohair@286	126	if (a == null)
ohair@286	127	return null;
ohair@286	128	return a.getValue();
ohair@286	129	}
ohair@286	130
ohair@286	131	public static String getAttributeNSOrNull(
ohair@286	132	Element e,
ohair@286	133	String name,
ohair@286	134	String nsURI) {
ohair@286	135	Attr a = e.getAttributeNodeNS(nsURI, name);
ohair@286	136	if (a == null)
ohair@286	137	return null;
ohair@286	138	return a.getValue();
ohair@286	139	}
ohair@286	140
ohair@286	141	public static String getAttributeNSOrNull(
ohair@286	142	Element e,
ohair@286	143	QName name) {
ohair@286	144	Attr a = e.getAttributeNodeNS(name.getNamespaceURI(), name.getLocalPart());
ohair@286	145	if (a == null)
ohair@286	146	return null;
ohair@286	147	return a.getValue();
ohair@286	148	}
ohair@286	149
ohair@286	150	/* public static boolean matchesTagNS(Element e, String tag, String nsURI) {
ohair@286	151	try {
ohair@286	152	return e.getLocalName().equals(tag)
ohair@286	153	&& e.getNamespaceURI().equals(nsURI);
ohair@286	154	} catch (NullPointerException npe) {
ohair@286	155
ohair@286	156	// localname not null since parsing would fail before here
ohair@286	157	throw new WSDLParseException(
ohair@286	158	"null.namespace.found",
ohair@286	159	e.getLocalName());
ohair@286	160	}
ohair@286	161	}
ohair@286	162
ohair@286	163	public static boolean matchesTagNS(
ohair@286	164	Element e,
ohair@286	165	javax.xml.namespace.QName name) {
ohair@286	166	try {
ohair@286	167	return e.getLocalName().equals(name.getLocalPart())
ohair@286	168	&& e.getNamespaceURI().equals(name.getNamespaceURI());
ohair@286	169	} catch (NullPointerException npe) {
ohair@286	170
ohair@286	171	// localname not null since parsing would fail before here
ohair@286	172	throw new WSDLParseException(
ohair@286	173	"null.namespace.found",
ohair@286	174	e.getLocalName());
ohair@286	175	}
ohair@286	176	}*/
ohair@286	177
ohair@286	178	public static Iterator getAllChildren(Element element) {
ohair@286	179	return new NodeListIterator(element.getChildNodes());
ohair@286	180	}
ohair@286	181
ohair@286	182	public static Iterator getAllAttributes(Element element) {
ohair@286	183	return new NamedNodeMapIterator(element.getAttributes());
ohair@286	184	}
ohair@286	185
ohair@286	186	public static List<String> parseTokenList(String tokenList) {
ohair@286	187	List<String> result = new ArrayList<String>();
ohair@286	188	StringTokenizer tokenizer = new StringTokenizer(tokenList, " ");
ohair@286	189	while (tokenizer.hasMoreTokens()) {
ohair@286	190	result.add(tokenizer.nextToken());
ohair@286	191	}
ohair@286	192	return result;
ohair@286	193	}
ohair@286	194
ohair@286	195	public static String getTextForNode(Node node) {
alanb@368	196	StringBuilder sb = new StringBuilder();
ohair@286	197
ohair@286	198	NodeList children = node.getChildNodes();
ohair@286	199	if (children.getLength() == 0)
ohair@286	200	return null;
ohair@286	201
ohair@286	202	for (int i = 0; i < children.getLength(); ++i) {
ohair@286	203	Node n = children.item(i);
ohair@286	204
ohair@286	205	if (n instanceof Text)
ohair@286	206	sb.append(n.getNodeValue());
ohair@286	207	else if (n instanceof EntityReference) {
ohair@286	208	String s = getTextForNode(n);
ohair@286	209	if (s == null)
ohair@286	210	return null;
ohair@286	211	else
ohair@286	212	sb.append(s);
ohair@286	213	} else
ohair@286	214	return null;
ohair@286	215	}
ohair@286	216
ohair@286	217	return sb.toString();
ohair@286	218	}
ohair@286	219
ohair@286	220	public static InputStream getUTF8Stream(String s) {
ohair@286	221	try {
ohair@286	222	ByteArrayBuffer bab = new ByteArrayBuffer();
ohair@286	223	Writer w = new OutputStreamWriter(bab, "utf-8");
ohair@286	224	w.write(s);
ohair@286	225	w.close();
ohair@286	226	return bab.newInputStream();
ohair@286	227	} catch (IOException e) {
ohair@286	228	throw new RuntimeException("should not happen");
ohair@286	229	}
ohair@286	230	}
ohair@286	231
mkos@515	232	static final ContextClassloaderLocal<TransformerFactory> transformerFactory = new ContextClassloaderLocal<TransformerFactory>() {
mkos@515	233	@Override
mkos@515	234	protected TransformerFactory initialValue() throws Exception {
mkos@515	235	return TransformerFactory.newInstance();
mkos@515	236	}
mkos@515	237	};
ohair@286	238
mkos@515	239	static final ContextClassloaderLocal<SAXParserFactory> saxParserFactory = new ContextClassloaderLocal<SAXParserFactory>() {
mkos@515	240	@Override
mkos@515	241	protected SAXParserFactory initialValue() throws Exception {
mkos@515	242	SAXParserFactory factory = SAXParserFactory.newInstance();
mkos@515	243	factory.setNamespaceAware(true);
mkos@515	244	return factory;
mkos@515	245	}
mkos@515	246	};
ohair@286	247
ohair@286	248	/**
ohair@286	249	* Creates a new identity transformer.
ohair@286	250	*/
ohair@286	251	public static Transformer newTransformer() {
ohair@286	252	try {
mkos@515	253	return transformerFactory.get().newTransformer();
ohair@286	254	} catch (TransformerConfigurationException tex) {
ohair@286	255	throw new IllegalStateException("Unable to create a JAXP transformer");
ohair@286	256	}
ohair@286	257	}
ohair@286	258
ohair@286	259	/**
ohair@286	260	* Performs identity transformation.
ohair@286	261	*/
ohair@286	262	public static <T extends Result>
ohair@286	263	T identityTransform(Source src, T result) throws TransformerException, SAXException, ParserConfigurationException, IOException {
ohair@286	264	if (src instanceof StreamSource) {
ohair@286	265	// work around a bug in JAXP in JDK6u4 and earlier where the namespace processing
ohair@286	266	// is not turned on by default
ohair@286	267	StreamSource ssrc = (StreamSource) src;
mkos@515	268	TransformerHandler th = ((SAXTransformerFactory) transformerFactory.get()).newTransformerHandler();
ohair@286	269	th.setResult(result);
mkos@515	270	XMLReader reader = saxParserFactory.get().newSAXParser().getXMLReader();
ohair@286	271	reader.setContentHandler(th);
ohair@286	272	reader.setProperty(LEXICAL_HANDLER_PROPERTY, th);
ohair@286	273	reader.parse(toInputSource(ssrc));
ohair@286	274	} else {
ohair@286	275	newTransformer().transform(src, result);
ohair@286	276	}
ohair@286	277	return result;
ohair@286	278	}
ohair@286	279
ohair@286	280	private static InputSource toInputSource(StreamSource src) {
ohair@286	281	InputSource is = new InputSource();
ohair@286	282	is.setByteStream(src.getInputStream());
ohair@286	283	is.setCharacterStream(src.getReader());
ohair@286	284	is.setPublicId(src.getPublicId());
ohair@286	285	is.setSystemId(src.getSystemId());
ohair@286	286	return is;
ohair@286	287	}
ohair@286	288
ohair@286	289	/*
ohair@286	290	* Gets an EntityResolver using XML catalog
ohair@286	291	*/
ohair@286	292	public static EntityResolver createEntityResolver(@Nullable URL catalogUrl) {
ohair@286	293	// set up a manager
ohair@286	294	CatalogManager manager = new CatalogManager();
ohair@286	295	manager.setIgnoreMissingProperties(true);
ohair@286	296	// Using static catalog may result in to sharing of the catalog by multiple apps running in a container
ohair@286	297	manager.setUseStaticCatalog(false);
ohair@286	298	Catalog catalog = manager.getCatalog();
ohair@286	299	try {
ohair@286	300	if (catalogUrl != null) {
ohair@286	301	catalog.parseCatalog(catalogUrl);
ohair@286	302	}
ohair@286	303	} catch (IOException e) {
ohair@286	304	throw new ServerRtException("server.rt.err",e);
ohair@286	305	}
ohair@286	306	return workaroundCatalogResolver(catalog);
ohair@286	307	}
ohair@286	308
ohair@286	309	/**
ohair@286	310	* Gets a default EntityResolver for catalog at META-INF/jaxws-catalog.xml
ohair@286	311	*/
ohair@286	312	public static EntityResolver createDefaultCatalogResolver() {
ohair@286	313
ohair@286	314	// set up a manager
ohair@286	315	CatalogManager manager = new CatalogManager();
ohair@286	316	manager.setIgnoreMissingProperties(true);
ohair@286	317	// Using static catalog may result in to sharing of the catalog by multiple apps running in a container
ohair@286	318	manager.setUseStaticCatalog(false);
ohair@286	319	// parse the catalog
ohair@286	320	ClassLoader cl = Thread.currentThread().getContextClassLoader();
ohair@286	321	Enumeration<URL> catalogEnum;
ohair@286	322	Catalog catalog = manager.getCatalog();
ohair@286	323	try {
ohair@286	324	if (cl == null) {
ohair@286	325	catalogEnum = ClassLoader.getSystemResources("META-INF/jax-ws-catalog.xml");
ohair@286	326	} else {
ohair@286	327	catalogEnum = cl.getResources("META-INF/jax-ws-catalog.xml");
ohair@286	328	}
ohair@286	329
ohair@286	330	while(catalogEnum.hasMoreElements()) {
ohair@286	331	URL url = catalogEnum.nextElement();
ohair@286	332	catalog.parseCatalog(url);
ohair@286	333	}
ohair@286	334	} catch (IOException e) {
ohair@286	335	throw new WebServiceException(e);
ohair@286	336	}
ohair@286	337
ohair@286	338	return workaroundCatalogResolver(catalog);
ohair@286	339	}
ohair@286	340
ohair@286	341	/**
ohair@286	342	* Default CatalogResolver implementation is broken as it depends on CatalogManager.getCatalog() which will always create a new one when
ohair@286	343	* useStaticCatalog is false.
ohair@286	344	* This returns a CatalogResolver that uses the catalog passed as parameter.
ohair@286	345	* @param catalog
ohair@286	346	* @return CatalogResolver
ohair@286	347	*/
ohair@286	348	private static CatalogResolver workaroundCatalogResolver(final Catalog catalog) {
ohair@286	349	// set up a manager
ohair@286	350	CatalogManager manager = new CatalogManager() {
ohair@286	351	@Override
ohair@286	352	public Catalog getCatalog() {
ohair@286	353	return catalog;
ohair@286	354	}
ohair@286	355	};
ohair@286	356	manager.setIgnoreMissingProperties(true);
ohair@286	357	// Using static catalog may result in to sharing of the catalog by multiple apps running in a container
ohair@286	358	manager.setUseStaticCatalog(false);
ohair@286	359
ohair@286	360	return new CatalogResolver(manager);
ohair@286	361	}
ohair@286	362
ohair@286	363	/**
ohair@286	364	* {@link ErrorHandler} that always treat the error as fatal.
ohair@286	365	*/
ohair@286	366	public static final ErrorHandler DRACONIAN_ERROR_HANDLER = new ErrorHandler() {
alanb@368	367	@Override
ohair@286	368	public void warning(SAXParseException exception) {
ohair@286	369	}
ohair@286	370
alanb@368	371	@Override
ohair@286	372	public void error(SAXParseException exception) throws SAXException {
ohair@286	373	throw exception;
ohair@286	374	}
ohair@286	375
alanb@368	376	@Override
ohair@286	377	public void fatalError(SAXParseException exception) throws SAXException {
ohair@286	378	throw exception;
ohair@286	379	}
ohair@286	380	};
alanb@368	381
alanb@368	382	public static DocumentBuilderFactory newDocumentBuilderFactory() {
aefimov@1386	383	return newDocumentBuilderFactory(false);
alanb@368	384	}
alanb@368	385
aefimov@1386	386	public static DocumentBuilderFactory newDocumentBuilderFactory(boolean disableSecurity) {
alanb@368	387	DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
aefimov@1386	388	String featureToSet = XMLConstants.FEATURE_SECURE_PROCESSING;
alanb@368	389	try {
aefimov@1386	390	boolean securityOn = !isXMLSecurityDisabled(disableSecurity);
aefimov@1386	391	factory.setFeature(featureToSet, securityOn);
aefimov@1386	392	factory.setNamespaceAware(true);
aefimov@1386	393	if (securityOn) {
aefimov@1386	394	factory.setExpandEntityReferences(false);
aefimov@1386	395	featureToSet = DISALLOW_DOCTYPE_DECL;
aefimov@1386	396	factory.setFeature(featureToSet, true);
aefimov@1386	397	featureToSet = EXTERNAL_GE;
aefimov@1386	398	factory.setFeature(featureToSet, false);
aefimov@1386	399	featureToSet = EXTERNAL_PE;
aefimov@1386	400	factory.setFeature(featureToSet, false);
aefimov@1386	401	featureToSet = LOAD_EXTERNAL_DTD;
aefimov@1386	402	factory.setFeature(featureToSet, false);
aefimov@1386	403	}
alanb@368	404	} catch (ParserConfigurationException e) {
aefimov@1386	405	LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support "+featureToSet+" feature!", new Object[] {factory.getClass().getName()} );
alanb@368	406	}
alanb@368	407	return factory;
alanb@368	408	}
alanb@368	409
alanb@368	410	public static TransformerFactory newTransformerFactory(boolean secureXmlProcessingEnabled) {
alanb@368	411	TransformerFactory factory = TransformerFactory.newInstance();
alanb@368	412	try {
mkos@408	413	factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, isXMLSecurityDisabled(secureXmlProcessingEnabled));
alanb@368	414	} catch (TransformerConfigurationException e) {
mkos@408	415	LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support secure xml processing!", new Object[]{factory.getClass().getName()});
alanb@368	416	}
alanb@368	417	return factory;
alanb@368	418	}
alanb@368	419
alanb@368	420	public static TransformerFactory newTransformerFactory() {
alanb@368	421	return newTransformerFactory(true);
alanb@368	422	}
alanb@368	423
aefimov@1386	424	public static SAXParserFactory newSAXParserFactory(boolean disableSecurity) {
alanb@368	425	SAXParserFactory factory = SAXParserFactory.newInstance();
aefimov@1386	426	String featureToSet = XMLConstants.FEATURE_SECURE_PROCESSING;
alanb@368	427	try {
aefimov@1386	428	boolean securityOn = !isXMLSecurityDisabled(disableSecurity);
aefimov@1386	429	factory.setFeature(featureToSet, securityOn);
aefimov@1386	430	factory.setNamespaceAware(true);
aefimov@1386	431	if (securityOn) {
aefimov@1386	432	featureToSet = DISALLOW_DOCTYPE_DECL;
aefimov@1386	433	factory.setFeature(featureToSet, true);
aefimov@1386	434	featureToSet = EXTERNAL_GE;
aefimov@1386	435	factory.setFeature(featureToSet, false);
aefimov@1386	436	featureToSet = EXTERNAL_PE;
aefimov@1386	437	factory.setFeature(featureToSet, false);
aefimov@1386	438	featureToSet = LOAD_EXTERNAL_DTD;
aefimov@1386	439	factory.setFeature(featureToSet, false);
aefimov@1386	440	}
aefimov@1386	441	} catch (ParserConfigurationException | SAXNotRecognizedException | SAXNotSupportedException e) {
aefimov@1386	442	LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support "+featureToSet+" feature!", new Object[]{factory.getClass().getName()});
alanb@368	443	}
alanb@368	444	return factory;
alanb@368	445	}
alanb@368	446
alanb@368	447	public static XPathFactory newXPathFactory(boolean secureXmlProcessingEnabled) {
alanb@368	448	XPathFactory factory = XPathFactory.newInstance();
alanb@368	449	try {
mkos@408	450	factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, isXMLSecurityDisabled(secureXmlProcessingEnabled));
alanb@368	451	} catch (XPathFactoryConfigurationException e) {
mkos@408	452	LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support secure xml processing!", new Object[] { factory.getClass().getName() } );
alanb@368	453	}
alanb@368	454	return factory;
alanb@368	455	}
alanb@368	456
alanb@368	457	public static XMLInputFactory newXMLInputFactory(boolean secureXmlProcessingEnabled) {
alanb@368	458	XMLInputFactory factory = XMLInputFactory.newInstance();
mkos@408	459	if (isXMLSecurityDisabled(secureXmlProcessingEnabled)) {
alanb@368	460	// TODO-Miran: are those apppropriate defaults?
alanb@368	461	factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
alanb@368	462	factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
alanb@368	463	}
alanb@368	464	return factory;
alanb@368	465	}
alanb@368	466
mkos@408	467	private static boolean isXMLSecurityDisabled(boolean runtimeDisabled) {
mkos@408	468	return XML_SECURITY_DISABLED || runtimeDisabled;
alanb@368	469	}
alanb@368	470
mkos@408	471	public static SchemaFactory allowExternalAccess(SchemaFactory sf, String value, boolean disableSecureProcessing) {
mkos@397	472
mkos@408	473	// if xml security (feature secure processing) disabled, nothing to do, no restrictions applied
mkos@408	474	if (isXMLSecurityDisabled(disableSecureProcessing)) {
mkos@408	475	if (LOGGER.isLoggable(Level.FINE)) {
mkos@408	476	LOGGER.log(Level.FINE, "Xml Security disabled, no JAXP xsd external access configuration necessary.");
mkos@408	477	}
mkos@408	478	return sf;
mkos@408	479	}
mkos@408	480
mkos@408	481	if (System.getProperty("javax.xml.accessExternalSchema") != null) {
mkos@408	482	if (LOGGER.isLoggable(Level.FINE)) {
mkos@408	483	LOGGER.log(Level.FINE, "Detected explicitly JAXP configuration, no JAXP xsd external access configuration necessary.");
mkos@408	484	}
mkos@397	485	return sf;
mkos@397	486	}
mkos@397	487
mkos@397	488	try {
mkos@408	489	sf.setProperty(ACCESS_EXTERNAL_SCHEMA, value);
mkos@408	490	if (LOGGER.isLoggable(Level.FINE)) {
mkos@408	491	LOGGER.log(Level.FINE, "Property \"{0}\" is supported and has been successfully set by used JAXP implementation.", new Object[]{ACCESS_EXTERNAL_SCHEMA});
mkos@408	492	}
mkos@397	493	} catch (SAXException ignored) {
mkos@408	494	// nothing to do; support depends on version JDK or SAX implementation
mkos@408	495	if (LOGGER.isLoggable(Level.CONFIG)) {
mkos@408	496	LOGGER.log(Level.CONFIG, "Property \"{0}\" is not supported by used JAXP implementation.", new Object[]{ACCESS_EXTERNAL_SCHEMA});
mkos@408	497	}
mkos@397	498	}
mkos@397	499	return sf;
mkos@397	500	}
mkos@408	501
ohair@286	502	}