Mercurial > jdk8-mips64-public > jaxws / annotate
src/share/jaxws_classes/com/sun/xml/internal/bind/v2/util/XmlFactory.java@e530533619ec (annotated)
src/share/jaxws_classes/com/sun/xml/internal/bind/v2/util/XmlFactory.java
Thu, 12 Oct 2017 19:44:07 +0800
- author
- aoqi
- date
- Thu, 12 Oct 2017 19:44:07 +0800
- changeset 760
- e530533619ec
- parent 721
- 06807f9a6835
- parent 637
- 9c07ef4934dd
- permissions
- -rw-r--r--
merge
| aoqi@0 | 1 | /* |
| mkos@721 | 2 | * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved. |
| aoqi@0 | 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| aoqi@0 | 4 | * |
| aoqi@0 | 5 | * This code is free software; you can redistribute it and/or modify it |
| aoqi@0 | 6 | * under the terms of the GNU General Public License version 2 only, as |
| aoqi@0 | 7 | * published by the Free Software Foundation. Oracle designates this |
| aoqi@0 | 8 | * particular file as subject to the "Classpath" exception as provided |
| aoqi@0 | 9 | * by Oracle in the LICENSE file that accompanied this code. |
| aoqi@0 | 10 | * |
| aoqi@0 | 11 | * This code is distributed in the hope that it will be useful, but WITHOUT |
| aoqi@0 | 12 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| aoqi@0 | 13 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| aoqi@0 | 14 | * version 2 for more details (a copy is included in the LICENSE file that |
| aoqi@0 | 15 | * accompanied this code). |
| aoqi@0 | 16 | * |
| aoqi@0 | 17 | * You should have received a copy of the GNU General Public License version |
| aoqi@0 | 18 | * 2 along with this work; if not, write to the Free Software Foundation, |
| aoqi@0 | 19 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| aoqi@0 | 20 | * |
| aoqi@0 | 21 | * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| aoqi@0 | 22 | * or visit www.oracle.com if you need additional information or have any |
| aoqi@0 | 23 | * questions. |
| aoqi@0 | 24 | */ |
| aoqi@0 | 25 | |
| aoqi@0 | 26 | package com.sun.xml.internal.bind.v2.util; |
| aoqi@0 | 27 | |
| aoqi@0 | 28 | import com.sun.xml.internal.bind.v2.Messages; |
| mkos@721 | 29 | |
| mkos@721 | 30 | import java.security.AccessController; |
| mkos@721 | 31 | import java.security.PrivilegedAction; |
| aoqi@0 | 32 | import java.util.logging.Level; |
| aoqi@0 | 33 | import java.util.logging.Logger; |
| aoqi@0 | 34 | import javax.xml.XMLConstants; |
| aoqi@0 | 35 | import javax.xml.parsers.DocumentBuilderFactory; |
| aoqi@0 | 36 | import javax.xml.parsers.ParserConfigurationException; |
| aoqi@0 | 37 | import javax.xml.parsers.SAXParserFactory; |
| aoqi@0 | 38 | import javax.xml.transform.TransformerConfigurationException; |
| aoqi@0 | 39 | import javax.xml.transform.TransformerFactory; |
| aoqi@0 | 40 | import javax.xml.validation.SchemaFactory; |
| aoqi@0 | 41 | import javax.xml.xpath.XPathFactory; |
| aoqi@0 | 42 | import javax.xml.xpath.XPathFactoryConfigurationException; |
| aoqi@0 | 43 | |
| aoqi@0 | 44 | import org.xml.sax.SAXException; |
| aoqi@0 | 45 | import org.xml.sax.SAXNotRecognizedException; |
| aoqi@0 | 46 | import org.xml.sax.SAXNotSupportedException; |
| aoqi@0 | 47 | |
| aoqi@0 | 48 | /** |
| aoqi@0 | 49 | * Provides helper methods for creating properly configured XML parser |
| aoqi@0 | 50 | * factory instances with namespace support turned on and configured for |
| aoqi@0 | 51 | * security. |
| aoqi@0 | 52 | * @author snajper |
| aoqi@0 | 53 | */ |
| aoqi@0 | 54 | public class XmlFactory { |
| aoqi@0 | 55 | |
| aoqi@0 | 56 | // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used |
| aoqi@0 | 57 | public static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema"; |
| aoqi@0 | 58 | public static final String ACCESS_EXTERNAL_DTD = "http://javax.xml.XMLConstants/property/accessExternalDTD"; |
| aoqi@0 | 59 | |
| aoqi@0 | 60 | private static final Logger LOGGER = Logger.getLogger(XmlFactory.class.getName()); |
| aoqi@0 | 61 | |
| aoqi@0 | 62 | /** |
| aoqi@0 | 63 | * If true XML security features when parsing XML documents will be disabled. |
| aoqi@0 | 64 | * The default value is false. |
| aoqi@0 | 65 | * |
| aoqi@0 | 66 | * Boolean |
| aoqi@0 | 67 | * @since 2.2.6 |
| aoqi@0 | 68 | */ |
| aoqi@0 | 69 | private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.bind.disableXmlSecurity"; |
| aoqi@0 | 70 | |
| mkos@721 | 71 | private static final boolean XML_SECURITY_DISABLED = AccessController.doPrivileged( |
| mkos@721 | 72 | new PrivilegedAction<Boolean>() { |
| mkos@721 | 73 | @Override |
| mkos@721 | 74 | public Boolean run() { |
| mkos@721 | 75 | return Boolean.getBoolean(DISABLE_XML_SECURITY); |
| mkos@721 | 76 | } |
| mkos@721 | 77 | } |
| mkos@721 | 78 | ); |
| aoqi@0 | 79 | |
| aoqi@0 | 80 | private static boolean isXMLSecurityDisabled(boolean runtimeSetting) { |
| aoqi@0 | 81 | return XML_SECURITY_DISABLED || runtimeSetting; |
| aoqi@0 | 82 | } |
| aoqi@0 | 83 | |
| aoqi@0 | 84 | /** |
| aoqi@0 | 85 | * Returns properly configured (e.g. security features) schema factory |
| aoqi@0 | 86 | * - namespaceAware == true |
| aoqi@0 | 87 | * - securityProcessing == is set based on security processing property, default is true |
| aoqi@0 | 88 | */ |
| aoqi@0 | 89 | public static SchemaFactory createSchemaFactory(final String language, boolean disableSecureProcessing) throws IllegalStateException { |
| aoqi@0 | 90 | try { |
| aoqi@0 | 91 | SchemaFactory factory = SchemaFactory.newInstance(language); |
| aoqi@0 | 92 | if (LOGGER.isLoggable(Level.FINE)) { |
| aoqi@0 | 93 | LOGGER.log(Level.FINE, "SchemaFactory instance: {0}", factory); |
| aoqi@0 | 94 | } |
| aoqi@0 | 95 | factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing)); |
| aoqi@0 | 96 | return factory; |
| aoqi@0 | 97 | } catch (SAXNotRecognizedException ex) { |
| aoqi@0 | 98 | LOGGER.log(Level.SEVERE, null, ex); |
| aoqi@0 | 99 | throw new IllegalStateException(ex); |
| aoqi@0 | 100 | } catch (SAXNotSupportedException ex) { |
| aoqi@0 | 101 | LOGGER.log(Level.SEVERE, null, ex); |
| aoqi@0 | 102 | throw new IllegalStateException(ex); |
| aoqi@0 | 103 | } catch (AbstractMethodError er) { |
| aoqi@0 | 104 | LOGGER.log(Level.SEVERE, null, er); |
| aoqi@0 | 105 | throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); |
| aoqi@0 | 106 | } |
| aoqi@0 | 107 | } |
| aoqi@0 | 108 | |
| aoqi@0 | 109 | /** |
| aoqi@0 | 110 | * Returns properly configured (e.g. security features) parser factory |
| aoqi@0 | 111 | * - namespaceAware == true |
| aoqi@0 | 112 | * - securityProcessing == is set based on security processing property, default is true |
| aoqi@0 | 113 | */ |
| aoqi@0 | 114 | public static SAXParserFactory createParserFactory(boolean disableSecureProcessing) throws IllegalStateException { |
| aoqi@0 | 115 | try { |
| aoqi@0 | 116 | SAXParserFactory factory = SAXParserFactory.newInstance(); |
| aoqi@0 | 117 | if (LOGGER.isLoggable(Level.FINE)) { |
| aoqi@0 | 118 | LOGGER.log(Level.FINE, "SAXParserFactory instance: {0}", factory); |
| aoqi@0 | 119 | } |
| aoqi@0 | 120 | factory.setNamespaceAware(true); |
| aoqi@0 | 121 | factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing)); |
| aoqi@0 | 122 | return factory; |
| aoqi@0 | 123 | } catch (ParserConfigurationException ex) { |
| aoqi@0 | 124 | LOGGER.log(Level.SEVERE, null, ex); |
| aoqi@0 | 125 | throw new IllegalStateException( ex); |
| aoqi@0 | 126 | } catch (SAXNotRecognizedException ex) { |
| aoqi@0 | 127 | LOGGER.log(Level.SEVERE, null, ex); |
| aoqi@0 | 128 | throw new IllegalStateException( ex); |
| aoqi@0 | 129 | } catch (SAXNotSupportedException ex) { |
| aoqi@0 | 130 | LOGGER.log(Level.SEVERE, null, ex); |
| aoqi@0 | 131 | throw new IllegalStateException( ex); |
| aoqi@0 | 132 | } catch (AbstractMethodError er) { |
| aoqi@0 | 133 | LOGGER.log(Level.SEVERE, null, er); |
| aoqi@0 | 134 | throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); |
| aoqi@0 | 135 | } |
| aoqi@0 | 136 | } |
| aoqi@0 | 137 | |
| aoqi@0 | 138 | /** |
| aoqi@0 | 139 | * Returns properly configured (e.g. security features) factory |
| aoqi@0 | 140 | * - securityProcessing == is set based on security processing property, default is true |
| aoqi@0 | 141 | */ |
| aoqi@0 | 142 | public static XPathFactory createXPathFactory(boolean disableSecureProcessing) throws IllegalStateException { |
| aoqi@0 | 143 | try { |
| aoqi@0 | 144 | XPathFactory factory = XPathFactory.newInstance(); |
| aoqi@0 | 145 | if (LOGGER.isLoggable(Level.FINE)) { |
| aoqi@0 | 146 | LOGGER.log(Level.FINE, "XPathFactory instance: {0}", factory); |
| aoqi@0 | 147 | } |
| aoqi@0 | 148 | factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing)); |
| aoqi@0 | 149 | return factory; |
| aoqi@0 | 150 | } catch (XPathFactoryConfigurationException ex) { |
| aoqi@0 | 151 | LOGGER.log(Level.SEVERE, null, ex); |
| aoqi@0 | 152 | throw new IllegalStateException( ex); |
| aoqi@0 | 153 | } catch (AbstractMethodError er) { |
| aoqi@0 | 154 | LOGGER.log(Level.SEVERE, null, er); |
| aoqi@0 | 155 | throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); |
| aoqi@0 | 156 | } |
| aoqi@0 | 157 | } |
| aoqi@0 | 158 | |
| aoqi@0 | 159 | /** |
| aoqi@0 | 160 | * Returns properly configured (e.g. security features) factory |
| aoqi@0 | 161 | * - securityProcessing == is set based on security processing property, default is true |
| aoqi@0 | 162 | */ |
| aoqi@0 | 163 | public static TransformerFactory createTransformerFactory(boolean disableSecureProcessing) throws IllegalStateException { |
| aoqi@0 | 164 | try { |
| aoqi@0 | 165 | TransformerFactory factory = TransformerFactory.newInstance(); |
| aoqi@0 | 166 | if (LOGGER.isLoggable(Level.FINE)) { |
| aoqi@0 | 167 | LOGGER.log(Level.FINE, "TransformerFactory instance: {0}", factory); |
| aoqi@0 | 168 | } |
| aoqi@0 | 169 | factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing)); |
| aoqi@0 | 170 | return factory; |
| aoqi@0 | 171 | } catch (TransformerConfigurationException ex) { |
| aoqi@0 | 172 | LOGGER.log(Level.SEVERE, null, ex); |
| aoqi@0 | 173 | throw new IllegalStateException( ex); |
| aoqi@0 | 174 | } catch (AbstractMethodError er) { |
| aoqi@0 | 175 | LOGGER.log(Level.SEVERE, null, er); |
| aoqi@0 | 176 | throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); |
| aoqi@0 | 177 | } |
| aoqi@0 | 178 | } |
| aoqi@0 | 179 | |
| aoqi@0 | 180 | /** |
| aoqi@0 | 181 | * Returns properly configured (e.g. security features) factory |
| aoqi@0 | 182 | * - namespaceAware == true |
| aoqi@0 | 183 | * - securityProcessing == is set based on security processing property, default is true |
| aoqi@0 | 184 | */ |
| aoqi@0 | 185 | public static DocumentBuilderFactory createDocumentBuilderFactory(boolean disableSecureProcessing) throws IllegalStateException { |
| aoqi@0 | 186 | try { |
| aoqi@0 | 187 | DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); |
| aoqi@0 | 188 | if (LOGGER.isLoggable(Level.FINE)) { |
| aoqi@0 | 189 | LOGGER.log(Level.FINE, "DocumentBuilderFactory instance: {0}", factory); |
| aoqi@0 | 190 | } |
| aoqi@0 | 191 | factory.setNamespaceAware(true); |
| aoqi@0 | 192 | factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing)); |
| aoqi@0 | 193 | return factory; |
| aoqi@0 | 194 | } catch (ParserConfigurationException ex) { |
| aoqi@0 | 195 | LOGGER.log(Level.SEVERE, null, ex); |
| aoqi@0 | 196 | throw new IllegalStateException( ex); |
| aoqi@0 | 197 | } catch (AbstractMethodError er) { |
| aoqi@0 | 198 | LOGGER.log(Level.SEVERE, null, er); |
| aoqi@0 | 199 | throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); |
| aoqi@0 | 200 | } |
| aoqi@0 | 201 | } |
| aoqi@0 | 202 | |
| aoqi@0 | 203 | public static SchemaFactory allowExternalAccess(SchemaFactory sf, String value, boolean disableSecureProcessing) { |
| aoqi@0 | 204 | |
| aoqi@0 | 205 | // if xml security (feature secure processing) disabled, nothing to do, no restrictions applied |
| aoqi@0 | 206 | if (isXMLSecurityDisabled(disableSecureProcessing)) { |
| aoqi@0 | 207 | if (LOGGER.isLoggable(Level.FINE)) { |
| aoqi@0 | 208 | LOGGER.log(Level.FINE, Messages.JAXP_XML_SECURITY_DISABLED.format()); |
| aoqi@0 | 209 | } |
| aoqi@0 | 210 | return sf; |
| aoqi@0 | 211 | } |
| aoqi@0 | 212 | |
| aoqi@0 | 213 | if (System.getProperty("javax.xml.accessExternalSchema") != null) { |
| aoqi@0 | 214 | if (LOGGER.isLoggable(Level.FINE)) { |
| aoqi@0 | 215 | LOGGER.log(Level.FINE, Messages.JAXP_EXTERNAL_ACCESS_CONFIGURED.format()); |
| aoqi@0 | 216 | } |
| aoqi@0 | 217 | return sf; |
| aoqi@0 | 218 | } |
| aoqi@0 | 219 | |
| aoqi@0 | 220 | try { |
| aoqi@0 | 221 | sf.setProperty(ACCESS_EXTERNAL_SCHEMA, value); |
| aoqi@0 | 222 | if (LOGGER.isLoggable(Level.FINE)) { |
| aoqi@0 | 223 | LOGGER.log(Level.FINE, Messages.JAXP_SUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_SCHEMA)); |
| aoqi@0 | 224 | } |
| aoqi@0 | 225 | } catch (SAXException ignored) { |
| aoqi@0 | 226 | // nothing to do; support depends on version JDK or SAX implementation |
| aoqi@0 | 227 | if (LOGGER.isLoggable(Level.CONFIG)) { |
| aoqi@0 | 228 | LOGGER.log(Level.CONFIG, Messages.JAXP_UNSUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_SCHEMA), ignored); |
| aoqi@0 | 229 | } |
| aoqi@0 | 230 | } |
| aoqi@0 | 231 | return sf; |
| aoqi@0 | 232 | } |
| aoqi@0 | 233 | |
| aoqi@0 | 234 | public static SchemaFactory allowExternalDTDAccess(SchemaFactory sf, String value, boolean disableSecureProcessing) { |
| aoqi@0 | 235 | |
| aoqi@0 | 236 | // if xml security (feature secure processing) disabled, nothing to do, no restrictions applied |
| aoqi@0 | 237 | if (isXMLSecurityDisabled(disableSecureProcessing)) { |
| aoqi@0 | 238 | if (LOGGER.isLoggable(Level.FINE)) { |
| aoqi@0 | 239 | LOGGER.log(Level.FINE, Messages.JAXP_XML_SECURITY_DISABLED.format()); |
| aoqi@0 | 240 | } |
| aoqi@0 | 241 | return sf; |
| aoqi@0 | 242 | } |
| aoqi@0 | 243 | |
| aoqi@0 | 244 | if (System.getProperty("javax.xml.accessExternalDTD") != null) { |
| aoqi@0 | 245 | if (LOGGER.isLoggable(Level.FINE)) { |
| aoqi@0 | 246 | LOGGER.log(Level.FINE, Messages.JAXP_EXTERNAL_ACCESS_CONFIGURED.format()); |
| aoqi@0 | 247 | } |
| aoqi@0 | 248 | return sf; |
| aoqi@0 | 249 | } |
| aoqi@0 | 250 | |
| aoqi@0 | 251 | try { |
| aoqi@0 | 252 | sf.setProperty(ACCESS_EXTERNAL_DTD, value); |
| aoqi@0 | 253 | if (LOGGER.isLoggable(Level.FINE)) { |
| aoqi@0 | 254 | LOGGER.log(Level.FINE, Messages.JAXP_SUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_DTD)); |
| aoqi@0 | 255 | } |
| aoqi@0 | 256 | } catch (SAXException ignored) { |
| aoqi@0 | 257 | // nothing to do; support depends on version JDK or SAX implementation |
| aoqi@0 | 258 | if (LOGGER.isLoggable(Level.CONFIG)) { |
| aoqi@0 | 259 | LOGGER.log(Level.CONFIG, Messages.JAXP_UNSUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_DTD), ignored); |
| aoqi@0 | 260 | } |
| aoqi@0 | 261 | } |
| aoqi@0 | 262 | return sf; |
| aoqi@0 | 263 | } |
| aoqi@0 | 264 | |
| aoqi@0 | 265 | } |
