Mercurial > jdk8-mips64-public > jaxws / file comparison
comparison: src/share/jaxws_classes/com/sun/xml/internal/ws/util/xml/XmlUtil.java
src/share/jaxws_classes/com/sun/xml/internal/ws/util/xml/XmlUtil.java
- changeset 1386
- 65d3b0e44551
- parent 721
- 06807f9a6835
- child 1435
- a90b319bae7a
equal
deleted
inserted
replaced
| 1384:631033c46a0d | 1386:65d3b0e44551 |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. | 2 * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. |
| 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. | 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 4 * | 4 * |
| 5 * This code is free software; you can redistribute it and/or modify it | 5 * This code is free software; you can redistribute it and/or modify it |
| 6 * under the terms of the GNU General Public License version 2 only, as | 6 * under the terms of the GNU General Public License version 2 only, as |
| 7 * published by the Free Software Foundation. Oracle designates this | 7 * published by the Free Software Foundation. Oracle designates this |
| 82 private static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema"; | 82 private static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema"; |
| 83 | 83 |
| 84 private final static String LEXICAL_HANDLER_PROPERTY = | 84 private final static String LEXICAL_HANDLER_PROPERTY = |
| 85 "http://xml.org/sax/properties/lexical-handler"; | 85 "http://xml.org/sax/properties/lexical-handler"; |
| 86 | 86 |
| 87 private static final String DISALLOW_DOCTYPE_DECL = "http://apache.org/xml/features/disallow-doctype-decl"; | |
| 88 | |
| 89 private static final String EXTERNAL_GE = "http://xml.org/sax/features/external-general-entities"; | |
| 90 | |
| 91 private static final String EXTERNAL_PE = "http://xml.org/sax/features/external-parameter-entities"; | |
| 92 | |
| 93 private static final String LOAD_EXTERNAL_DTD = "http://apache.org/xml/features/nonvalidating/load-external-dtd"; | |
| 94 | |
| 87 private static final Logger LOGGER = Logger.getLogger(XmlUtil.class.getName()); | 95 private static final Logger LOGGER = Logger.getLogger(XmlUtil.class.getName()); |
| 88 | 96 |
| 89 private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.ws.disableXmlSecurity"; | 97 private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.ws.disableXmlSecurity"; |
| 90 | 98 |
| 91 private static boolean XML_SECURITY_DISABLED = AccessController.doPrivileged( | 99 private static boolean XML_SECURITY_DISABLED = AccessController.doPrivileged( |
| 370 throw exception; | 378 throw exception; |
| 371 } | 379 } |
| 372 }; | 380 }; |
| 373 | 381 |
| 374 public static DocumentBuilderFactory newDocumentBuilderFactory() { | 382 public static DocumentBuilderFactory newDocumentBuilderFactory() { |
| 375 return newDocumentBuilderFactory(true); | 383 return newDocumentBuilderFactory(false); |
| 376 } | 384 } |
| 377 | 385 |
| 378 public static DocumentBuilderFactory newDocumentBuilderFactory(boolean secureXmlProcessing) { | 386 public static DocumentBuilderFactory newDocumentBuilderFactory(boolean disableSecurity) { |
| 379 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); | 387 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); |
| 380 try { | 388 String featureToSet = XMLConstants.FEATURE_SECURE_PROCESSING; |
| 381 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, isXMLSecurityDisabled(secureXmlProcessing)); | 389 try { |
| 390 boolean securityOn = !isXMLSecurityDisabled(disableSecurity); | |
| 391 factory.setFeature(featureToSet, securityOn); | |
| 392 factory.setNamespaceAware(true); | |
| 393 if (securityOn) { | |
| 394 factory.setExpandEntityReferences(false); | |
| 395 featureToSet = DISALLOW_DOCTYPE_DECL; | |
| 396 factory.setFeature(featureToSet, true); | |
| 397 featureToSet = EXTERNAL_GE; | |
| 398 factory.setFeature(featureToSet, false); | |
| 399 featureToSet = EXTERNAL_PE; | |
| 400 factory.setFeature(featureToSet, false); | |
| 401 featureToSet = LOAD_EXTERNAL_DTD; | |
| 402 factory.setFeature(featureToSet, false); | |
| 403 } | |
| 382 } catch (ParserConfigurationException e) { | 404 } catch (ParserConfigurationException e) { |
| 383 LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support secure xml processing!", new Object[] { factory.getClass().getName() } ); | 405 LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support "+featureToSet+" feature!", new Object[] {factory.getClass().getName()} ); |
| 384 } | 406 } |
| 385 return factory; | 407 return factory; |
| 386 } | 408 } |
| 387 | 409 |
| 388 public static TransformerFactory newTransformerFactory(boolean secureXmlProcessingEnabled) { | 410 public static TransformerFactory newTransformerFactory(boolean secureXmlProcessingEnabled) { |
| 397 | 419 |
| 398 public static TransformerFactory newTransformerFactory() { | 420 public static TransformerFactory newTransformerFactory() { |
| 399 return newTransformerFactory(true); | 421 return newTransformerFactory(true); |
| 400 } | 422 } |
| 401 | 423 |
| 402 public static SAXParserFactory newSAXParserFactory(boolean secureXmlProcessingEnabled) { | 424 public static SAXParserFactory newSAXParserFactory(boolean disableSecurity) { |
| 403 SAXParserFactory factory = SAXParserFactory.newInstance(); | 425 SAXParserFactory factory = SAXParserFactory.newInstance(); |
| 404 try { | 426 String featureToSet = XMLConstants.FEATURE_SECURE_PROCESSING; |
| 405 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, isXMLSecurityDisabled(secureXmlProcessingEnabled)); | 427 try { |
| 406 } catch (Exception e) { | 428 boolean securityOn = !isXMLSecurityDisabled(disableSecurity); |
| 407 LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support secure xml processing!", new Object[]{factory.getClass().getName()}); | 429 factory.setFeature(featureToSet, securityOn); |
| 430 factory.setNamespaceAware(true); | |
| 431 if (securityOn) { | |
| 432 featureToSet = DISALLOW_DOCTYPE_DECL; | |
| 433 factory.setFeature(featureToSet, true); | |
| 434 featureToSet = EXTERNAL_GE; | |
| 435 factory.setFeature(featureToSet, false); | |
| 436 featureToSet = EXTERNAL_PE; | |
| 437 factory.setFeature(featureToSet, false); | |
| 438 featureToSet = LOAD_EXTERNAL_DTD; | |
| 439 factory.setFeature(featureToSet, false); | |
| 440 } | |
| 441 } catch (ParserConfigurationException | SAXNotRecognizedException | SAXNotSupportedException e) { | |
| 442 LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support "+featureToSet+" feature!", new Object[]{factory.getClass().getName()}); | |
| 408 } | 443 } |
| 409 return factory; | 444 return factory; |
| 410 } | 445 } |
| 411 | 446 |
| 412 public static XPathFactory newXPathFactory(boolean secureXmlProcessingEnabled) { | 447 public static XPathFactory newXPathFactory(boolean secureXmlProcessingEnabled) { |
