Mercurial > jdk8-mips64-public > jaxws / annotate

src/share/jaxws_classes/com/sun/xml/internal/ws/util/xml/XmlUtil.java@a90b319bae7a (annotated)

src/share/jaxws_classes/com/sun/xml/internal/ws/util/xml/XmlUtil.java

Thu, 24 May 2018 17:55:52 +0800

author
aoqi
date
Thu, 24 May 2018 17:55:52 +0800
changeset 1435
a90b319bae7a
parent 1386
65d3b0e44551
parent 760
e530533619ec
permissions
-rw-r--r--

Merge

aoqi@0 1 /*
aefimov@1386 2 * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
aoqi@0 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
aoqi@0 4 *
aoqi@0 5 * This code is free software; you can redistribute it and/or modify it
aoqi@0 6 * under the terms of the GNU General Public License version 2 only, as
aoqi@0 7 * published by the Free Software Foundation. Oracle designates this
aoqi@0 8 * particular file as subject to the "Classpath" exception as provided
aoqi@0 9 * by Oracle in the LICENSE file that accompanied this code.
aoqi@0 10 *
aoqi@0 11 * This code is distributed in the hope that it will be useful, but WITHOUT
aoqi@0 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
aoqi@0 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
aoqi@0 14 * version 2 for more details (a copy is included in the LICENSE file that
aoqi@0 15 * accompanied this code).
aoqi@0 16 *
aoqi@0 17 * You should have received a copy of the GNU General Public License version
aoqi@0 18 * 2 along with this work; if not, write to the Free Software Foundation,
aoqi@0 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
aoqi@0 20 *
aoqi@0 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
aoqi@0 22 * or visit www.oracle.com if you need additional information or have any
aoqi@0 23 * questions.
aoqi@0 24 */
aoqi@0 25
aoqi@0 26 package com.sun.xml.internal.ws.util.xml;
aoqi@0 27
aoqi@0 28 import com.sun.istack.internal.Nullable;
aoqi@0 29 import com.sun.org.apache.xml.internal.resolver.Catalog;
aoqi@0 30 import com.sun.org.apache.xml.internal.resolver.CatalogManager;
aoqi@0 31 import com.sun.org.apache.xml.internal.resolver.tools.CatalogResolver;
aoqi@0 32 import com.sun.xml.internal.ws.server.ServerRtException;
aoqi@0 33 import com.sun.xml.internal.ws.util.ByteArrayBuffer;
aoqi@0 34 import org.w3c.dom.Attr;
aoqi@0 35 import org.w3c.dom.Element;
aoqi@0 36 import org.w3c.dom.EntityReference;
aoqi@0 37 import org.w3c.dom.Node;
aoqi@0 38 import org.w3c.dom.NodeList;
aoqi@0 39 import org.w3c.dom.Text;
aoqi@0 40 import org.xml.sax.*;
aoqi@0 41
aoqi@0 42 import javax.xml.XMLConstants;
aoqi@0 43 import javax.xml.namespace.QName;
aoqi@0 44 import javax.xml.parsers.DocumentBuilderFactory;
aoqi@0 45 import javax.xml.parsers.ParserConfigurationException;
aoqi@0 46 import javax.xml.parsers.SAXParserFactory;
aoqi@0 47 import javax.xml.stream.XMLInputFactory;
aoqi@0 48 import javax.xml.transform.Result;
aoqi@0 49 import javax.xml.transform.Source;
aoqi@0 50 import javax.xml.transform.Transformer;
aoqi@0 51 import javax.xml.transform.TransformerConfigurationException;
aoqi@0 52 import javax.xml.transform.TransformerException;
aoqi@0 53 import javax.xml.transform.TransformerFactory;
aoqi@0 54 import javax.xml.transform.sax.SAXTransformerFactory;
aoqi@0 55 import javax.xml.transform.sax.TransformerHandler;
aoqi@0 56 import javax.xml.transform.stream.StreamSource;
aoqi@0 57 import javax.xml.validation.SchemaFactory;
aoqi@0 58 import javax.xml.ws.WebServiceException;
aoqi@0 59 import javax.xml.xpath.XPathFactory;
aoqi@0 60 import javax.xml.xpath.XPathFactoryConfigurationException;
aoqi@0 61 import java.io.IOException;
aoqi@0 62 import java.io.InputStream;
aoqi@0 63 import java.io.OutputStreamWriter;
aoqi@0 64 import java.io.Writer;
aoqi@0 65 import java.net.URL;
mkos@721 66 import java.security.AccessController;
mkos@721 67 import java.security.PrivilegedAction;
aoqi@0 68 import java.util.ArrayList;
aoqi@0 69 import java.util.Enumeration;
aoqi@0 70 import java.util.Iterator;
aoqi@0 71 import java.util.List;
aoqi@0 72 import java.util.StringTokenizer;
aoqi@0 73 import java.util.logging.Level;
aoqi@0 74 import java.util.logging.Logger;
aoqi@0 75
aoqi@0 76 /**
aoqi@0 77 * @author WS Development Team
aoqi@0 78 */
aoqi@0 79 public class XmlUtil {
aoqi@0 80
aoqi@0 81 // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used
aoqi@0 82 private static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema";
aoqi@0 83
aoqi@0 84 private final static String LEXICAL_HANDLER_PROPERTY =
aoqi@0 85 "http://xml.org/sax/properties/lexical-handler";
aoqi@0 86
aefimov@1386 87 private static final String DISALLOW_DOCTYPE_DECL = "http://apache.org/xml/features/disallow-doctype-decl";
aefimov@1386 88
aefimov@1386 89 private static final String EXTERNAL_GE = "http://xml.org/sax/features/external-general-entities";
aefimov@1386 90
aefimov@1386 91 private static final String EXTERNAL_PE = "http://xml.org/sax/features/external-parameter-entities";
aefimov@1386 92
aefimov@1386 93 private static final String LOAD_EXTERNAL_DTD = "http://apache.org/xml/features/nonvalidating/load-external-dtd";
aefimov@1386 94
aoqi@0 95 private static final Logger LOGGER = Logger.getLogger(XmlUtil.class.getName());
aoqi@0 96
mkos@721 97 private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.ws.disableXmlSecurity";
aoqi@0 98
mkos@721 99 private static boolean XML_SECURITY_DISABLED = AccessController.doPrivileged(
mkos@721 100 new PrivilegedAction<Boolean>() {
mkos@721 101 @Override
mkos@721 102 public Boolean run() {
mkos@721 103 return Boolean.getBoolean(DISABLE_XML_SECURITY);
mkos@721 104 }
mkos@721 105 }
mkos@721 106 );
aoqi@0 107
aoqi@0 108 public static String getPrefix(String s) {
aoqi@0 109 int i = s.indexOf(':');
aoqi@0 110 if (i == -1)
aoqi@0 111 return null;
aoqi@0 112 return s.substring(0, i);
aoqi@0 113 }
aoqi@0 114
aoqi@0 115 public static String getLocalPart(String s) {
aoqi@0 116 int i = s.indexOf(':');
aoqi@0 117 if (i == -1)
aoqi@0 118 return s;
aoqi@0 119 return s.substring(i + 1);
aoqi@0 120 }
aoqi@0 121
aoqi@0 122
aoqi@0 123
aoqi@0 124 public static String getAttributeOrNull(Element e, String name) {
aoqi@0 125 Attr a = e.getAttributeNode(name);
aoqi@0 126 if (a == null)
aoqi@0 127 return null;
aoqi@0 128 return a.getValue();
aoqi@0 129 }
aoqi@0 130
aoqi@0 131 public static String getAttributeNSOrNull(
aoqi@0 132 Element e,
aoqi@0 133 String name,
aoqi@0 134 String nsURI) {
aoqi@0 135 Attr a = e.getAttributeNodeNS(nsURI, name);
aoqi@0 136 if (a == null)
aoqi@0 137 return null;
aoqi@0 138 return a.getValue();
aoqi@0 139 }
aoqi@0 140
aoqi@0 141 public static String getAttributeNSOrNull(
aoqi@0 142 Element e,
aoqi@0 143 QName name) {
aoqi@0 144 Attr a = e.getAttributeNodeNS(name.getNamespaceURI(), name.getLocalPart());
aoqi@0 145 if (a == null)
aoqi@0 146 return null;
aoqi@0 147 return a.getValue();
aoqi@0 148 }
aoqi@0 149
aoqi@0 150 /* public static boolean matchesTagNS(Element e, String tag, String nsURI) {
aoqi@0 151 try {
aoqi@0 152 return e.getLocalName().equals(tag)
aoqi@0 153 && e.getNamespaceURI().equals(nsURI);
aoqi@0 154 } catch (NullPointerException npe) {
aoqi@0 155
aoqi@0 156 // localname not null since parsing would fail before here
aoqi@0 157 throw new WSDLParseException(
aoqi@0 158 "null.namespace.found",
aoqi@0 159 e.getLocalName());
aoqi@0 160 }
aoqi@0 161 }
aoqi@0 162
aoqi@0 163 public static boolean matchesTagNS(
aoqi@0 164 Element e,
aoqi@0 165 javax.xml.namespace.QName name) {
aoqi@0 166 try {
aoqi@0 167 return e.getLocalName().equals(name.getLocalPart())
aoqi@0 168 && e.getNamespaceURI().equals(name.getNamespaceURI());
aoqi@0 169 } catch (NullPointerException npe) {
aoqi@0 170
aoqi@0 171 // localname not null since parsing would fail before here
aoqi@0 172 throw new WSDLParseException(
aoqi@0 173 "null.namespace.found",
aoqi@0 174 e.getLocalName());
aoqi@0 175 }
aoqi@0 176 }*/
aoqi@0 177
aoqi@0 178 public static Iterator getAllChildren(Element element) {
aoqi@0 179 return new NodeListIterator(element.getChildNodes());
aoqi@0 180 }
aoqi@0 181
aoqi@0 182 public static Iterator getAllAttributes(Element element) {
aoqi@0 183 return new NamedNodeMapIterator(element.getAttributes());
aoqi@0 184 }
aoqi@0 185
aoqi@0 186 public static List<String> parseTokenList(String tokenList) {
aoqi@0 187 List<String> result = new ArrayList<String>();
aoqi@0 188 StringTokenizer tokenizer = new StringTokenizer(tokenList, " ");
aoqi@0 189 while (tokenizer.hasMoreTokens()) {
aoqi@0 190 result.add(tokenizer.nextToken());
aoqi@0 191 }
aoqi@0 192 return result;
aoqi@0 193 }
aoqi@0 194
aoqi@0 195 public static String getTextForNode(Node node) {
aoqi@0 196 StringBuilder sb = new StringBuilder();
aoqi@0 197
aoqi@0 198 NodeList children = node.getChildNodes();
aoqi@0 199 if (children.getLength() == 0)
aoqi@0 200 return null;
aoqi@0 201
aoqi@0 202 for (int i = 0; i < children.getLength(); ++i) {
aoqi@0 203 Node n = children.item(i);
aoqi@0 204
aoqi@0 205 if (n instanceof Text)
aoqi@0 206 sb.append(n.getNodeValue());
aoqi@0 207 else if (n instanceof EntityReference) {
aoqi@0 208 String s = getTextForNode(n);
aoqi@0 209 if (s == null)
aoqi@0 210 return null;
aoqi@0 211 else
aoqi@0 212 sb.append(s);
aoqi@0 213 } else
aoqi@0 214 return null;
aoqi@0 215 }
aoqi@0 216
aoqi@0 217 return sb.toString();
aoqi@0 218 }
aoqi@0 219
aoqi@0 220 public static InputStream getUTF8Stream(String s) {
aoqi@0 221 try {
aoqi@0 222 ByteArrayBuffer bab = new ByteArrayBuffer();
aoqi@0 223 Writer w = new OutputStreamWriter(bab, "utf-8");
aoqi@0 224 w.write(s);
aoqi@0 225 w.close();
aoqi@0 226 return bab.newInputStream();
aoqi@0 227 } catch (IOException e) {
aoqi@0 228 throw new RuntimeException("should not happen");
aoqi@0 229 }
aoqi@0 230 }
aoqi@0 231
aoqi@0 232 static final ContextClassloaderLocal<TransformerFactory> transformerFactory = new ContextClassloaderLocal<TransformerFactory>() {
aoqi@0 233 @Override
aoqi@0 234 protected TransformerFactory initialValue() throws Exception {
aoqi@0 235 return TransformerFactory.newInstance();
aoqi@0 236 }
aoqi@0 237 };
aoqi@0 238
aoqi@0 239 static final ContextClassloaderLocal<SAXParserFactory> saxParserFactory = new ContextClassloaderLocal<SAXParserFactory>() {
aoqi@0 240 @Override
aoqi@0 241 protected SAXParserFactory initialValue() throws Exception {
aoqi@0 242 SAXParserFactory factory = SAXParserFactory.newInstance();
aoqi@0 243 factory.setNamespaceAware(true);
aoqi@0 244 return factory;
aoqi@0 245 }
aoqi@0 246 };
aoqi@0 247
aoqi@0 248 /**
aoqi@0 249 * Creates a new identity transformer.
aoqi@0 250 */
aoqi@0 251 public static Transformer newTransformer() {
aoqi@0 252 try {
aoqi@0 253 return transformerFactory.get().newTransformer();
aoqi@0 254 } catch (TransformerConfigurationException tex) {
aoqi@0 255 throw new IllegalStateException("Unable to create a JAXP transformer");
aoqi@0 256 }
aoqi@0 257 }
aoqi@0 258
aoqi@0 259 /**
aoqi@0 260 * Performs identity transformation.
aoqi@0 261 */
aoqi@0 262 public static <T extends Result>
aoqi@0 263 T identityTransform(Source src, T result) throws TransformerException, SAXException, ParserConfigurationException, IOException {
aoqi@0 264 if (src instanceof StreamSource) {
aoqi@0 265 // work around a bug in JAXP in JDK6u4 and earlier where the namespace processing
aoqi@0 266 // is not turned on by default
aoqi@0 267 StreamSource ssrc = (StreamSource) src;
aoqi@0 268 TransformerHandler th = ((SAXTransformerFactory) transformerFactory.get()).newTransformerHandler();
aoqi@0 269 th.setResult(result);
aoqi@0 270 XMLReader reader = saxParserFactory.get().newSAXParser().getXMLReader();
aoqi@0 271 reader.setContentHandler(th);
aoqi@0 272 reader.setProperty(LEXICAL_HANDLER_PROPERTY, th);
aoqi@0 273 reader.parse(toInputSource(ssrc));
aoqi@0 274 } else {
aoqi@0 275 newTransformer().transform(src, result);
aoqi@0 276 }
aoqi@0 277 return result;
aoqi@0 278 }
aoqi@0 279
aoqi@0 280 private static InputSource toInputSource(StreamSource src) {
aoqi@0 281 InputSource is = new InputSource();
aoqi@0 282 is.setByteStream(src.getInputStream());
aoqi@0 283 is.setCharacterStream(src.getReader());
aoqi@0 284 is.setPublicId(src.getPublicId());
aoqi@0 285 is.setSystemId(src.getSystemId());
aoqi@0 286 return is;
aoqi@0 287 }
aoqi@0 288
aoqi@0 289 /*
aoqi@0 290 * Gets an EntityResolver using XML catalog
aoqi@0 291 */
aoqi@0 292 public static EntityResolver createEntityResolver(@Nullable URL catalogUrl) {
aoqi@0 293 // set up a manager
aoqi@0 294 CatalogManager manager = new CatalogManager();
aoqi@0 295 manager.setIgnoreMissingProperties(true);
aoqi@0 296 // Using static catalog may result in to sharing of the catalog by multiple apps running in a container
aoqi@0 297 manager.setUseStaticCatalog(false);
aoqi@0 298 Catalog catalog = manager.getCatalog();
aoqi@0 299 try {
aoqi@0 300 if (catalogUrl != null) {
aoqi@0 301 catalog.parseCatalog(catalogUrl);
aoqi@0 302 }
aoqi@0 303 } catch (IOException e) {
aoqi@0 304 throw new ServerRtException("server.rt.err",e);
aoqi@0 305 }
aoqi@0 306 return workaroundCatalogResolver(catalog);
aoqi@0 307 }
aoqi@0 308
aoqi@0 309 /**
aoqi@0 310 * Gets a default EntityResolver for catalog at META-INF/jaxws-catalog.xml
aoqi@0 311 */
aoqi@0 312 public static EntityResolver createDefaultCatalogResolver() {
aoqi@0 313
aoqi@0 314 // set up a manager
aoqi@0 315 CatalogManager manager = new CatalogManager();
aoqi@0 316 manager.setIgnoreMissingProperties(true);
aoqi@0 317 // Using static catalog may result in to sharing of the catalog by multiple apps running in a container
aoqi@0 318 manager.setUseStaticCatalog(false);
aoqi@0 319 // parse the catalog
aoqi@0 320 ClassLoader cl = Thread.currentThread().getContextClassLoader();
aoqi@0 321 Enumeration<URL> catalogEnum;
aoqi@0 322 Catalog catalog = manager.getCatalog();
aoqi@0 323 try {
aoqi@0 324 if (cl == null) {
aoqi@0 325 catalogEnum = ClassLoader.getSystemResources("META-INF/jax-ws-catalog.xml");
aoqi@0 326 } else {
aoqi@0 327 catalogEnum = cl.getResources("META-INF/jax-ws-catalog.xml");
aoqi@0 328 }
aoqi@0 329
aoqi@0 330 while(catalogEnum.hasMoreElements()) {
aoqi@0 331 URL url = catalogEnum.nextElement();
aoqi@0 332 catalog.parseCatalog(url);
aoqi@0 333 }
aoqi@0 334 } catch (IOException e) {
aoqi@0 335 throw new WebServiceException(e);
aoqi@0 336 }
aoqi@0 337
aoqi@0 338 return workaroundCatalogResolver(catalog);
aoqi@0 339 }
aoqi@0 340
aoqi@0 341 /**
aoqi@0 342 * Default CatalogResolver implementation is broken as it depends on CatalogManager.getCatalog() which will always create a new one when
aoqi@0 343 * useStaticCatalog is false.
aoqi@0 344 * This returns a CatalogResolver that uses the catalog passed as parameter.
aoqi@0 345 * @param catalog
aoqi@0 346 * @return CatalogResolver
aoqi@0 347 */
aoqi@0 348 private static CatalogResolver workaroundCatalogResolver(final Catalog catalog) {
aoqi@0 349 // set up a manager
aoqi@0 350 CatalogManager manager = new CatalogManager() {
aoqi@0 351 @Override
aoqi@0 352 public Catalog getCatalog() {
aoqi@0 353 return catalog;
aoqi@0 354 }
aoqi@0 355 };
aoqi@0 356 manager.setIgnoreMissingProperties(true);
aoqi@0 357 // Using static catalog may result in to sharing of the catalog by multiple apps running in a container
aoqi@0 358 manager.setUseStaticCatalog(false);
aoqi@0 359
aoqi@0 360 return new CatalogResolver(manager);
aoqi@0 361 }
aoqi@0 362
aoqi@0 363 /**
aoqi@0 364 * {@link ErrorHandler} that always treat the error as fatal.
aoqi@0 365 */
aoqi@0 366 public static final ErrorHandler DRACONIAN_ERROR_HANDLER = new ErrorHandler() {
aoqi@0 367 @Override
aoqi@0 368 public void warning(SAXParseException exception) {
aoqi@0 369 }
aoqi@0 370
aoqi@0 371 @Override
aoqi@0 372 public void error(SAXParseException exception) throws SAXException {
aoqi@0 373 throw exception;
aoqi@0 374 }
aoqi@0 375
aoqi@0 376 @Override
aoqi@0 377 public void fatalError(SAXParseException exception) throws SAXException {
aoqi@0 378 throw exception;
aoqi@0 379 }
aoqi@0 380 };
aoqi@0 381
aoqi@0 382 public static DocumentBuilderFactory newDocumentBuilderFactory() {
aefimov@1386 383 return newDocumentBuilderFactory(false);
aoqi@0 384 }
aoqi@0 385
aefimov@1386 386 public static DocumentBuilderFactory newDocumentBuilderFactory(boolean disableSecurity) {
aoqi@0 387 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
aefimov@1386 388 String featureToSet = XMLConstants.FEATURE_SECURE_PROCESSING;
aoqi@0 389 try {
aefimov@1386 390 boolean securityOn = !isXMLSecurityDisabled(disableSecurity);
aefimov@1386 391 factory.setFeature(featureToSet, securityOn);
aefimov@1386 392 factory.setNamespaceAware(true);
aefimov@1386 393 if (securityOn) {
aefimov@1386 394 factory.setExpandEntityReferences(false);
aefimov@1386 395 featureToSet = DISALLOW_DOCTYPE_DECL;
aefimov@1386 396 factory.setFeature(featureToSet, true);
aefimov@1386 397 featureToSet = EXTERNAL_GE;
aefimov@1386 398 factory.setFeature(featureToSet, false);
aefimov@1386 399 featureToSet = EXTERNAL_PE;
aefimov@1386 400 factory.setFeature(featureToSet, false);
aefimov@1386 401 featureToSet = LOAD_EXTERNAL_DTD;
aefimov@1386 402 factory.setFeature(featureToSet, false);
aefimov@1386 403 }
aoqi@0 404 } catch (ParserConfigurationException e) {
aefimov@1386 405 LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support "+featureToSet+" feature!", new Object[] {factory.getClass().getName()} );
aoqi@0 406 }
aoqi@0 407 return factory;
aoqi@0 408 }
aoqi@0 409
aoqi@0 410 public static TransformerFactory newTransformerFactory(boolean secureXmlProcessingEnabled) {
aoqi@0 411 TransformerFactory factory = TransformerFactory.newInstance();
aoqi@0 412 try {
aoqi@0 413 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, isXMLSecurityDisabled(secureXmlProcessingEnabled));
aoqi@0 414 } catch (TransformerConfigurationException e) {
aoqi@0 415 LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support secure xml processing!", new Object[]{factory.getClass().getName()});
aoqi@0 416 }
aoqi@0 417 return factory;
aoqi@0 418 }
aoqi@0 419
aoqi@0 420 public static TransformerFactory newTransformerFactory() {
aoqi@0 421 return newTransformerFactory(true);
aoqi@0 422 }
aoqi@0 423
aefimov@1386 424 public static SAXParserFactory newSAXParserFactory(boolean disableSecurity) {
aoqi@0 425 SAXParserFactory factory = SAXParserFactory.newInstance();
aefimov@1386 426 String featureToSet = XMLConstants.FEATURE_SECURE_PROCESSING;
aoqi@0 427 try {
aefimov@1386 428 boolean securityOn = !isXMLSecurityDisabled(disableSecurity);
aefimov@1386 429 factory.setFeature(featureToSet, securityOn);
aefimov@1386 430 factory.setNamespaceAware(true);
aefimov@1386 431 if (securityOn) {
aefimov@1386 432 featureToSet = DISALLOW_DOCTYPE_DECL;
aefimov@1386 433 factory.setFeature(featureToSet, true);
aefimov@1386 434 featureToSet = EXTERNAL_GE;
aefimov@1386 435 factory.setFeature(featureToSet, false);
aefimov@1386 436 featureToSet = EXTERNAL_PE;
aefimov@1386 437 factory.setFeature(featureToSet, false);
aefimov@1386 438 featureToSet = LOAD_EXTERNAL_DTD;
aefimov@1386 439 factory.setFeature(featureToSet, false);
aefimov@1386 440 }
aefimov@1386 441 } catch (ParserConfigurationException | SAXNotRecognizedException | SAXNotSupportedException e) {
aefimov@1386 442 LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support "+featureToSet+" feature!", new Object[]{factory.getClass().getName()});
aoqi@0 443 }
aoqi@0 444 return factory;
aoqi@0 445 }
aoqi@0 446
aoqi@0 447 public static XPathFactory newXPathFactory(boolean secureXmlProcessingEnabled) {
aoqi@0 448 XPathFactory factory = XPathFactory.newInstance();
aoqi@0 449 try {
aoqi@0 450 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, isXMLSecurityDisabled(secureXmlProcessingEnabled));
aoqi@0 451 } catch (XPathFactoryConfigurationException e) {
aoqi@0 452 LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support secure xml processing!", new Object[] { factory.getClass().getName() } );
aoqi@0 453 }
aoqi@0 454 return factory;
aoqi@0 455 }
aoqi@0 456
aoqi@0 457 public static XMLInputFactory newXMLInputFactory(boolean secureXmlProcessingEnabled) {
aoqi@0 458 XMLInputFactory factory = XMLInputFactory.newInstance();
aoqi@0 459 if (isXMLSecurityDisabled(secureXmlProcessingEnabled)) {
aoqi@0 460 // TODO-Miran: are those apppropriate defaults?
aoqi@0 461 factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
aoqi@0 462 factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
aoqi@0 463 }
aoqi@0 464 return factory;
aoqi@0 465 }
aoqi@0 466
aoqi@0 467 private static boolean isXMLSecurityDisabled(boolean runtimeDisabled) {
aoqi@0 468 return XML_SECURITY_DISABLED || runtimeDisabled;
aoqi@0 469 }
aoqi@0 470
aoqi@0 471 public static SchemaFactory allowExternalAccess(SchemaFactory sf, String value, boolean disableSecureProcessing) {
aoqi@0 472
aoqi@0 473 // if xml security (feature secure processing) disabled, nothing to do, no restrictions applied
aoqi@0 474 if (isXMLSecurityDisabled(disableSecureProcessing)) {
aoqi@0 475 if (LOGGER.isLoggable(Level.FINE)) {
aoqi@0 476 LOGGER.log(Level.FINE, "Xml Security disabled, no JAXP xsd external access configuration necessary.");
aoqi@0 477 }
aoqi@0 478 return sf;
aoqi@0 479 }
aoqi@0 480
aoqi@0 481 if (System.getProperty("javax.xml.accessExternalSchema") != null) {
aoqi@0 482 if (LOGGER.isLoggable(Level.FINE)) {
aoqi@0 483 LOGGER.log(Level.FINE, "Detected explicitly JAXP configuration, no JAXP xsd external access configuration necessary.");
aoqi@0 484 }
aoqi@0 485 return sf;
aoqi@0 486 }
aoqi@0 487
aoqi@0 488 try {
aoqi@0 489 sf.setProperty(ACCESS_EXTERNAL_SCHEMA, value);
aoqi@0 490 if (LOGGER.isLoggable(Level.FINE)) {
aoqi@0 491 LOGGER.log(Level.FINE, "Property \"{0}\" is supported and has been successfully set by used JAXP implementation.", new Object[]{ACCESS_EXTERNAL_SCHEMA});
aoqi@0 492 }
aoqi@0 493 } catch (SAXException ignored) {
aoqi@0 494 // nothing to do; support depends on version JDK or SAX implementation
aoqi@0 495 if (LOGGER.isLoggable(Level.CONFIG)) {
aoqi@0 496 LOGGER.log(Level.CONFIG, "Property \"{0}\" is not supported by used JAXP implementation.", new Object[]{ACCESS_EXTERNAL_SCHEMA});
aoqi@0 497 }
aoqi@0 498 }
aoqi@0 499 return sf;
aoqi@0 500 }
aoqi@0 501
aoqi@0 502 }

Mercurial Repository: jdk8-mips64-public/jaxws

mercurial