1.1 --- a/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/JAXBContextImpl.java Thu Apr 04 19:05:24 2013 -0700 1.2 +++ b/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/JAXBContextImpl.java Tue Apr 09 14:51:13 2013 +0100 1.3 @@ -1,5 +1,5 @@ 1.4 /* 1.5 - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. 1.6 + * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. 1.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 1.8 * 1.9 * This code is free software; you can redistribute it and/or modify it 1.10 @@ -71,6 +71,7 @@ 1.11 1.12 import com.sun.istack.internal.NotNull; 1.13 import com.sun.istack.internal.Pool; 1.14 +import com.sun.xml.internal.bind.v2.WellKnownNamespace; 1.15 import com.sun.xml.internal.bind.api.AccessorException; 1.16 import com.sun.xml.internal.bind.api.Bridge; 1.17 import com.sun.xml.internal.bind.api.BridgeContext; 1.18 @@ -81,7 +82,6 @@ 1.19 import com.sun.xml.internal.bind.api.TypeReference; 1.20 import com.sun.xml.internal.bind.unmarshaller.DOMScanner; 1.21 import com.sun.xml.internal.bind.util.Which; 1.22 -import com.sun.xml.internal.bind.v2.WellKnownNamespace; 1.23 import com.sun.xml.internal.bind.v2.model.annotation.RuntimeAnnotationReader; 1.24 import com.sun.xml.internal.bind.v2.model.annotation.RuntimeInlineAnnotationReader; 1.25 import com.sun.xml.internal.bind.v2.model.core.Adapter; 1.26 @@ -110,6 +110,7 @@ 1.27 import com.sun.xml.internal.bind.v2.schemagen.XmlSchemaGenerator; 1.28 import com.sun.xml.internal.bind.v2.util.EditDistance; 1.29 import com.sun.xml.internal.bind.v2.util.QNameMap; 1.30 +import com.sun.xml.internal.bind.v2.util.XmlFactory; 1.31 import com.sun.xml.internal.txw2.output.ResultFactory; 1.32 1.33 import org.w3c.dom.Document; 1.34 @@ -220,7 +221,7 @@ 1.35 public final boolean retainPropertyInfo; 1.36 1.37 /** 1.38 - * Supress reflection accessor warnings. 1.39 + * Suppress reflection accessor warnings. 1.40 */ 1.41 public final boolean supressAccessorWarnings; 1.42 1.43 @@ -229,6 +230,11 @@ 1.44 */ 1.45 public final boolean improvedXsiTypeHandling; 1.46 1.47 + /** 1.48 + * Disable security processing. 1.49 + */ 1.50 + public final boolean disableSecurityProcessing; 1.51 + 1.52 private WeakReference<RuntimeTypeInfoSet> typeInfoSetCache; 1.53 1.54 private @NotNull RuntimeAnnotationReader annotationReader; 1.55 @@ -237,7 +243,7 @@ 1.56 private final @NotNull Map<Class,Class> subclassReplacements; 1.57 1.58 /** 1.59 - * If true, we aim for faster {@link JAXBContext} instanciation performance, 1.60 + * If true, we aim for faster {@link JAXBContext} instantiation performance, 1.61 * instead of going after efficient sustained unmarshalling/marshalling performance. 1.62 * 1.63 * @since 2.0.4 1.64 @@ -267,6 +273,7 @@ 1.65 this.allNillable = builder.allNillable; 1.66 this.supressAccessorWarnings = builder.supressAccessorWarnings; 1.67 this.improvedXsiTypeHandling = builder.improvedXsiTypeHandling; 1.68 + this.disableSecurityProcessing = builder.disableSecurityProcessing; 1.69 1.70 Collection<TypeReference> typeRefs = builder.typeRefs; 1.71 1.72 @@ -278,8 +285,6 @@ 1.73 } 1.74 this.fastBoot = fastB; 1.75 1.76 - System.arraycopy(classes,0,this.classes,0,classes.length); 1.77 - 1.78 RuntimeTypeInfoSet typeSet = getTypeInfoSet(); 1.79 1.80 // at least prepare the empty table so that we don't have to check for null later 1.81 @@ -701,12 +706,12 @@ 1.82 /** 1.83 * Creates a new identity transformer. 1.84 */ 1.85 - static Transformer createTransformer() { 1.86 + static Transformer createTransformer(boolean disableSecureProcessing) { 1.87 try { 1.88 if (tf==null) { 1.89 synchronized(JAXBContextImpl.class) { 1.90 if (tf==null) { 1.91 - tf = (SAXTransformerFactory)TransformerFactory.newInstance(); 1.92 + tf = (SAXTransformerFactory)XmlFactory.createTransformerFactory(disableSecureProcessing); 1.93 } 1.94 } 1.95 } 1.96 @@ -719,12 +724,12 @@ 1.97 /** 1.98 * Creates a new identity transformer. 1.99 */ 1.100 - public static TransformerHandler createTransformerHandler() { 1.101 + public static TransformerHandler createTransformerHandler(boolean disableSecureProcessing) { 1.102 try { 1.103 if (tf==null) { 1.104 synchronized(JAXBContextImpl.class) { 1.105 if (tf==null) { 1.106 - tf = (SAXTransformerFactory)TransformerFactory.newInstance(); 1.107 + tf = (SAXTransformerFactory)XmlFactory.createTransformerFactory(disableSecureProcessing); 1.108 } 1.109 } 1.110 } 1.111 @@ -737,12 +742,11 @@ 1.112 /** 1.113 * Creates a new DOM document. 1.114 */ 1.115 - static Document createDom() { 1.116 + static Document createDom(boolean disableSecurityProcessing) { 1.117 synchronized(JAXBContextImpl.class) { 1.118 if(db==null) { 1.119 try { 1.120 - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); 1.121 - dbf.setNamespaceAware(true); 1.122 + DocumentBuilderFactory dbf = XmlFactory.createDocumentBuilderFactory(disableSecurityProcessing); 1.123 db = dbf.newDocumentBuilder(); 1.124 } catch (ParserConfigurationException e) { 1.125 // impossible 1.126 @@ -1055,6 +1059,7 @@ 1.127 private boolean xmlAccessorFactorySupport = false; 1.128 private boolean allNillable; 1.129 private boolean improvedXsiTypeHandling = true; 1.130 + private boolean disableSecurityProcessing = true; 1.131 1.132 public JAXBContextBuilder() {}; 1.133 1.134 @@ -1069,6 +1074,7 @@ 1.135 this.typeRefs = baseImpl.bridges.keySet(); 1.136 this.xmlAccessorFactorySupport = baseImpl.xmlAccessorFactorySupport; 1.137 this.allNillable = baseImpl.allNillable; 1.138 + this.disableSecurityProcessing = baseImpl.disableSecurityProcessing; 1.139 } 1.140 1.141 public JAXBContextBuilder setRetainPropertyInfo(boolean val) { 1.142 @@ -1126,6 +1132,11 @@ 1.143 return this; 1.144 } 1.145 1.146 + public JAXBContextBuilder setDisableSecurityProcessing(boolean val) { 1.147 + this.disableSecurityProcessing = val; 1.148 + return this; 1.149 + } 1.150 + 1.151 public JAXBContextImpl build() throws JAXBException { 1.152 1.153 // fool-proof