Thu, 31 Aug 2017 15:18:52 +0800
merge
aoqi@0 | 1 | /* |
aoqi@0 | 2 | * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. |
aoqi@0 | 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
aoqi@0 | 4 | * |
aoqi@0 | 5 | * This code is free software; you can redistribute it and/or modify it |
aoqi@0 | 6 | * under the terms of the GNU General Public License version 2 only, as |
aoqi@0 | 7 | * published by the Free Software Foundation. Oracle designates this |
aoqi@0 | 8 | * particular file as subject to the "Classpath" exception as provided |
aoqi@0 | 9 | * by Oracle in the LICENSE file that accompanied this code. |
aoqi@0 | 10 | * |
aoqi@0 | 11 | * This code is distributed in the hope that it will be useful, but WITHOUT |
aoqi@0 | 12 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
aoqi@0 | 13 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
aoqi@0 | 14 | * version 2 for more details (a copy is included in the LICENSE file that |
aoqi@0 | 15 | * accompanied this code). |
aoqi@0 | 16 | * |
aoqi@0 | 17 | * You should have received a copy of the GNU General Public License version |
aoqi@0 | 18 | * 2 along with this work; if not, write to the Free Software Foundation, |
aoqi@0 | 19 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
aoqi@0 | 20 | * |
aoqi@0 | 21 | * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
aoqi@0 | 22 | * or visit www.oracle.com if you need additional information or have any |
aoqi@0 | 23 | * questions. |
aoqi@0 | 24 | */ |
aoqi@0 | 25 | |
aoqi@0 | 26 | package com.sun.xml.internal.xsom.parser; |
aoqi@0 | 27 | |
aoqi@0 | 28 | import java.io.IOException; |
aoqi@0 | 29 | import java.net.URL; |
aoqi@0 | 30 | import java.util.logging.Level; |
aoqi@0 | 31 | import java.util.logging.Logger; |
aoqi@0 | 32 | |
aoqi@0 | 33 | import javax.xml.parsers.ParserConfigurationException; |
aoqi@0 | 34 | import javax.xml.parsers.SAXParser; |
aoqi@0 | 35 | import javax.xml.parsers.SAXParserFactory; |
aoqi@0 | 36 | |
aoqi@0 | 37 | import org.xml.sax.*; |
aoqi@0 | 38 | import org.xml.sax.helpers.XMLFilterImpl; |
aoqi@0 | 39 | |
aoqi@0 | 40 | import com.sun.xml.internal.xsom.impl.parser.Messages; |
aoqi@0 | 41 | |
aoqi@0 | 42 | /** |
aoqi@0 | 43 | * Standard XMLParser implemented by using JAXP. |
aoqi@0 | 44 | * |
aoqi@0 | 45 | * @author |
aoqi@0 | 46 | * Kohsuke Kawaguchi (kohsuke.kawaguchi@sun.com) |
aoqi@0 | 47 | */ |
aoqi@0 | 48 | public class JAXPParser implements XMLParser { |
aoqi@0 | 49 | |
aoqi@0 | 50 | // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used |
aoqi@0 | 51 | private static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema"; |
aoqi@0 | 52 | |
aoqi@0 | 53 | private static final Logger LOGGER = Logger.getLogger(JAXPParser.class.getName()); |
aoqi@0 | 54 | |
aoqi@0 | 55 | private final SAXParserFactory factory; |
aoqi@0 | 56 | |
aoqi@0 | 57 | public JAXPParser( SAXParserFactory factory ) { |
aoqi@0 | 58 | factory.setNamespaceAware(true); // just in case |
aoqi@0 | 59 | this.factory = factory; |
aoqi@0 | 60 | } |
aoqi@0 | 61 | |
aoqi@0 | 62 | /** |
aoqi@0 | 63 | * @deprecated Unsafe, use JAXPParser(factory) instead with |
aoqi@0 | 64 | * security features initialized by setting |
aoqi@0 | 65 | * XMLConstants.FEATURE_SECURE_PROCESSING feature. |
aoqi@0 | 66 | */ |
aoqi@0 | 67 | public JAXPParser() { |
aoqi@0 | 68 | this( SAXParserFactory.newInstance()); |
aoqi@0 | 69 | } |
aoqi@0 | 70 | |
aoqi@0 | 71 | public void parse( InputSource source, ContentHandler handler, |
aoqi@0 | 72 | ErrorHandler errorHandler, EntityResolver entityResolver ) |
aoqi@0 | 73 | |
aoqi@0 | 74 | throws SAXException, IOException { |
aoqi@0 | 75 | |
aoqi@0 | 76 | try { |
aoqi@0 | 77 | SAXParser saxParser = allowFileAccess(factory.newSAXParser(), false); |
aoqi@0 | 78 | XMLReader reader = new XMLReaderEx(saxParser.getXMLReader()); |
aoqi@0 | 79 | |
aoqi@0 | 80 | reader.setContentHandler(handler); |
aoqi@0 | 81 | if(errorHandler!=null) |
aoqi@0 | 82 | reader.setErrorHandler(errorHandler); |
aoqi@0 | 83 | if(entityResolver!=null) |
aoqi@0 | 84 | reader.setEntityResolver(entityResolver); |
aoqi@0 | 85 | reader.parse(source); |
aoqi@0 | 86 | } catch( ParserConfigurationException e ) { |
aoqi@0 | 87 | // in practice this won't happen |
aoqi@0 | 88 | SAXParseException spe = new SAXParseException(e.getMessage(),null,e); |
aoqi@0 | 89 | errorHandler.fatalError(spe); |
aoqi@0 | 90 | throw spe; |
aoqi@0 | 91 | } |
aoqi@0 | 92 | } |
aoqi@0 | 93 | |
aoqi@0 | 94 | private static SAXParser allowFileAccess(SAXParser saxParser, boolean disableSecureProcessing) throws SAXException { |
aoqi@0 | 95 | |
aoqi@0 | 96 | // if feature secure processing enabled, nothing to do, file is allowed, |
aoqi@0 | 97 | // or user is able to control access by standard JAXP mechanisms |
aoqi@0 | 98 | if (disableSecureProcessing) { |
aoqi@0 | 99 | return saxParser; |
aoqi@0 | 100 | } |
aoqi@0 | 101 | |
aoqi@0 | 102 | try { |
aoqi@0 | 103 | saxParser.setProperty(ACCESS_EXTERNAL_SCHEMA, "file"); |
aoqi@0 | 104 | LOGGER.log(Level.FINE, Messages.format(Messages.JAXP_SUPPORTED_PROPERTY, ACCESS_EXTERNAL_SCHEMA)); |
aoqi@0 | 105 | } catch (SAXException ignored) { |
aoqi@0 | 106 | // nothing to do; support depends on version JDK or SAX implementation |
aoqi@0 | 107 | LOGGER.log(Level.CONFIG, Messages.format(Messages.JAXP_UNSUPPORTED_PROPERTY, ACCESS_EXTERNAL_SCHEMA), ignored); |
aoqi@0 | 108 | } |
aoqi@0 | 109 | return saxParser; |
aoqi@0 | 110 | } |
aoqi@0 | 111 | |
aoqi@0 | 112 | /** |
aoqi@0 | 113 | * XMLReader with improved error message for entity resolution failure. |
aoqi@0 | 114 | * |
aoqi@0 | 115 | * TODO: this class is completely stand-alone, so it shouldn't be |
aoqi@0 | 116 | * an inner class. |
aoqi@0 | 117 | */ |
aoqi@0 | 118 | private static class XMLReaderEx extends XMLFilterImpl { |
aoqi@0 | 119 | |
aoqi@0 | 120 | private Locator locator; |
aoqi@0 | 121 | |
aoqi@0 | 122 | XMLReaderEx( XMLReader parent ) { |
aoqi@0 | 123 | this.setParent(parent); |
aoqi@0 | 124 | } |
aoqi@0 | 125 | |
aoqi@0 | 126 | /** |
aoqi@0 | 127 | * Resolves entities and reports user-friendly error messages. |
aoqi@0 | 128 | * |
aoqi@0 | 129 | * <p> |
aoqi@0 | 130 | * Some XML parser (at least Xerces) does not report much information |
aoqi@0 | 131 | * when it fails to resolve an entity, which is often quite |
aoqi@0 | 132 | * frustrating. For example, if you are behind a firewall and the |
aoqi@0 | 133 | * schema contains a reference to www.w3.org, and there is no |
aoqi@0 | 134 | * entity resolver, the parser will just throw an IOException |
aoqi@0 | 135 | * that doesn't contain any information about where that reference |
aoqi@0 | 136 | * occurs nor what it is accessing. |
aoqi@0 | 137 | * |
aoqi@0 | 138 | * <p> |
aoqi@0 | 139 | * By implementing an EntityResolver and resolving the reference |
aoqi@0 | 140 | * by ourselves, we can report an error message with all the |
aoqi@0 | 141 | * necessary information to fix the problem. |
aoqi@0 | 142 | * |
aoqi@0 | 143 | * <p> |
aoqi@0 | 144 | * Note that we still need to the client-specified entity resolver |
aoqi@0 | 145 | * to let the application handle entity resolution. Here we just catch |
aoqi@0 | 146 | * an IOException and add more information. |
aoqi@0 | 147 | */ |
aoqi@0 | 148 | @Override |
aoqi@0 | 149 | public InputSource resolveEntity(String publicId, String systemId) throws SAXException { |
aoqi@0 | 150 | try { |
aoqi@0 | 151 | InputSource is=null; |
aoqi@0 | 152 | |
aoqi@0 | 153 | // ask the client-specified entity resolver first |
aoqi@0 | 154 | if( this.getEntityResolver()!=null) |
aoqi@0 | 155 | is = this.getEntityResolver().resolveEntity(publicId,systemId); |
aoqi@0 | 156 | if( is!=null ) return is; // if that succeeds, fine. |
aoqi@0 | 157 | |
aoqi@0 | 158 | // rather than returning null, resolve it now |
aoqi@0 | 159 | // so that we can detect errors. |
aoqi@0 | 160 | is = new InputSource( new URL(systemId).openStream() ); |
aoqi@0 | 161 | is.setSystemId(systemId); |
aoqi@0 | 162 | is.setPublicId(publicId); |
aoqi@0 | 163 | return is; |
aoqi@0 | 164 | } catch( IOException e ) { |
aoqi@0 | 165 | // catch this error and provide a nice error message, rather than |
aoqi@0 | 166 | // just throwing this IOException. |
aoqi@0 | 167 | SAXParseException spe = new SAXParseException( |
aoqi@0 | 168 | Messages.format(Messages.ERR_ENTITY_RESOLUTION_FAILURE, |
aoqi@0 | 169 | systemId, e.toString()), // use the toString method to get the class name |
aoqi@0 | 170 | locator, e ); |
aoqi@0 | 171 | if(this.getErrorHandler()!=null) |
aoqi@0 | 172 | this.getErrorHandler().fatalError(spe); |
aoqi@0 | 173 | throw spe; |
aoqi@0 | 174 | } |
aoqi@0 | 175 | } |
aoqi@0 | 176 | |
aoqi@0 | 177 | @Override |
aoqi@0 | 178 | public void setDocumentLocator(Locator locator) { |
aoqi@0 | 179 | super.setDocumentLocator(locator); |
aoqi@0 | 180 | this.locator = locator; |
aoqi@0 | 181 | } |
aoqi@0 | 182 | } |
aoqi@0 | 183 | } |