1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/src/share/jaxws_classes/com/sun/xml/internal/xsom/parser/JAXPParser.java Wed Apr 27 01:27:09 2016 +0800
1.3 @@ -0,0 +1,183 @@
1.4 +/*
1.5 + * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
1.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
1.7 + *
1.8 + * This code is free software; you can redistribute it and/or modify it
1.9 + * under the terms of the GNU General Public License version 2 only, as
1.10 + * published by the Free Software Foundation. Oracle designates this
1.11 + * particular file as subject to the "Classpath" exception as provided
1.12 + * by Oracle in the LICENSE file that accompanied this code.
1.13 + *
1.14 + * This code is distributed in the hope that it will be useful, but WITHOUT
1.15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
1.16 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
1.17 + * version 2 for more details (a copy is included in the LICENSE file that
1.18 + * accompanied this code).
1.19 + *
1.20 + * You should have received a copy of the GNU General Public License version
1.21 + * 2 along with this work; if not, write to the Free Software Foundation,
1.22 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
1.23 + *
1.24 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
1.25 + * or visit www.oracle.com if you need additional information or have any
1.26 + * questions.
1.27 + */
1.28 +
1.29 +package com.sun.xml.internal.xsom.parser;
1.30 +
1.31 +import java.io.IOException;
1.32 +import java.net.URL;
1.33 +import java.util.logging.Level;
1.34 +import java.util.logging.Logger;
1.35 +
1.36 +import javax.xml.parsers.ParserConfigurationException;
1.37 +import javax.xml.parsers.SAXParser;
1.38 +import javax.xml.parsers.SAXParserFactory;
1.39 +
1.40 +import org.xml.sax.*;
1.41 +import org.xml.sax.helpers.XMLFilterImpl;
1.42 +
1.43 +import com.sun.xml.internal.xsom.impl.parser.Messages;
1.44 +
1.45 +/**
1.46 + * Standard XMLParser implemented by using JAXP.
1.47 + *
1.48 + * @author
1.49 + * Kohsuke Kawaguchi (kohsuke.kawaguchi@sun.com)
1.50 + */
1.51 +public class JAXPParser implements XMLParser {
1.52 +
1.53 + // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used
1.54 + private static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema";
1.55 +
1.56 + private static final Logger LOGGER = Logger.getLogger(JAXPParser.class.getName());
1.57 +
1.58 + private final SAXParserFactory factory;
1.59 +
1.60 + public JAXPParser( SAXParserFactory factory ) {
1.61 + factory.setNamespaceAware(true); // just in case
1.62 + this.factory = factory;
1.63 + }
1.64 +
1.65 + /**
1.66 + * @deprecated Unsafe, use JAXPParser(factory) instead with
1.67 + * security features initialized by setting
1.68 + * XMLConstants.FEATURE_SECURE_PROCESSING feature.
1.69 + */
1.70 + public JAXPParser() {
1.71 + this( SAXParserFactory.newInstance());
1.72 + }
1.73 +
1.74 + public void parse( InputSource source, ContentHandler handler,
1.75 + ErrorHandler errorHandler, EntityResolver entityResolver )
1.76 +
1.77 + throws SAXException, IOException {
1.78 +
1.79 + try {
1.80 + SAXParser saxParser = allowFileAccess(factory.newSAXParser(), false);
1.81 + XMLReader reader = new XMLReaderEx(saxParser.getXMLReader());
1.82 +
1.83 + reader.setContentHandler(handler);
1.84 + if(errorHandler!=null)
1.85 + reader.setErrorHandler(errorHandler);
1.86 + if(entityResolver!=null)
1.87 + reader.setEntityResolver(entityResolver);
1.88 + reader.parse(source);
1.89 + } catch( ParserConfigurationException e ) {
1.90 + // in practice this won't happen
1.91 + SAXParseException spe = new SAXParseException(e.getMessage(),null,e);
1.92 + errorHandler.fatalError(spe);
1.93 + throw spe;
1.94 + }
1.95 + }
1.96 +
1.97 + private static SAXParser allowFileAccess(SAXParser saxParser, boolean disableSecureProcessing) throws SAXException {
1.98 +
1.99 + // if feature secure processing enabled, nothing to do, file is allowed,
1.100 + // or user is able to control access by standard JAXP mechanisms
1.101 + if (disableSecureProcessing) {
1.102 + return saxParser;
1.103 + }
1.104 +
1.105 + try {
1.106 + saxParser.setProperty(ACCESS_EXTERNAL_SCHEMA, "file");
1.107 + LOGGER.log(Level.FINE, Messages.format(Messages.JAXP_SUPPORTED_PROPERTY, ACCESS_EXTERNAL_SCHEMA));
1.108 + } catch (SAXException ignored) {
1.109 + // nothing to do; support depends on version JDK or SAX implementation
1.110 + LOGGER.log(Level.CONFIG, Messages.format(Messages.JAXP_UNSUPPORTED_PROPERTY, ACCESS_EXTERNAL_SCHEMA), ignored);
1.111 + }
1.112 + return saxParser;
1.113 + }
1.114 +
1.115 + /**
1.116 + * XMLReader with improved error message for entity resolution failure.
1.117 + *
1.118 + * TODO: this class is completely stand-alone, so it shouldn't be
1.119 + * an inner class.
1.120 + */
1.121 + private static class XMLReaderEx extends XMLFilterImpl {
1.122 +
1.123 + private Locator locator;
1.124 +
1.125 + XMLReaderEx( XMLReader parent ) {
1.126 + this.setParent(parent);
1.127 + }
1.128 +
1.129 + /**
1.130 + * Resolves entities and reports user-friendly error messages.
1.131 + *
1.132 + * <p>
1.133 + * Some XML parser (at least Xerces) does not report much information
1.134 + * when it fails to resolve an entity, which is often quite
1.135 + * frustrating. For example, if you are behind a firewall and the
1.136 + * schema contains a reference to www.w3.org, and there is no
1.137 + * entity resolver, the parser will just throw an IOException
1.138 + * that doesn't contain any information about where that reference
1.139 + * occurs nor what it is accessing.
1.140 + *
1.141 + * <p>
1.142 + * By implementing an EntityResolver and resolving the reference
1.143 + * by ourselves, we can report an error message with all the
1.144 + * necessary information to fix the problem.
1.145 + *
1.146 + * <p>
1.147 + * Note that we still need to the client-specified entity resolver
1.148 + * to let the application handle entity resolution. Here we just catch
1.149 + * an IOException and add more information.
1.150 + */
1.151 + @Override
1.152 + public InputSource resolveEntity(String publicId, String systemId) throws SAXException {
1.153 + try {
1.154 + InputSource is=null;
1.155 +
1.156 + // ask the client-specified entity resolver first
1.157 + if( this.getEntityResolver()!=null)
1.158 + is = this.getEntityResolver().resolveEntity(publicId,systemId);
1.159 + if( is!=null ) return is; // if that succeeds, fine.
1.160 +
1.161 + // rather than returning null, resolve it now
1.162 + // so that we can detect errors.
1.163 + is = new InputSource( new URL(systemId).openStream() );
1.164 + is.setSystemId(systemId);
1.165 + is.setPublicId(publicId);
1.166 + return is;
1.167 + } catch( IOException e ) {
1.168 + // catch this error and provide a nice error message, rather than
1.169 + // just throwing this IOException.
1.170 + SAXParseException spe = new SAXParseException(
1.171 + Messages.format(Messages.ERR_ENTITY_RESOLUTION_FAILURE,
1.172 + systemId, e.toString()), // use the toString method to get the class name
1.173 + locator, e );
1.174 + if(this.getErrorHandler()!=null)
1.175 + this.getErrorHandler().fatalError(spe);
1.176 + throw spe;
1.177 + }
1.178 + }
1.179 +
1.180 + @Override
1.181 + public void setDocumentLocator(Locator locator) {
1.182 + super.setDocumentLocator(locator);
1.183 + this.locator = locator;
1.184 + }
1.185 + }
1.186 +}
