1.1 --- a/src/share/jaxws_classes/com/sun/xml/internal/ws/util/xml/XmlUtil.java Thu Aug 08 10:10:38 2013 -0700 1.2 +++ b/src/share/jaxws_classes/com/sun/xml/internal/ws/util/xml/XmlUtil.java Fri Aug 23 09:57:21 2013 +0100 1.3 @@ -54,6 +54,7 @@ 1.4 import javax.xml.transform.sax.SAXTransformerFactory; 1.5 import javax.xml.transform.sax.TransformerHandler; 1.6 import javax.xml.transform.stream.StreamSource; 1.7 +import javax.xml.validation.SchemaFactory; 1.8 import javax.xml.ws.WebServiceException; 1.9 import javax.xml.xpath.XPathFactory; 1.10 import javax.xml.xpath.XPathFactoryConfigurationException; 1.11 @@ -74,6 +75,10 @@ 1.12 * @author WS Development Team 1.13 */ 1.14 public class XmlUtil { 1.15 + 1.16 + // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used 1.17 + private static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema"; 1.18 + 1.19 private final static String LEXICAL_HANDLER_PROPERTY = 1.20 "http://xml.org/sax/properties/lexical-handler"; 1.21 1.22 @@ -414,4 +419,21 @@ 1.23 return globalSecureXmlProcessingEnabled && localSecureXmlProcessingEnabled; 1.24 } 1.25 1.26 + public static SchemaFactory allowFileAccess(SchemaFactory sf, boolean disableSecureProcessing) { 1.27 + 1.28 + // if feature secure processing enabled, nothing to do, file is allowed, 1.29 + // or user is able to control access by standard JAXP mechanisms 1.30 + if (checkGlobalOverride(disableSecureProcessing)) { 1.31 + return sf; 1.32 + } 1.33 + 1.34 + try { 1.35 + sf.setProperty(ACCESS_EXTERNAL_SCHEMA, "file"); 1.36 + LOGGER.log(Level.FINE, "Property \"{}\" is supported and has been successfully set by used JAXP implementation.", new Object[]{ACCESS_EXTERNAL_SCHEMA}); 1.37 + } catch (SAXException ignored) { 1.38 + // depending on JDK/SAX implementation used 1.39 + LOGGER.log(Level.CONFIG, "Property \"{}\" is not supported by used JAXP implementation.", new Object[]{ACCESS_EXTERNAL_SCHEMA}); 1.40 + } 1.41 + return sf; 1.42 + } 1.43 }