Mercurial > jdk8-mips64-public > jaxws / file revision
src/share/jaxws_classes/com/sun/xml/internal/bind/v2/util/XmlFactory.java@9c07ef4934dd
src/share/jaxws_classes/com/sun/xml/internal/bind/v2/util/XmlFactory.java
Thu, 31 Aug 2017 15:18:52 +0800
- author
- aoqi
- date
- Thu, 31 Aug 2017 15:18:52 +0800
- changeset 637
- 9c07ef4934dd
- parent 408
- b0610cd08440
- parent 0
- 373ffda63c9a
- child 760
- e530533619ec
- permissions
- -rw-r--r--
merge
1 /*
2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
26 package com.sun.xml.internal.bind.v2.util;
28 import com.sun.xml.internal.bind.Util;
29 import com.sun.xml.internal.bind.v2.Messages;
30 import java.util.logging.Level;
31 import java.util.logging.Logger;
32 import javax.xml.XMLConstants;
33 import javax.xml.parsers.DocumentBuilderFactory;
34 import javax.xml.parsers.ParserConfigurationException;
35 import javax.xml.parsers.SAXParserFactory;
36 import javax.xml.transform.TransformerConfigurationException;
37 import javax.xml.transform.TransformerFactory;
38 import javax.xml.validation.SchemaFactory;
39 import javax.xml.xpath.XPathFactory;
40 import javax.xml.xpath.XPathFactoryConfigurationException;
42 import org.xml.sax.SAXException;
43 import org.xml.sax.SAXNotRecognizedException;
44 import org.xml.sax.SAXNotSupportedException;
46 import static com.sun.xml.internal.bind.Util.getSystemProperty;
48 /**
49 * Provides helper methods for creating properly configured XML parser
50 * factory instances with namespace support turned on and configured for
51 * security.
52 * @author snajper
53 */
54 public class XmlFactory {
56 // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used
57 public static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema";
58 public static final String ACCESS_EXTERNAL_DTD = "http://javax.xml.XMLConstants/property/accessExternalDTD";
60 private static final Logger LOGGER = Logger.getLogger(XmlFactory.class.getName());
62 /**
63 * If true XML security features when parsing XML documents will be disabled.
64 * The default value is false.
65 *
66 * Boolean
67 * @since 2.2.6
68 */
69 private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.bind.disableXmlSecurity";
71 public static final boolean XML_SECURITY_DISABLED = Boolean.parseBoolean(getSystemProperty(DISABLE_XML_SECURITY));
73 private static boolean isXMLSecurityDisabled(boolean runtimeSetting) {
74 return XML_SECURITY_DISABLED || runtimeSetting;
75 }
77 /**
78 * Returns properly configured (e.g. security features) schema factory
79 * - namespaceAware == true
80 * - securityProcessing == is set based on security processing property, default is true
81 */
82 public static SchemaFactory createSchemaFactory(final String language, boolean disableSecureProcessing) throws IllegalStateException {
83 try {
84 SchemaFactory factory = SchemaFactory.newInstance(language);
85 if (LOGGER.isLoggable(Level.FINE)) {
86 LOGGER.log(Level.FINE, "SchemaFactory instance: {0}", factory);
87 }
88 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing));
89 return factory;
90 } catch (SAXNotRecognizedException ex) {
91 LOGGER.log(Level.SEVERE, null, ex);
92 throw new IllegalStateException(ex);
93 } catch (SAXNotSupportedException ex) {
94 LOGGER.log(Level.SEVERE, null, ex);
95 throw new IllegalStateException(ex);
96 } catch (AbstractMethodError er) {
97 LOGGER.log(Level.SEVERE, null, er);
98 throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er);
99 }
100 }
102 /**
103 * Returns properly configured (e.g. security features) parser factory
104 * - namespaceAware == true
105 * - securityProcessing == is set based on security processing property, default is true
106 */
107 public static SAXParserFactory createParserFactory(boolean disableSecureProcessing) throws IllegalStateException {
108 try {
109 SAXParserFactory factory = SAXParserFactory.newInstance();
110 if (LOGGER.isLoggable(Level.FINE)) {
111 LOGGER.log(Level.FINE, "SAXParserFactory instance: {0}", factory);
112 }
113 factory.setNamespaceAware(true);
114 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing));
115 return factory;
116 } catch (ParserConfigurationException ex) {
117 LOGGER.log(Level.SEVERE, null, ex);
118 throw new IllegalStateException( ex);
119 } catch (SAXNotRecognizedException ex) {
120 LOGGER.log(Level.SEVERE, null, ex);
121 throw new IllegalStateException( ex);
122 } catch (SAXNotSupportedException ex) {
123 LOGGER.log(Level.SEVERE, null, ex);
124 throw new IllegalStateException( ex);
125 } catch (AbstractMethodError er) {
126 LOGGER.log(Level.SEVERE, null, er);
127 throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er);
128 }
129 }
131 /**
132 * Returns properly configured (e.g. security features) factory
133 * - securityProcessing == is set based on security processing property, default is true
134 */
135 public static XPathFactory createXPathFactory(boolean disableSecureProcessing) throws IllegalStateException {
136 try {
137 XPathFactory factory = XPathFactory.newInstance();
138 if (LOGGER.isLoggable(Level.FINE)) {
139 LOGGER.log(Level.FINE, "XPathFactory instance: {0}", factory);
140 }
141 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing));
142 return factory;
143 } catch (XPathFactoryConfigurationException ex) {
144 LOGGER.log(Level.SEVERE, null, ex);
145 throw new IllegalStateException( ex);
146 } catch (AbstractMethodError er) {
147 LOGGER.log(Level.SEVERE, null, er);
148 throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er);
149 }
150 }
152 /**
153 * Returns properly configured (e.g. security features) factory
154 * - securityProcessing == is set based on security processing property, default is true
155 */
156 public static TransformerFactory createTransformerFactory(boolean disableSecureProcessing) throws IllegalStateException {
157 try {
158 TransformerFactory factory = TransformerFactory.newInstance();
159 if (LOGGER.isLoggable(Level.FINE)) {
160 LOGGER.log(Level.FINE, "TransformerFactory instance: {0}", factory);
161 }
162 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing));
163 return factory;
164 } catch (TransformerConfigurationException ex) {
165 LOGGER.log(Level.SEVERE, null, ex);
166 throw new IllegalStateException( ex);
167 } catch (AbstractMethodError er) {
168 LOGGER.log(Level.SEVERE, null, er);
169 throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er);
170 }
171 }
173 /**
174 * Returns properly configured (e.g. security features) factory
175 * - namespaceAware == true
176 * - securityProcessing == is set based on security processing property, default is true
177 */
178 public static DocumentBuilderFactory createDocumentBuilderFactory(boolean disableSecureProcessing) throws IllegalStateException {
179 try {
180 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
181 if (LOGGER.isLoggable(Level.FINE)) {
182 LOGGER.log(Level.FINE, "DocumentBuilderFactory instance: {0}", factory);
183 }
184 factory.setNamespaceAware(true);
185 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing));
186 return factory;
187 } catch (ParserConfigurationException ex) {
188 LOGGER.log(Level.SEVERE, null, ex);
189 throw new IllegalStateException( ex);
190 } catch (AbstractMethodError er) {
191 LOGGER.log(Level.SEVERE, null, er);
192 throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er);
193 }
194 }
196 public static SchemaFactory allowExternalAccess(SchemaFactory sf, String value, boolean disableSecureProcessing) {
198 // if xml security (feature secure processing) disabled, nothing to do, no restrictions applied
199 if (isXMLSecurityDisabled(disableSecureProcessing)) {
200 if (LOGGER.isLoggable(Level.FINE)) {
201 LOGGER.log(Level.FINE, Messages.JAXP_XML_SECURITY_DISABLED.format());
202 }
203 return sf;
204 }
206 if (System.getProperty("javax.xml.accessExternalSchema") != null) {
207 if (LOGGER.isLoggable(Level.FINE)) {
208 LOGGER.log(Level.FINE, Messages.JAXP_EXTERNAL_ACCESS_CONFIGURED.format());
209 }
210 return sf;
211 }
213 try {
214 sf.setProperty(ACCESS_EXTERNAL_SCHEMA, value);
215 if (LOGGER.isLoggable(Level.FINE)) {
216 LOGGER.log(Level.FINE, Messages.JAXP_SUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_SCHEMA));
217 }
218 } catch (SAXException ignored) {
219 // nothing to do; support depends on version JDK or SAX implementation
220 if (LOGGER.isLoggable(Level.CONFIG)) {
221 LOGGER.log(Level.CONFIG, Messages.JAXP_UNSUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_SCHEMA), ignored);
222 }
223 }
224 return sf;
225 }
227 public static SchemaFactory allowExternalDTDAccess(SchemaFactory sf, String value, boolean disableSecureProcessing) {
229 // if xml security (feature secure processing) disabled, nothing to do, no restrictions applied
230 if (isXMLSecurityDisabled(disableSecureProcessing)) {
231 if (LOGGER.isLoggable(Level.FINE)) {
232 LOGGER.log(Level.FINE, Messages.JAXP_XML_SECURITY_DISABLED.format());
233 }
234 return sf;
235 }
237 if (System.getProperty("javax.xml.accessExternalDTD") != null) {
238 if (LOGGER.isLoggable(Level.FINE)) {
239 LOGGER.log(Level.FINE, Messages.JAXP_EXTERNAL_ACCESS_CONFIGURED.format());
240 }
241 return sf;
242 }
244 try {
245 sf.setProperty(ACCESS_EXTERNAL_DTD, value);
246 if (LOGGER.isLoggable(Level.FINE)) {
247 LOGGER.log(Level.FINE, Messages.JAXP_SUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_DTD));
248 }
249 } catch (SAXException ignored) {
250 // nothing to do; support depends on version JDK or SAX implementation
251 if (LOGGER.isLoggable(Level.CONFIG)) {
252 LOGGER.log(Level.CONFIG, Messages.JAXP_UNSUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_DTD), ignored);
253 }
254 }
255 return sf;
256 }
258 }
