1.1 --- a/src/share/jaxws_classes/com/sun/xml/internal/ws/util/xml/XmlUtil.java Thu Aug 08 10:10:38 2013 -0700
1.2 +++ b/src/share/jaxws_classes/com/sun/xml/internal/ws/util/xml/XmlUtil.java Fri Aug 23 09:57:21 2013 +0100
1.3 @@ -54,6 +54,7 @@
1.4 import javax.xml.transform.sax.SAXTransformerFactory;
1.5 import javax.xml.transform.sax.TransformerHandler;
1.6 import javax.xml.transform.stream.StreamSource;
1.7 +import javax.xml.validation.SchemaFactory;
1.8 import javax.xml.ws.WebServiceException;
1.9 import javax.xml.xpath.XPathFactory;
1.10 import javax.xml.xpath.XPathFactoryConfigurationException;
1.11 @@ -74,6 +75,10 @@
1.12 * @author WS Development Team
1.13 */
1.14 public class XmlUtil {
1.15 +
1.16 + // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used
1.17 + private static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema";
1.18 +
1.19 private final static String LEXICAL_HANDLER_PROPERTY =
1.20 "http://xml.org/sax/properties/lexical-handler";
1.21
1.22 @@ -414,4 +419,21 @@
1.23 return globalSecureXmlProcessingEnabled && localSecureXmlProcessingEnabled;
1.24 }
1.25
1.26 + public static SchemaFactory allowFileAccess(SchemaFactory sf, boolean disableSecureProcessing) {
1.27 +
1.28 + // if feature secure processing enabled, nothing to do, file is allowed,
1.29 + // or user is able to control access by standard JAXP mechanisms
1.30 + if (checkGlobalOverride(disableSecureProcessing)) {
1.31 + return sf;
1.32 + }
1.33 +
1.34 + try {
1.35 + sf.setProperty(ACCESS_EXTERNAL_SCHEMA, "file");
1.36 + LOGGER.log(Level.FINE, "Property \"{}\" is supported and has been successfully set by used JAXP implementation.", new Object[]{ACCESS_EXTERNAL_SCHEMA});
1.37 + } catch (SAXException ignored) {
1.38 + // depending on JDK/SAX implementation used
1.39 + LOGGER.log(Level.CONFIG, "Property \"{}\" is not supported by used JAXP implementation.", new Object[]{ACCESS_EXTERNAL_SCHEMA});
1.40 + }
1.41 + return sf;
1.42 + }
1.43 }
