Mercurial > jdk8-mips64-public > jaxws / file diff

diff: src/share/jaxws_classes/com/sun/xml/internal/xsom/parser/JAXPParser.java

src/share/jaxws_classes/com/sun/xml/internal/xsom/parser/JAXPParser.java

changeset 397
b99d7e355d4b
parent 286
f50545b5e2f1
child 637
9c07ef4934dd
     1.1 --- a/src/share/jaxws_classes/com/sun/xml/internal/xsom/parser/JAXPParser.java	Thu Aug 08 10:10:38 2013 -0700
     1.2 +++ b/src/share/jaxws_classes/com/sun/xml/internal/xsom/parser/JAXPParser.java	Fri Aug 23 09:57:21 2013 +0100
     1.3 @@ -1,5 +1,5 @@
     1.4  /*
     1.5 - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
     1.6 + * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
     1.7   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
     1.8   *
     1.9   * This code is free software; you can redistribute it and/or modify it
    1.10 @@ -27,18 +27,14 @@
    1.11  
    1.12  import java.io.IOException;
    1.13  import java.net.URL;
    1.14 +import java.util.logging.Level;
    1.15 +import java.util.logging.Logger;
    1.16  
    1.17  import javax.xml.parsers.ParserConfigurationException;
    1.18 +import javax.xml.parsers.SAXParser;
    1.19  import javax.xml.parsers.SAXParserFactory;
    1.20  
    1.21 -import org.xml.sax.ContentHandler;
    1.22 -import org.xml.sax.EntityResolver;
    1.23 -import org.xml.sax.ErrorHandler;
    1.24 -import org.xml.sax.InputSource;
    1.25 -import org.xml.sax.Locator;
    1.26 -import org.xml.sax.SAXException;
    1.27 -import org.xml.sax.SAXParseException;
    1.28 -import org.xml.sax.XMLReader;
    1.29 +import org.xml.sax.*;
    1.30  import org.xml.sax.helpers.XMLFilterImpl;
    1.31  
    1.32  import com.sun.xml.internal.xsom.impl.parser.Messages;
    1.33 @@ -51,6 +47,11 @@
    1.34   */
    1.35  public class JAXPParser implements XMLParser {
    1.36  
    1.37 +    // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used
    1.38 +    private static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema";
    1.39 +
    1.40 +    private static final Logger LOGGER = Logger.getLogger(JAXPParser.class.getName());
    1.41 +
    1.42      private final SAXParserFactory factory;
    1.43  
    1.44      public JAXPParser( SAXParserFactory factory ) {
    1.45 @@ -58,6 +59,11 @@
    1.46          this.factory = factory;
    1.47      }
    1.48  
    1.49 +    /**
    1.50 +     * @deprecated Unsafe, use JAXPParser(factory) instead with
    1.51 +     * security features initialized by setting
    1.52 +     * XMLConstants.FEATURE_SECURE_PROCESSING feature.
    1.53 +     */
    1.54      public JAXPParser() {
    1.55          this( SAXParserFactory.newInstance());
    1.56      }
    1.57 @@ -68,8 +74,8 @@
    1.58          throws SAXException, IOException {
    1.59  
    1.60          try {
    1.61 -            XMLReader reader = factory.newSAXParser().getXMLReader();
    1.62 -            reader = new XMLReaderEx(reader);
    1.63 +            SAXParser saxParser = allowFileAccess(factory.newSAXParser(), false);
    1.64 +            XMLReader reader = new XMLReaderEx(saxParser.getXMLReader());
    1.65  
    1.66              reader.setContentHandler(handler);
    1.67              if(errorHandler!=null)
    1.68 @@ -85,6 +91,24 @@
    1.69          }
    1.70      }
    1.71  
    1.72 +    private static SAXParser allowFileAccess(SAXParser saxParser, boolean disableSecureProcessing) throws SAXException {
    1.73 +
    1.74 +        // if feature secure processing enabled, nothing to do, file is allowed,
    1.75 +        // or user is able to control access by standard JAXP mechanisms
    1.76 +        if (disableSecureProcessing) {
    1.77 +            return saxParser;
    1.78 +        }
    1.79 +
    1.80 +        try {
    1.81 +            saxParser.setProperty(ACCESS_EXTERNAL_SCHEMA, "file");
    1.82 +            LOGGER.log(Level.FINE, Messages.format(Messages.JAXP_SUPPORTED_PROPERTY, ACCESS_EXTERNAL_SCHEMA));
    1.83 +        } catch (SAXException ignored) {
    1.84 +            // nothing to do; support depends on version JDK or SAX implementation
    1.85 +            LOGGER.log(Level.CONFIG, Messages.format(Messages.JAXP_UNSUPPORTED_PROPERTY, ACCESS_EXTERNAL_SCHEMA), ignored);
    1.86 +        }
    1.87 +        return saxParser;
    1.88 +    }
    1.89 +
    1.90      /**
    1.91       * XMLReader with improved error message for entity resolution failure.
    1.92       *

Mercurial Repository: jdk8-mips64-public/jaxws

mercurial