Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell11
提交
787f76a4
D
dragonwell11
项目概览
openanolis
/
dragonwell11
通知
7
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell11
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
787f76a4
编写于
7月 22, 2013
作者:
L
lana
浏览文件
操作
浏览文件
下载
差异文件
Merge
上级
17e54184
56cf3dea
变更
25
隐藏空白更改
内联
并排
Showing
25 changed file
with
786 addition
and
230 deletion
+786
-230
jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java
...src/com/sun/org/apache/xalan/internal/XalanConstants.java
+30
-4
jaxp/src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java
.../sun/org/apache/xalan/internal/utils/SecuritySupport.java
+9
-7
jaxp/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityPropertyManager.java
...ache/xalan/internal/utils/XMLSecurityPropertyManager.java
+192
-0
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java
...che/xalan/internal/xsltc/trax/TransformerFactoryImpl.java
+35
-20
jaxp/src/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java
.../org/apache/xerces/internal/dom/DOMConfigurationImpl.java
+7
-18
jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java
...rc/com/sun/org/apache/xerces/internal/impl/Constants.java
+29
-4
jaxp/src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java
.../sun/org/apache/xerces/internal/impl/PropertyManager.java
+20
-18
jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java
.../xerces/internal/impl/XMLDocumentFragmentScannerImpl.java
+17
-12
jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java
...sun/org/apache/xerces/internal/impl/XMLEntityManager.java
+17
-11
jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaLoader.java
...n/org/apache/xerces/internal/impl/xs/XMLSchemaLoader.java
+11
-10
jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaValidator.java
...rg/apache/xerces/internal/impl/xs/XMLSchemaValidator.java
+4
-7
jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java
...apache/xerces/internal/impl/xs/traversers/XSDHandler.java
+24
-10
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java
.../org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java
+42
-22
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java
...om/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java
+31
-12
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java
...erces/internal/jaxp/validation/StreamValidatorHelper.java
+2
-2
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java
...xerces/internal/jaxp/validation/ValidatorHandlerImpl.java
+8
-1
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java
...che/xerces/internal/jaxp/validation/XMLSchemaFactory.java
+27
-15
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java
...l/jaxp/validation/XMLSchemaValidatorComponentManager.java
+20
-8
jaxp/src/com/sun/org/apache/xerces/internal/parsers/DOMParser.java
...com/sun/org/apache/xerces/internal/parsers/DOMParser.java
+12
-0
jaxp/src/com/sun/org/apache/xerces/internal/parsers/SAXParser.java
...com/sun/org/apache/xerces/internal/parsers/SAXParser.java
+23
-0
jaxp/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java
...rg/apache/xerces/internal/parsers/XML11Configuration.java
+6
-18
jaxp/src/com/sun/org/apache/xerces/internal/utils/SecuritySupport.java
...sun/org/apache/xerces/internal/utils/SecuritySupport.java
+9
-7
jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityPropertyManager.java
...che/xerces/internal/utils/XMLSecurityPropertyManager.java
+190
-0
jaxp/src/com/sun/org/apache/xerces/internal/xinclude/XIncludeHandler.java
.../org/apache/xerces/internal/xinclude/XIncludeHandler.java
+13
-18
jaxp/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java
...m/sun/org/apache/xml/internal/utils/XMLReaderManager.java
+8
-6
未找到文件。
jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java
浏览文件 @
787f76a4
...
...
@@ -73,13 +73,39 @@ public final class XalanConstants {
* Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
*/
public
static
final
String
EXTERNAL_ACCESS_DEFAULT_FSP
=
""
;
/**
* JDK version by which the default is to restrict external connection
*/
public
static
final
int
RESTRICT_BY_DEFAULT_JDK_VERSION
=
8
;
/**
* FEATURE_SECURE_PROCESSING (FSP) is false by default
*/
public
static
final
String
EXTERNAL_ACCESS_DEFAULT
=
ACCESS_EXTERNAL_ALL
;
public
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
ORACLE_JAXP_PROPERTY_PREFIX
+
"xmlSecurityPropertyManager"
;
/**
* Check if we're in jdk8 or above
*/
public
static
final
boolean
IS_JDK8_OR_ABOVE
=
isJavaVersionAtLeast
(
8
);
/*
* Check the version of the current JDK against that specified in the
* parameter
*
* There is a proposal to change the java version string to:
* MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
* This method would work with both the current format and that proposed
*
* @param compareTo a JDK version to be compared to
* @return true if the current version is the same or above that represented
* by the parameter
*/
public
static
boolean
isJavaVersionAtLeast
(
int
compareTo
)
{
String
javaVersion
=
SecuritySupport
.
getSystemProperty
(
"java.version"
);
String
versions
[]
=
javaVersion
.
split
(
"\\."
,
3
);
if
(
Integer
.
parseInt
(
versions
[
0
])
>=
compareTo
||
Integer
.
parseInt
(
versions
[
1
])
>=
compareTo
)
{
return
true
;
}
return
false
;
}
}
// class Constants
jaxp/src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java
浏览文件 @
787f76a4
...
...
@@ -229,7 +229,8 @@ public final class SecuritySupport {
* @return the name of the protocol if rejected, null otherwise
*/
public
static
String
checkAccess
(
String
systemId
,
String
allowedProtocols
,
String
accessAny
)
throws
IOException
{
if
(
systemId
==
null
||
allowedProtocols
.
equalsIgnoreCase
(
accessAny
))
{
if
(
systemId
==
null
||
(
allowedProtocols
!=
null
&&
allowedProtocols
.
equalsIgnoreCase
(
accessAny
)))
{
return
null
;
}
...
...
@@ -262,6 +263,9 @@ public final class SecuritySupport {
* @return true if the protocol is in the list
*/
private
static
boolean
isProtocolAllowed
(
String
protocol
,
String
allowedProtocols
)
{
if
(
allowedProtocols
==
null
)
{
return
false
;
}
String
temp
[]
=
allowedProtocols
.
split
(
","
);
for
(
String
t
:
temp
)
{
t
=
t
.
trim
();
...
...
@@ -273,18 +277,16 @@ public final class SecuritySupport {
}
/**
* Read from $java.home/lib/jaxp.properties for the specified property
* Read JAXP system property in this order: system property,
* $java.home/lib/jaxp.properties if the system property is not specified
*
* @param propertyId the Id of the property
* @return the value of the property
*/
public
static
String
get
DefaultAccessProperty
(
String
sysPropertyId
,
String
defaultVal
)
{
String
accessExternal
=
SecuritySupport
.
getSystemProperty
(
sysPropertyId
);
public
static
String
get
JAXPSystemProperty
(
String
sysPropertyId
)
{
String
accessExternal
=
getSystemProperty
(
sysPropertyId
);
if
(
accessExternal
==
null
)
{
accessExternal
=
readJAXPProperty
(
sysPropertyId
);
if
(
accessExternal
==
null
)
{
accessExternal
=
defaultVal
;
}
}
return
accessExternal
;
}
...
...
jaxp/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityPropertyManager.java
0 → 100644
浏览文件 @
787f76a4
/*
* Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package
com.sun.org.apache.xalan.internal.utils
;
import
com.sun.org.apache.xalan.internal.XalanConstants
;
import
javax.xml.XMLConstants
;
/**
* This class manages security related properties
*
*/
public
final
class
XMLSecurityPropertyManager
{
/**
* States of the settings of a property, in the order: default value, value
* set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system
* properties, and jaxp api properties
*/
public
static
enum
State
{
//this order reflects the overriding order
DEFAULT
,
FSP
,
JAXPDOTPROPERTIES
,
SYSTEMPROPERTY
,
APIPROPERTY
}
/**
* Limits managed by the security manager
*/
public
static
enum
Property
{
ACCESS_EXTERNAL_DTD
(
XMLConstants
.
ACCESS_EXTERNAL_DTD
,
XalanConstants
.
EXTERNAL_ACCESS_DEFAULT
),
ACCESS_EXTERNAL_STYLESHEET
(
XMLConstants
.
ACCESS_EXTERNAL_STYLESHEET
,
XalanConstants
.
EXTERNAL_ACCESS_DEFAULT
);
final
String
name
;
final
String
defaultValue
;
Property
(
String
name
,
String
value
)
{
this
.
name
=
name
;
this
.
defaultValue
=
value
;
}
public
boolean
equalsName
(
String
propertyName
)
{
return
(
propertyName
==
null
)
?
false
:
name
.
equals
(
propertyName
);
}
String
defaultValue
()
{
return
defaultValue
;
}
}
/**
* Values of the properties as defined in enum Properties
*/
private
final
String
[]
values
;
/**
* States of the settings for each property in Properties above
*/
private
State
[]
states
=
{
State
.
DEFAULT
,
State
.
DEFAULT
};
/**
* Default constructor. Establishes default values
*/
public
XMLSecurityPropertyManager
()
{
values
=
new
String
[
Property
.
values
().
length
];
for
(
Property
property
:
Property
.
values
())
{
values
[
property
.
ordinal
()]
=
property
.
defaultValue
();
}
//read system properties or jaxp.properties
readSystemProperties
();
}
/**
* Set the value for a specific property.
*
* @param property the property
* @param state the state of the property
* @param value the value of the property
*/
public
void
setValue
(
Property
property
,
State
state
,
String
value
)
{
//only update if it shall override
if
(
state
.
compareTo
(
states
[
property
.
ordinal
()])
>=
0
)
{
values
[
property
.
ordinal
()]
=
value
;
states
[
property
.
ordinal
()]
=
state
;
}
}
/**
* Set the value of a property by its index
* @param index the index of the property
* @param state the state of the property
* @param value the value of the property
*/
public
void
setValue
(
int
index
,
State
state
,
String
value
)
{
//only update if it shall override
if
(
state
.
compareTo
(
states
[
index
])
>=
0
)
{
values
[
index
]
=
value
;
states
[
index
]
=
state
;
}
}
/**
* Return the value of the specified property
*
* @param property the property
* @return the value of the property
*/
public
String
getValue
(
Property
property
)
{
return
values
[
property
.
ordinal
()];
}
/**
* Return the value of a property by its ordinal
* @param index the index of a property
* @return value of a property
*/
public
String
getValueByIndex
(
int
index
)
{
return
values
[
index
];
}
/**
* Get the index by property name
* @param propertyName property name
* @return the index of the property if found; return -1 if not
*/
public
int
getIndex
(
String
propertyName
){
for
(
Property
property
:
Property
.
values
())
{
if
(
property
.
equalsName
(
propertyName
))
{
//internally, ordinal is used as index
return
property
.
ordinal
();
}
}
return
-
1
;
}
/**
* Read from system properties, or those in jaxp.properties
*/
private
void
readSystemProperties
()
{
getSystemProperty
(
Property
.
ACCESS_EXTERNAL_DTD
,
XalanConstants
.
SP_ACCESS_EXTERNAL_DTD
);
getSystemProperty
(
Property
.
ACCESS_EXTERNAL_STYLESHEET
,
XalanConstants
.
SP_ACCESS_EXTERNAL_STYLESHEET
);
}
/**
* Read from system properties, or those in jaxp.properties
*
* @param property the property
* @param systemProperty the name of the system property
*/
private
void
getSystemProperty
(
Property
property
,
String
systemProperty
)
{
try
{
String
value
=
SecuritySupport
.
getSystemProperty
(
systemProperty
);
if
(
value
!=
null
)
{
values
[
property
.
ordinal
()]
=
value
;
states
[
property
.
ordinal
()]
=
State
.
SYSTEMPROPERTY
;
return
;
}
value
=
SecuritySupport
.
readJAXPProperty
(
systemProperty
);
if
(
value
!=
null
)
{
values
[
property
.
ordinal
()]
=
value
;
states
[
property
.
ordinal
()]
=
State
.
JAXPDOTPROPERTIES
;
}
}
catch
(
NumberFormatException
e
)
{
//invalid setting ignored
}
}
}
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java
浏览文件 @
787f76a4
...
...
@@ -27,6 +27,9 @@ import com.sun.org.apache.xalan.internal.XalanConstants;
import
com.sun.org.apache.xalan.internal.utils.FactoryImpl
;
import
com.sun.org.apache.xalan.internal.utils.ObjectFactory
;
import
com.sun.org.apache.xalan.internal.utils.SecuritySupport
;
import
com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager
;
import
com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.Property
;
import
com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.State
;
import
com.sun.org.apache.xalan.internal.xsltc.compiler.Constants
;
import
com.sun.org.apache.xalan.internal.xsltc.compiler.SourceLoader
;
import
com.sun.org.apache.xalan.internal.xsltc.compiler.XSLTC
;
...
...
@@ -215,11 +218,13 @@ public class TransformerFactoryImpl
* protocols allowed for external references set by the stylesheet processing instruction, Import and Include element.
*/
private
String
_accessExternalStylesheet
=
XalanConstants
.
EXTERNAL_ACCESS_DEFAULT
;
/**
* protocols allowed for external DTD references in source file and/or stylesheet.
*/
private
String
_accessExternalDTD
=
XalanConstants
.
EXTERNAL_ACCESS_DEFAULT
;
private
XMLSecurityPropertyManager
_xmlSecurityPropertyMgr
;
/**
* javax.xml.transform.sax.TransformerFactory implementation.
...
...
@@ -235,15 +240,16 @@ public class TransformerFactoryImpl
private
TransformerFactoryImpl
(
boolean
useServicesMechanism
)
{
this
.
_useServicesMechanism
=
useServicesMechanism
;
String
defaultAccess
=
XalanConstants
.
EXTERNAL_ACCESS_DEFAULT
;
if
(
System
.
getSecurityManager
()
!=
null
)
{
_isSecureMode
=
true
;
_isNotSecureProcessing
=
false
;
}
_accessExternalStylesheet
=
SecuritySupport
.
getDefaultAccessProperty
(
XalanConstants
.
SP_ACCESS_EXTERNAL_STYLESHEET
,
defaultAccess
);
_accessExternalDTD
=
SecuritySupport
.
getDefaultAccessProperty
(
XalanConstants
.
SP_ACCESS_EXTERNAL_DTD
,
defaultAccess
);
_xmlSecurityPropertyMgr
=
new
XMLSecurityPropertyManager
();
_accessExternalDTD
=
_xmlSecurityPropertyMgr
.
getValue
(
Property
.
ACCESS_EXTERNAL_DTD
);
_accessExternalStylesheet
=
_xmlSecurityPropertyMgr
.
getValue
(
Property
.
ACCESS_EXTERNAL_STYLESHEET
);
}
/**
...
...
@@ -306,11 +312,10 @@ public class TransformerFactoryImpl
else
return
Boolean
.
FALSE
;
}
else
if
(
name
.
equals
(
XMLConstants
.
ACCESS_EXTERNAL_STYLESHEET
))
{
return
_accessExternalStylesheet
;
}
else
if
(
name
.
equals
(
XMLConstants
.
ACCESS_EXTERNAL_DTD
))
{
return
_accessExternalDTD
;
int
index
=
_xmlSecurityPropertyMgr
.
getIndex
(
name
);
if
(
index
>
-
1
)
{
return
_xmlSecurityPropertyMgr
.
getValueByIndex
(
index
);
}
// Throw an exception for all other attributes
...
...
@@ -413,12 +418,15 @@ public class TransformerFactoryImpl
return
;
}
}
else
if
(
name
.
equals
(
XMLConstants
.
ACCESS_EXTERNAL_STYLESHEET
))
{
_accessExternalStylesheet
=
(
String
)
value
;
return
;
}
else
if
(
name
.
equals
(
XMLConstants
.
ACCESS_EXTERNAL_DTD
))
{
_accessExternalDTD
=
(
String
)
value
;
int
index
=
_xmlSecurityPropertyMgr
.
getIndex
(
name
);
if
(
index
>
-
1
)
{
_xmlSecurityPropertyMgr
.
setValue
(
index
,
State
.
APIPROPERTY
,
(
String
)
value
);
_accessExternalDTD
=
_xmlSecurityPropertyMgr
.
getValue
(
Property
.
ACCESS_EXTERNAL_DTD
);
_accessExternalStylesheet
=
_xmlSecurityPropertyMgr
.
getValue
(
Property
.
ACCESS_EXTERNAL_STYLESHEET
);
return
;
}
...
...
@@ -466,11 +474,18 @@ public class TransformerFactoryImpl
}
_isNotSecureProcessing
=
!
value
;
// set restriction, allowing no access to external stylesheet
if
(
value
)
{
_accessExternalStylesheet
=
XalanConstants
.
EXTERNAL_ACCESS_DEFAULT_FSP
;
_accessExternalDTD
=
XalanConstants
.
EXTERNAL_ACCESS_DEFAULT_FSP
;
// set external access restriction when FSP is explicitly set
if
(
value
&&
XalanConstants
.
IS_JDK8_OR_ABOVE
)
{
_xmlSecurityPropertyMgr
.
setValue
(
Property
.
ACCESS_EXTERNAL_DTD
,
State
.
FSP
,
XalanConstants
.
EXTERNAL_ACCESS_DEFAULT_FSP
);
_xmlSecurityPropertyMgr
.
setValue
(
Property
.
ACCESS_EXTERNAL_STYLESHEET
,
State
.
FSP
,
XalanConstants
.
EXTERNAL_ACCESS_DEFAULT_FSP
);
_accessExternalDTD
=
_xmlSecurityPropertyMgr
.
getValue
(
Property
.
ACCESS_EXTERNAL_DTD
);
_accessExternalStylesheet
=
_xmlSecurityPropertyMgr
.
getValue
(
Property
.
ACCESS_EXTERNAL_STYLESHEET
);
}
return
;
}
else
if
(
name
.
equals
(
XalanConstants
.
ORACLE_FEATURE_SERVICE_MECHANISM
))
{
...
...
jaxp/src/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java
浏览文件 @
787f76a4
...
...
@@ -33,7 +33,7 @@ import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings;
import
com.sun.org.apache.xerces.internal.util.PropertyState
;
import
com.sun.org.apache.xerces.internal.util.SymbolTable
;
import
com.sun.org.apache.xerces.internal.utils.ObjectFactory
;
import
com.sun.org.apache.xerces.internal.utils.
SecuritySupport
;
import
com.sun.org.apache.xerces.internal.utils.
XMLSecurityPropertyManager
;
import
com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler
;
import
com.sun.org.apache.xerces.internal.xni.XMLDTDHandler
;
import
com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler
;
...
...
@@ -156,13 +156,9 @@ public class DOMConfigurationImpl extends ParserConfigurationSettings
protected
static
final
String
SCHEMA_DV_FACTORY
=
Constants
.
XERCES_PROPERTY_PREFIX
+
Constants
.
SCHEMA_DV_FACTORY_PROPERTY
;
/** Property identifier: access to external dtd */
protected
static
final
String
ACCESS_EXTERNAL_DTD
=
XMLConstants
.
ACCESS_EXTERNAL_DTD
;
/** Property identifier: access to external schema */
protected
static
final
String
ACCESS_EXTERNAL_SCHEMA
=
XMLConstants
.
ACCESS_EXTERNAL_SCHEMA
;
/** Property identifier: Security property manager. */
private
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
Constants
.
XML_SECURITY_PROPERTY_MANAGER
;
//
// Data
...
...
@@ -283,8 +279,7 @@ public class DOMConfigurationImpl extends ParserConfigurationSettings
JAXP_SCHEMA_LANGUAGE
,
DTD_VALIDATOR_FACTORY_PROPERTY
,
SCHEMA_DV_FACTORY
,
ACCESS_EXTERNAL_DTD
,
ACCESS_EXTERNAL_SCHEMA
XML_SECURITY_PROPERTY_MANAGER
};
addRecognizedProperties
(
recognizedProperties
);
...
...
@@ -318,14 +313,8 @@ public class DOMConfigurationImpl extends ParserConfigurationSettings
fValidationManager
=
createValidationManager
();
setProperty
(
VALIDATION_MANAGER
,
fValidationManager
);
//For DOM, the secure feature is set to true by default
String
accessExternal
=
SecuritySupport
.
getDefaultAccessProperty
(
Constants
.
SP_ACCESS_EXTERNAL_DTD
,
Constants
.
EXTERNAL_ACCESS_DEFAULT
);
setProperty
(
ACCESS_EXTERNAL_DTD
,
accessExternal
);
accessExternal
=
SecuritySupport
.
getDefaultAccessProperty
(
Constants
.
SP_ACCESS_EXTERNAL_SCHEMA
,
Constants
.
EXTERNAL_ACCESS_DEFAULT
);
setProperty
(
ACCESS_EXTERNAL_SCHEMA
,
accessExternal
);
setProperty
(
Constants
.
XML_SECURITY_PROPERTY_MANAGER
,
new
XMLSecurityPropertyManager
());
// add message formatters
if
(
fErrorReporter
.
getMessageFormatter
(
XMLMessageFormatter
.
XML_DOMAIN
)
==
null
)
{
...
...
jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java
浏览文件 @
787f76a4
...
...
@@ -184,6 +184,9 @@ public final class Constants {
public
static
final
String
ORACLE_JAXP_PROPERTY_PREFIX
=
"http://www.oracle.com/xml/jaxp/properties/"
;
public
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
ORACLE_JAXP_PROPERTY_PREFIX
+
"xmlSecurityPropertyManager"
;
//System Properties corresponding to ACCESS_EXTERNAL_* properties
public
static
final
String
SP_ACCESS_EXTERNAL_DTD
=
"javax.xml.accessExternalDTD"
;
public
static
final
String
SP_ACCESS_EXTERNAL_SCHEMA
=
"javax.xml.accessExternalSchema"
;
...
...
@@ -194,16 +197,17 @@ public final class Constants {
* Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
*/
public
static
final
String
EXTERNAL_ACCESS_DEFAULT_FSP
=
""
;
/**
* JDK version by which the default is to restrict external connection
*/
public
static
final
int
RESTRICT_BY_DEFAULT_JDK_VERSION
=
8
;
/**
* FEATURE_SECURE_PROCESSING (FSP) is true by default
*/
public
static
final
String
EXTERNAL_ACCESS_DEFAULT
=
ACCESS_EXTERNAL_ALL
;
/**
* Check if we're in jdk8 or above
*/
public
static
final
boolean
IS_JDK8_OR_ABOVE
=
isJavaVersionAtLeast
(
8
);
//
// DOM features
//
...
...
@@ -697,6 +701,27 @@ public final class Constants {
?
new
ArrayEnumeration
(
fgXercesProperties
)
:
fgEmptyEnumeration
;
}
// getXercesProperties():Enumeration
/*
* Check the version of the current JDK against that specified in the
* parameter
*
* There is a proposal to change the java version string to:
* MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
* This method would work with both the current format and that proposed
*
* @param compareTo a JDK version to be compared to
* @return true if the current version is the same or above that represented
* by the parameter
*/
public
static
boolean
isJavaVersionAtLeast
(
int
compareTo
)
{
String
javaVersion
=
SecuritySupport
.
getSystemProperty
(
"java.version"
);
String
versions
[]
=
javaVersion
.
split
(
"\\."
,
3
);
if
(
Integer
.
parseInt
(
versions
[
0
])
>=
compareTo
||
Integer
.
parseInt
(
versions
[
1
])
>=
compareTo
)
{
return
true
;
}
return
false
;
}
//
// Classes
...
...
jaxp/src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java
浏览文件 @
787f76a4
...
...
@@ -25,10 +25,9 @@
package
com.sun.org.apache.xerces.internal.impl
;
import
com.sun.org.apache.xerces.internal.utils.
SecuritySupport
;
import
com.sun.org.apache.xerces.internal.utils.
XMLSecurityPropertyManager
;
import
com.sun.xml.internal.stream.StaxEntityResolverWrapper
;
import
java.util.HashMap
;
import
javax.xml.XMLConstants
;
import
javax.xml.stream.XMLInputFactory
;
import
javax.xml.stream.XMLOutputFactory
;
import
javax.xml.stream.XMLResolver
;
...
...
@@ -51,15 +50,14 @@ public class PropertyManager {
private
static
final
String
STRING_INTERNING
=
"http://xml.org/sax/features/string-interning"
;
/** Property identifier: access to external dtd */
protected
static
final
String
ACCESS_EXTERNAL_DTD
=
XMLConstants
.
ACCESS_EXTERNAL_DTD
;
/** Property identifier: access to external schema */
protected
static
final
String
ACCESS_EXTERNAL_SCHEMA
=
XMLConstants
.
ACCESS_EXTERNAL_SCHEMA
;
/** Property identifier: Security property manager. */
private
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
Constants
.
XML_SECURITY_PROPERTY_MANAGER
;
HashMap
supportedProps
=
new
HashMap
();
private
XMLSecurityPropertyManager
fSecurityPropertyMgr
;
public
static
final
int
CONTEXT_READER
=
1
;
public
static
final
int
CONTEXT_WRITER
=
2
;
...
...
@@ -84,6 +82,7 @@ public class PropertyManager {
HashMap
properties
=
propertyManager
.
getProperties
();
supportedProps
.
putAll
(
properties
);
fSecurityPropertyMgr
=
(
XMLSecurityPropertyManager
)
getProperty
(
XML_SECURITY_PROPERTY_MANAGER
);
}
private
HashMap
getProperties
(){
...
...
@@ -125,14 +124,8 @@ public class PropertyManager {
supportedProps
.
put
(
Constants
.
XERCES_FEATURE_PREFIX
+
Constants
.
WARN_ON_DUPLICATE_ENTITYDEF_FEATURE
,
new
Boolean
(
false
));
supportedProps
.
put
(
Constants
.
XERCES_FEATURE_PREFIX
+
Constants
.
WARN_ON_UNDECLARED_ELEMDEF_FEATURE
,
new
Boolean
(
false
));
//For DOM/SAX, the secure feature is set to true by default
String
accessExternal
=
SecuritySupport
.
getDefaultAccessProperty
(
Constants
.
SP_ACCESS_EXTERNAL_DTD
,
Constants
.
EXTERNAL_ACCESS_DEFAULT
);
supportedProps
.
put
(
ACCESS_EXTERNAL_DTD
,
accessExternal
);
accessExternal
=
SecuritySupport
.
getDefaultAccessProperty
(
Constants
.
SP_ACCESS_EXTERNAL_SCHEMA
,
Constants
.
EXTERNAL_ACCESS_DEFAULT
);
supportedProps
.
put
(
ACCESS_EXTERNAL_SCHEMA
,
accessExternal
);
fSecurityPropertyMgr
=
new
XMLSecurityPropertyManager
();
supportedProps
.
put
(
XML_SECURITY_PROPERTY_MANAGER
,
fSecurityPropertyMgr
);
}
private
void
initWriterProps
(){
...
...
@@ -148,7 +141,8 @@ public class PropertyManager {
* }
*/
public
boolean
containsProperty
(
String
property
){
return
supportedProps
.
containsKey
(
property
)
;
return
supportedProps
.
containsKey
(
property
)
||
(
fSecurityPropertyMgr
!=
null
&&
fSecurityPropertyMgr
.
getIndex
(
property
)
>
-
1
)
;
}
public
Object
getProperty
(
String
property
){
...
...
@@ -174,7 +168,15 @@ public class PropertyManager {
//add internal stax property
supportedProps
.
put
(
Constants
.
XERCES_PROPERTY_PREFIX
+
Constants
.
STAX_ENTITY_RESOLVER_PROPERTY
,
new
StaxEntityResolverWrapper
((
XMLResolver
)
value
))
;
}
supportedProps
.
put
(
property
,
value
)
;
int
index
=
(
fSecurityPropertyMgr
!=
null
)
?
fSecurityPropertyMgr
.
getIndex
(
property
)
:
-
1
;
if
(
index
>
-
1
)
{
fSecurityPropertyMgr
.
setValue
(
index
,
XMLSecurityPropertyManager
.
State
.
APIPROPERTY
,
(
String
)
value
);
}
else
{
supportedProps
.
put
(
property
,
value
);
}
if
(
equivalentProperty
!=
null
){
supportedProps
.
put
(
equivalentProperty
,
value
)
;
}
...
...
jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java
浏览文件 @
787f76a4
...
...
@@ -53,6 +53,7 @@ import com.sun.org.apache.xerces.internal.impl.XMLEntityHandler;
import
com.sun.org.apache.xerces.internal.util.SecurityManager
;
import
com.sun.org.apache.xerces.internal.util.NamespaceSupport
;
import
com.sun.org.apache.xerces.internal.utils.SecuritySupport
;
import
com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager
;
import
com.sun.org.apache.xerces.internal.xni.NamespaceContext
;
import
com.sun.xml.internal.stream.Entity
;
import
javax.xml.XMLConstants
;
...
...
@@ -166,8 +167,9 @@ public class XMLDocumentFragmentScannerImpl
protected
static
final
String
STANDARD_URI_CONFORMANT
=
Constants
.
XERCES_FEATURE_PREFIX
+
Constants
.
STANDARD_URI_CONFORMANT_FEATURE
;
/** property identifier: access external dtd. */
protected
static
final
String
ACCESS_EXTERNAL_DTD
=
XMLConstants
.
ACCESS_EXTERNAL_DTD
;
/** Property identifier: Security property manager. */
private
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
Constants
.
XML_SECURITY_PROPERTY_MANAGER
;
/** access external dtd: file protocol
* For DOM/SAX, the secure feature is set to true by default
...
...
@@ -199,7 +201,7 @@ public class XMLDocumentFragmentScannerImpl
SYMBOL_TABLE
,
ERROR_REPORTER
,
ENTITY_MANAGER
,
ACCESS_EXTERNAL_DTD
XML_SECURITY_PROPERTY_MANAGER
};
/** Property defaults. */
...
...
@@ -610,7 +612,10 @@ public class XMLDocumentFragmentScannerImpl
dtdGrammarUtil
=
null
;
// JAXP 1.5 features and properties
fAccessExternalDTD
=
(
String
)
componentManager
.
getProperty
(
ACCESS_EXTERNAL_DTD
,
EXTERNAL_ACCESS_DEFAULT
);
XMLSecurityPropertyManager
spm
=
(
XMLSecurityPropertyManager
)
componentManager
.
getProperty
(
XML_SECURITY_PROPERTY_MANAGER
,
null
);
fAccessExternalDTD
=
spm
.
getValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_DTD
);
fStrictURI
=
componentManager
.
getFeature
(
STANDARD_URI_CONFORMANT
,
false
);
//fEntityManager.test();
...
...
@@ -662,9 +667,10 @@ public class XMLDocumentFragmentScannerImpl
dtdGrammarUtil
=
null
;
// Oracle jdk feature
fAccessExternalDTD
=
(
String
)
propertyManager
.
getProperty
(
ACCESS_EXTERNAL_DTD
);
// JAXP 1.5 features and properties
XMLSecurityPropertyManager
spm
=
(
XMLSecurityPropertyManager
)
propertyManager
.
getProperty
(
XML_SECURITY_PROPERTY_MANAGER
);
fAccessExternalDTD
=
spm
.
getValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_DTD
);
}
// reset(XMLComponentManager)
/**
...
...
@@ -762,11 +768,10 @@ public class XMLDocumentFragmentScannerImpl
}
//JAXP 1.5 properties
if
(
propertyId
.
startsWith
(
Constants
.
JAXPAPI_PROPERTY_PREFIX
))
{
if
(
propertyId
.
equals
(
ACCESS_EXTERNAL_DTD
))
{
fAccessExternalDTD
=
(
String
)
value
;
}
if
(
propertyId
.
equals
(
XML_SECURITY_PROPERTY_MANAGER
))
{
XMLSecurityPropertyManager
spm
=
(
XMLSecurityPropertyManager
)
value
;
fAccessExternalDTD
=
spm
.
getValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_DTD
);
}
}
// setProperty(String,Object)
...
...
jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java
浏览文件 @
787f76a4
...
...
@@ -31,6 +31,7 @@ import com.sun.org.apache.xerces.internal.util.*;
import
com.sun.org.apache.xerces.internal.util.SecurityManager
;
import
com.sun.org.apache.xerces.internal.util.URI
;
import
com.sun.org.apache.xerces.internal.utils.SecuritySupport
;
import
com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager
;
import
com.sun.org.apache.xerces.internal.xni.Augmentations
;
import
com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier
;
import
com.sun.org.apache.xerces.internal.xni.XNIException
;
...
...
@@ -166,8 +167,9 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
protected
static
final
String
PARSER_SETTINGS
=
Constants
.
XERCES_FEATURE_PREFIX
+
Constants
.
PARSER_SETTINGS
;
/** property identifier: access external dtd. */
protected
static
final
String
ACCESS_EXTERNAL_DTD
=
XMLConstants
.
ACCESS_EXTERNAL_DTD
;
/** Property identifier: Security property manager. */
private
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
Constants
.
XML_SECURITY_PROPERTY_MANAGER
;
/** access external dtd: file protocol */
static
final
String
EXTERNAL_ACCESS_DEFAULT
=
Constants
.
EXTERNAL_ACCESS_DEFAULT
;
...
...
@@ -203,7 +205,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
VALIDATION_MANAGER
,
BUFFER_SIZE
,
SECURITY_MANAGER
,
ACCESS_EXTERNAL_DTD
XML_SECURITY_PROPERTY_MANAGER
};
/** Property defaults. */
...
...
@@ -214,7 +216,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
null
,
new
Integer
(
DEFAULT_BUFFER_SIZE
),
null
,
EXTERNAL_ACCESS_DEFAULT
null
};
private
static
final
String
XMLEntity
=
"[xml]"
.
intern
();
...
...
@@ -1421,7 +1423,8 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
fLoadExternalDTD
=
!((
Boolean
)
propertyManager
.
getProperty
(
Constants
.
ZEPHYR_PROPERTY_PREFIX
+
Constants
.
IGNORE_EXTERNAL_DTD
)).
booleanValue
();
// JAXP 1.5 feature
fAccessExternalDTD
=
(
String
)
propertyManager
.
getProperty
(
ACCESS_EXTERNAL_DTD
);
XMLSecurityPropertyManager
spm
=
(
XMLSecurityPropertyManager
)
propertyManager
.
getProperty
(
XML_SECURITY_PROPERTY_MANAGER
);
fAccessExternalDTD
=
spm
.
getValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_DTD
);
// initialize state
//fStandalone = false;
...
...
@@ -1485,7 +1488,11 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
fSecurityManager
=
(
SecurityManager
)
componentManager
.
getProperty
(
SECURITY_MANAGER
,
null
);
// JAXP 1.5 feature
fAccessExternalDTD
=
(
String
)
componentManager
.
getProperty
(
ACCESS_EXTERNAL_DTD
,
EXTERNAL_ACCESS_DEFAULT
);
XMLSecurityPropertyManager
spm
=
(
XMLSecurityPropertyManager
)
componentManager
.
getProperty
(
XML_SECURITY_PROPERTY_MANAGER
,
null
);
if
(
spm
==
null
)
{
spm
=
new
XMLSecurityPropertyManager
();
}
fAccessExternalDTD
=
spm
.
getValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_DTD
);
//reset general state
reset
();
...
...
@@ -1641,11 +1648,10 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
}
//JAXP 1.5 properties
if
(
propertyId
.
startsWith
(
Constants
.
JAXPAPI_PROPERTY_PREFIX
))
{
if
(
propertyId
.
equals
(
ACCESS_EXTERNAL_DTD
))
{
fAccessExternalDTD
=
(
String
)
value
;
}
if
(
propertyId
.
equals
(
XML_SECURITY_PROPERTY_MANAGER
))
{
XMLSecurityPropertyManager
spm
=
(
XMLSecurityPropertyManager
)
value
;
fAccessExternalDTD
=
spm
.
getValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_DTD
);
}
}
...
...
jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaLoader.java
浏览文件 @
787f76a4
...
...
@@ -54,6 +54,7 @@ import com.sun.org.apache.xerces.internal.util.Status;
import
com.sun.org.apache.xerces.internal.util.SymbolTable
;
import
com.sun.org.apache.xerces.internal.util.XMLSymbols
;
import
com.sun.org.apache.xerces.internal.utils.SecuritySupport
;
import
com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager
;
import
com.sun.org.apache.xerces.internal.xni.XNIException
;
import
com.sun.org.apache.xerces.internal.xni.grammars.Grammar
;
import
com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription
;
...
...
@@ -218,6 +219,10 @@ XSLoader, DOMConfiguration {
protected
static
final
String
ENTITY_MANAGER
=
Constants
.
XERCES_PROPERTY_PREFIX
+
Constants
.
ENTITY_MANAGER_PROPERTY
;
/** Property identifier: Security property manager. */
private
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
Constants
.
XML_SECURITY_PROPERTY_MANAGER
;
/** Property identifier: access to external dtd */
public
static
final
String
ACCESS_EXTERNAL_DTD
=
XMLConstants
.
ACCESS_EXTERNAL_DTD
;
...
...
@@ -238,8 +243,7 @@ XSLoader, DOMConfiguration {
SECURITY_MANAGER
,
LOCALE
,
SCHEMA_DV_FACTORY
,
ACCESS_EXTERNAL_DTD
,
ACCESS_EXTERNAL_SCHEMA
XML_SECURITY_PROPERTY_MANAGER
};
// Data
...
...
@@ -270,7 +274,6 @@ XSLoader, DOMConfiguration {
private
final
CMNodeFactory
fNodeFactory
=
new
CMNodeFactory
();
//component mgr will be set later
private
CMBuilder
fCMBuilder
;
private
XSDDescription
fXSDDescription
=
new
XSDDescription
();
private
String
faccessExternalDTD
=
Constants
.
EXTERNAL_ACCESS_DEFAULT
;
private
String
faccessExternalSchema
=
Constants
.
EXTERNAL_ACCESS_DEFAULT
;
private
Map
fJAXPCache
;
...
...
@@ -466,11 +469,9 @@ XSLoader, DOMConfiguration {
fErrorReporter
.
putMessageFormatter
(
XSMessageFormatter
.
SCHEMA_DOMAIN
,
new
XSMessageFormatter
());
}
}
else
if
(
propertyId
.
equals
(
ACCESS_EXTERNAL_DTD
))
{
faccessExternalDTD
=
(
String
)
state
;
}
else
if
(
propertyId
.
equals
(
ACCESS_EXTERNAL_SCHEMA
))
{
faccessExternalSchema
=
(
String
)
state
;
else
if
(
propertyId
.
equals
(
XML_SECURITY_PROPERTY_MANAGER
))
{
XMLSecurityPropertyManager
spm
=
(
XMLSecurityPropertyManager
)
state
;
faccessExternalSchema
=
spm
.
getValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_SCHEMA
);
}
}
// setProperty(String, Object)
...
...
@@ -1066,8 +1067,8 @@ XSLoader, DOMConfiguration {
fSchemaHandler
.
setGenerateSyntheticAnnotations
(
componentManager
.
getFeature
(
GENERATE_SYNTHETIC_ANNOTATIONS
,
false
));
fSchemaHandler
.
reset
(
componentManager
);
faccessExternalDTD
=
(
String
)
componentManager
.
getProperty
(
ACCESS_EXTERNAL_DTD
);
faccessExternalSchema
=
(
String
)
componentManager
.
getProperty
(
ACCESS_EXTERNAL_SCHEMA
);
XMLSecurityPropertyManager
spm
=
(
XMLSecurityPropertyManager
)
componentManager
.
getProperty
(
XML_SECURITY_PROPERTY_MANAGER
);
faccessExternalSchema
=
spm
.
getValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_SCHEMA
);
}
private
void
initGrammarBucket
(){
...
...
jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaValidator.java
浏览文件 @
787f76a4
...
...
@@ -233,11 +233,9 @@ public class XMLSchemaValidator
protected
static
final
String
SCHEMA_DV_FACTORY
=
Constants
.
XERCES_PROPERTY_PREFIX
+
Constants
.
SCHEMA_DV_FACTORY_PROPERTY
;
/** property identifier: access external dtd. */
private
static
final
String
ACCESS_EXTERNAL_DTD
=
XMLConstants
.
ACCESS_EXTERNAL_DTD
;
/** Property identifier: access to external schema */
private
static
final
String
ACCESS_EXTERNAL_SCHEMA
=
XMLConstants
.
ACCESS_EXTERNAL_SCHEMA
;
/** Property identifier: Security property manager. */
private
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
Constants
.
XML_SECURITY_PROPERTY_MANAGER
;
protected
static
final
String
USE_SERVICE_MECHANISM
=
Constants
.
ORACLE_FEATURE_SERVICE_MECHANISM
;
...
...
@@ -297,8 +295,7 @@ public class XMLSchemaValidator
JAXP_SCHEMA_SOURCE
,
JAXP_SCHEMA_LANGUAGE
,
SCHEMA_DV_FACTORY
,
ACCESS_EXTERNAL_DTD
,
ACCESS_EXTERNAL_SCHEMA
XML_SECURITY_PROPERTY_MANAGER
};
/** Property defaults. */
...
...
jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java
浏览文件 @
787f76a4
...
...
@@ -78,6 +78,7 @@ import com.sun.org.apache.xerces.internal.util.SymbolTable;
import
com.sun.org.apache.xerces.internal.util.XMLSymbols
;
import
com.sun.org.apache.xerces.internal.util.URI.MalformedURIException
;
import
com.sun.org.apache.xerces.internal.utils.SecuritySupport
;
import
com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager
;
import
com.sun.org.apache.xerces.internal.xni.QName
;
import
com.sun.org.apache.xerces.internal.xni.XNIException
;
import
com.sun.org.apache.xerces.internal.xni.grammars.Grammar
;
...
...
@@ -112,6 +113,7 @@ import org.w3c.dom.Element;
import
org.w3c.dom.Node
;
import
org.xml.sax.InputSource
;
import
org.xml.sax.SAXException
;
import
org.xml.sax.SAXNotRecognizedException
;
import
org.xml.sax.SAXParseException
;
import
org.xml.sax.XMLReader
;
import
org.xml.sax.helpers.XMLReaderFactory
;
...
...
@@ -223,11 +225,9 @@ public class XSDHandler {
protected
static
final
String
LOCALE
=
Constants
.
XERCES_PROPERTY_PREFIX
+
Constants
.
LOCALE_PROPERTY
;
/** property identifier: access external dtd. */
public
static
final
String
ACCESS_EXTERNAL_DTD
=
XMLConstants
.
ACCESS_EXTERNAL_DTD
;
/** Property identifier: access to external schema */
public
static
final
String
ACCESS_EXTERNAL_SCHEMA
=
XMLConstants
.
ACCESS_EXTERNAL_SCHEMA
;
/** Property identifier: Security property manager. */
private
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
Constants
.
XML_SECURITY_PROPERTY_MANAGER
;
protected
static
final
boolean
DEBUG_NODE_POOL
=
false
;
...
...
@@ -260,6 +260,7 @@ public class XSDHandler {
protected
SecurityManager
fSecureProcessing
=
null
;
private
String
fAccessExternalSchema
;
private
String
fAccessExternalDTD
;
// These tables correspond to the symbol spaces defined in the
// spec.
...
...
@@ -2249,6 +2250,13 @@ public class XSDHandler {
}
}
catch
(
SAXException
se
)
{}
try
{
parser
.
setProperty
(
XMLConstants
.
ACCESS_EXTERNAL_DTD
,
fAccessExternalDTD
);
}
catch
(
SAXNotRecognizedException
exc
)
{
System
.
err
.
println
(
"Warning: "
+
parser
.
getClass
().
getName
()
+
": "
+
exc
.
getMessage
());
}
}
// If XML names and Namespace URIs are already internalized we
// can avoid running them through the SymbolTable.
...
...
@@ -3580,11 +3588,17 @@ public class XSDHandler {
}
catch
(
XMLConfigurationException
e
)
{
}
//For Schema validation, the secure feature is set to true by default
fSchemaParser
.
setProperty
(
ACCESS_EXTERNAL_DTD
,
componentManager
.
getProperty
(
ACCESS_EXTERNAL_DTD
,
Constants
.
EXTERNAL_ACCESS_DEFAULT
));
fAccessExternalSchema
=
(
String
)
componentManager
.
getProperty
(
ACCESS_EXTERNAL_SCHEMA
,
Constants
.
EXTERNAL_ACCESS_DEFAULT
);
XMLSecurityPropertyManager
securityPropertyMgr
=
(
XMLSecurityPropertyManager
)
componentManager
.
getProperty
(
XML_SECURITY_PROPERTY_MANAGER
);
//Passing on the setting to the parser
fSchemaParser
.
setProperty
(
XML_SECURITY_PROPERTY_MANAGER
,
securityPropertyMgr
);
fAccessExternalDTD
=
securityPropertyMgr
.
getValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_DTD
);
fAccessExternalSchema
=
securityPropertyMgr
.
getValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_SCHEMA
);
}
// reset(XMLComponentManager)
...
...
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java
浏览文件 @
787f76a4
...
...
@@ -37,6 +37,9 @@ import com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator;
import
com.sun.org.apache.xerces.internal.jaxp.validation.XSGrammarPoolContainer
;
import
com.sun.org.apache.xerces.internal.parsers.DOMParser
;
import
com.sun.org.apache.xerces.internal.util.SecurityManager
;
import
com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager
;
import
com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager.Property
;
import
com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager.State
;
import
com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler
;
import
com.sun.org.apache.xerces.internal.xni.parser.XMLComponent
;
import
com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager
;
...
...
@@ -97,12 +100,17 @@ public class DocumentBuilderImpl extends DocumentBuilder
private
static
final
String
SECURITY_MANAGER
=
Constants
.
XERCES_PROPERTY_PREFIX
+
Constants
.
SECURITY_MANAGER_PROPERTY
;
/** Property identifier: Security property manager. */
private
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
Constants
.
XML_SECURITY_PROPERTY_MANAGER
;
/** property identifier: access external dtd. */
public
static
final
String
ACCESS_EXTERNAL_DTD
=
XMLConstants
.
ACCESS_EXTERNAL_DTD
;
/** Property identifier: access to external schema */
public
static
final
String
ACCESS_EXTERNAL_SCHEMA
=
XMLConstants
.
ACCESS_EXTERNAL_SCHEMA
;
private
final
DOMParser
domParser
;
private
final
Schema
grammar
;
...
...
@@ -117,6 +125,8 @@ public class DocumentBuilderImpl extends DocumentBuilder
/** Initial EntityResolver */
private
final
EntityResolver
fInitEntityResolver
;
private
XMLSecurityPropertyManager
fSecurityPropertyMgr
;
DocumentBuilderImpl
(
DocumentBuilderFactoryImpl
dbf
,
Hashtable
dbfAttrs
,
Hashtable
features
)
throws
SAXNotRecognizedException
,
SAXNotSupportedException
{
this
(
dbf
,
dbfAttrs
,
features
,
false
);
...
...
@@ -160,23 +170,27 @@ public class DocumentBuilderImpl extends DocumentBuilder
domParser
.
setFeature
(
XINCLUDE_FEATURE
,
true
);
}
fSecurityPropertyMgr
=
new
XMLSecurityPropertyManager
();
domParser
.
setProperty
(
XML_SECURITY_PROPERTY_MANAGER
,
fSecurityPropertyMgr
);
// If the secure processing feature is on set a security manager.
if
(
secureProcessing
)
{
domParser
.
setProperty
(
SECURITY_MANAGER
,
new
SecurityManager
());
/**
* By default, secure processing is set, no external access is allowed.
* However, we need to check if it is actively set on the factory since we
* allow the use of the System Property or jaxp.properties to override
* the default value
* If secure processing is explicitly set on the factory, the
* access properties will be set unless the corresponding
* System Properties or jaxp.properties are set
*/
if
(
features
!=
null
)
{
Object
temp
=
features
.
get
(
XMLConstants
.
FEATURE_SECURE_PROCESSING
);
if
(
temp
!=
null
)
{
boolean
value
=
((
Boolean
)
temp
).
booleanValue
();
if
(
value
)
{
domParser
.
setProperty
(
ACCESS_EXTERNAL_DTD
,
Constants
.
EXTERNAL_ACCESS_DEFAULT_FSP
);
domParser
.
setProperty
(
ACCESS_EXTERNAL_SCHEMA
,
Constants
.
EXTERNAL_ACCESS_DEFAULT_FSP
);
if
(
value
&&
Constants
.
IS_JDK8_OR_ABOVE
)
{
fSecurityPropertyMgr
.
setValue
(
Property
.
ACCESS_EXTERNAL_DTD
,
State
.
FSP
,
Constants
.
EXTERNAL_ACCESS_DEFAULT_FSP
);
fSecurityPropertyMgr
.
setValue
(
Property
.
ACCESS_EXTERNAL_SCHEMA
,
State
.
FSP
,
Constants
.
EXTERNAL_ACCESS_DEFAULT_FSP
);
}
}
}
...
...
@@ -220,7 +234,7 @@ public class DocumentBuilderImpl extends DocumentBuilder
setFeatures
(
features
);
}
//
Set attribute
s
//
setAttribute override those that may be set by other mean
s
setDocumentBuilderFactoryAttributes
(
dbfAttrs
);
// Initial EntityResolver
...
...
@@ -275,26 +289,32 @@ public class DocumentBuilderImpl extends DocumentBuilder
// spec when schema validation is enabled
domParser
.
setProperty
(
JAXP_SCHEMA_LANGUAGE
,
W3C_XML_SCHEMA
);
}
}
}
else
if
(
JAXP_SCHEMA_SOURCE
.
equals
(
name
)){
if
(
isValidating
()
)
{
String
value
=(
String
)
dbfAttrs
.
get
(
JAXP_SCHEMA_LANGUAGE
);
if
(
value
!=
null
&&
W3C_XML_SCHEMA
.
equals
(
value
)){
domParser
.
setProperty
(
name
,
val
);
}
else
{
}
}
else
if
(
JAXP_SCHEMA_SOURCE
.
equals
(
name
)){
if
(
isValidating
()
)
{
String
value
=(
String
)
dbfAttrs
.
get
(
JAXP_SCHEMA_LANGUAGE
);
if
(
value
!=
null
&&
W3C_XML_SCHEMA
.
equals
(
value
)){
domParser
.
setProperty
(
name
,
val
);
}
else
{
throw
new
IllegalArgumentException
(
DOMMessageFormatter
.
formatMessage
(
DOMMessageFormatter
.
DOM_DOMAIN
,
"jaxp-order-not-supported"
,
new
Object
[]
{
JAXP_SCHEMA_LANGUAGE
,
JAXP_SCHEMA_SOURCE
}));
}
}
}
else
{
// Let Xerces code handle the property
domParser
.
setProperty
(
name
,
val
);
}
}
}
}
}
else
{
int
index
=
fSecurityPropertyMgr
.
getIndex
(
name
);
if
(
index
>
-
1
)
{
fSecurityPropertyMgr
.
setValue
(
index
,
XMLSecurityPropertyManager
.
State
.
APIPROPERTY
,
(
String
)
val
);
}
else
{
// Let Xerces code handle the property
domParser
.
setProperty
(
name
,
val
);
}
}
}
}
}
/**
* Non-preferred: use the getDOMImplementation() method instead of this
...
...
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java
浏览文件 @
787f76a4
...
...
@@ -36,6 +36,7 @@ import com.sun.org.apache.xerces.internal.jaxp.validation.XSGrammarPoolContainer
import
com.sun.org.apache.xerces.internal.util.SAXMessageFormatter
;
import
com.sun.org.apache.xerces.internal.util.SecurityManager
;
import
com.sun.org.apache.xerces.internal.util.Status
;
import
com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager
;
import
com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler
;
import
com.sun.org.apache.xerces.internal.xni.parser.XMLComponent
;
import
com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager
;
...
...
@@ -92,11 +93,9 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
private
static
final
String
SECURITY_MANAGER
=
Constants
.
XERCES_PROPERTY_PREFIX
+
Constants
.
SECURITY_MANAGER_PROPERTY
;
/** property identifier: access external dtd. */
public
static
final
String
ACCESS_EXTERNAL_DTD
=
XMLConstants
.
ACCESS_EXTERNAL_DTD
;
/** Property identifier: access to external schema */
public
static
final
String
ACCESS_EXTERNAL_SCHEMA
=
XMLConstants
.
ACCESS_EXTERNAL_SCHEMA
;
/** Property identifier: Security property manager. */
private
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
Constants
.
XML_SECURITY_PROPERTY_MANAGER
;
private
final
JAXPSAXParser
xmlReader
;
private
String
schemaLanguage
=
null
;
// null means DTD
...
...
@@ -113,6 +112,8 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
/** Initial EntityResolver */
private
final
EntityResolver
fInitEntityResolver
;
private
XMLSecurityPropertyManager
fSecurityPropertyMgr
;
/**
* Create a SAX parser with the associated features
* @param features Hashtable of SAX features, may be null
...
...
@@ -149,6 +150,9 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
xmlReader
.
setFeature0
(
XINCLUDE_FEATURE
,
true
);
}
fSecurityPropertyMgr
=
new
XMLSecurityPropertyManager
();
xmlReader
.
setProperty0
(
XML_SECURITY_PROPERTY_MANAGER
,
fSecurityPropertyMgr
);
// If the secure processing feature is on set a security manager.
if
(
secureProcessing
)
{
xmlReader
.
setProperty0
(
SECURITY_MANAGER
,
new
SecurityManager
());
...
...
@@ -162,9 +166,12 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
Object
temp
=
features
.
get
(
XMLConstants
.
FEATURE_SECURE_PROCESSING
);
if
(
temp
!=
null
)
{
boolean
value
=
((
Boolean
)
temp
).
booleanValue
();
if
(
value
)
{
xmlReader
.
setProperty0
(
ACCESS_EXTERNAL_DTD
,
Constants
.
EXTERNAL_ACCESS_DEFAULT_FSP
);
xmlReader
.
setProperty0
(
ACCESS_EXTERNAL_SCHEMA
,
Constants
.
EXTERNAL_ACCESS_DEFAULT_FSP
);
if
(
value
&&
Constants
.
IS_JDK8_OR_ABOVE
)
{
fSecurityPropertyMgr
.
setValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_DTD
,
XMLSecurityPropertyManager
.
State
.
FSP
,
Constants
.
EXTERNAL_ACCESS_DEFAULT_FSP
);
fSecurityPropertyMgr
.
setValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_SCHEMA
,
XMLSecurityPropertyManager
.
State
.
FSP
,
Constants
.
EXTERNAL_ACCESS_DEFAULT_FSP
);
}
}
}
...
...
@@ -530,14 +537,21 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
return
;
}
}
if
(!
fInitProperties
.
containsKey
(
name
))
{
fInitProperties
.
put
(
name
,
super
.
getProperty
(
name
));
}
/** Forward property to the schema validator if there is one. **/
if
(
fSAXParser
!=
null
&&
fSAXParser
.
fSchemaValidator
!=
null
)
{
setSchemaValidatorProperty
(
name
,
value
);
}
super
.
setProperty
(
name
,
value
);
/** Check to see if the property is managed by the property manager **/
int
index
=
fSAXParser
.
fSecurityPropertyMgr
.
getIndex
(
name
);
if
(
index
>
-
1
)
{
fSAXParser
.
fSecurityPropertyMgr
.
setValue
(
index
,
XMLSecurityPropertyManager
.
State
.
APIPROPERTY
,
(
String
)
value
);
}
else
{
if
(!
fInitProperties
.
containsKey
(
name
))
{
fInitProperties
.
put
(
name
,
super
.
getProperty
(
name
));
}
super
.
setProperty
(
name
,
value
);
}
}
public
synchronized
Object
getProperty
(
String
name
)
...
...
@@ -550,6 +564,11 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
// JAXP 1.2 support
return
fSAXParser
.
schemaLanguage
;
}
int
index
=
fSAXParser
.
fSecurityPropertyMgr
.
getIndex
(
name
);
if
(
index
>
-
1
)
{
return
fSAXParser
.
fSecurityPropertyMgr
.
getValueByIndex
(
index
);
}
return
super
.
getProperty
(
name
);
}
...
...
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java
浏览文件 @
787f76a4
...
...
@@ -177,11 +177,11 @@ final class StreamValidatorHelper implements ValidatorHelper {
}
config
.
setProperty
(
SYMBOL_TABLE
,
fComponentManager
.
getProperty
(
SYMBOL_TABLE
));
config
.
setProperty
(
VALIDATION_MANAGER
,
fComponentManager
.
getProperty
(
VALIDATION_MANAGER
));
config
.
setProperty
(
XMLConstants
.
ACCESS_EXTERNAL_DTD
,
fComponentManager
.
getProperty
(
XMLConstants
.
ACCESS_EXTERNAL_DTD
));
config
.
setDocumentHandler
(
fSchemaValidator
);
config
.
setDTDHandler
(
null
);
config
.
setDTDContentModelHandler
(
null
);
config
.
setProperty
(
Constants
.
XML_SECURITY_PROPERTY_MANAGER
,
fComponentManager
.
getProperty
(
Constants
.
XML_SECURITY_PROPERTY_MANAGER
));
fConfiguration
=
new
SoftReference
(
config
);
return
config
;
}
...
...
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java
浏览文件 @
787f76a4
...
...
@@ -53,6 +53,7 @@ import com.sun.org.apache.xerces.internal.util.SecurityManager;
import
com.sun.org.apache.xerces.internal.util.URI
;
import
com.sun.org.apache.xerces.internal.util.XMLAttributesImpl
;
import
com.sun.org.apache.xerces.internal.util.XMLSymbols
;
import
com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager
;
import
com.sun.org.apache.xerces.internal.xni.Augmentations
;
import
com.sun.org.apache.xerces.internal.xni.NamespaceContext
;
import
com.sun.org.apache.xerces.internal.xni.QName
;
...
...
@@ -134,6 +135,10 @@ final class ValidatorHandlerImpl extends ValidatorHandler implements
private
static
final
String
VALIDATION_MANAGER
=
Constants
.
XERCES_PROPERTY_PREFIX
+
Constants
.
VALIDATION_MANAGER_PROPERTY
;
/** Property identifier: Security property manager. */
private
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
Constants
.
XML_SECURITY_PROPERTY_MANAGER
;
//
// Data
//
...
...
@@ -686,8 +691,10 @@ final class ValidatorHandlerImpl extends ValidatorHandler implements
catch
(
SAXException
exc
)
{}
}
try
{
XMLSecurityPropertyManager
spm
=
(
XMLSecurityPropertyManager
)
fComponentManager
.
getProperty
(
XML_SECURITY_PROPERTY_MANAGER
);
reader
.
setProperty
(
XMLConstants
.
ACCESS_EXTERNAL_DTD
,
fComponentManager
.
getProperty
(
XMLConstants
.
ACCESS_EXTERNAL_DTD
));
spm
.
getValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_DTD
));
}
catch
(
SAXException
exc
)
{
System
.
err
.
println
(
"Warning: "
+
reader
.
getClass
().
getName
()
+
": "
+
exc
.
getMessage
());
...
...
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java
浏览文件 @
787f76a4
...
...
@@ -45,7 +45,7 @@ import com.sun.org.apache.xerces.internal.util.SecurityManager;
import
com.sun.org.apache.xerces.internal.util.StAXInputSource
;
import
com.sun.org.apache.xerces.internal.util.Status
;
import
com.sun.org.apache.xerces.internal.util.XMLGrammarPoolImpl
;
import
com.sun.org.apache.xerces.internal.utils.
SecuritySupport
;
import
com.sun.org.apache.xerces.internal.utils.
XMLSecurityPropertyManager
;
import
com.sun.org.apache.xerces.internal.xni.XNIException
;
import
com.sun.org.apache.xerces.internal.xni.grammars.Grammar
;
import
com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription
;
...
...
@@ -83,11 +83,10 @@ public final class XMLSchemaFactory extends SchemaFactory {
private
static
final
String
SECURITY_MANAGER
=
Constants
.
XERCES_PROPERTY_PREFIX
+
Constants
.
SECURITY_MANAGER_PROPERTY
;
/** property identifier: access external dtd. */
public
static
final
String
ACCESS_EXTERNAL_DTD
=
XMLConstants
.
ACCESS_EXTERNAL_DTD
;
/** Property identifier: Security property manager. */
private
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
Constants
.
XML_SECURITY_PROPERTY_MANAGER
;
/** Property identifier: access to external schema */
public
static
final
String
ACCESS_EXTERNAL_SCHEMA
=
XMLConstants
.
ACCESS_EXTERNAL_SCHEMA
;
//
// Data
...
...
@@ -111,6 +110,9 @@ public final class XMLSchemaFactory extends SchemaFactory {
/** The SecurityManager. */
private
SecurityManager
fSecurityManager
;
/** The Security property manager. */
private
XMLSecurityPropertyManager
fSecurityPropertyMgr
;
/** The container for the real grammar pool. */
private
XMLGrammarPoolWrapper
fXMLGrammarPoolWrapper
;
...
...
@@ -120,6 +122,8 @@ public final class XMLSchemaFactory extends SchemaFactory {
* Note the default value (false) is the safe option..
*/
private
final
boolean
fUseServicesMechanism
;
public
XMLSchemaFactory
()
{
this
(
true
);
}
...
...
@@ -140,13 +144,9 @@ public final class XMLSchemaFactory extends SchemaFactory {
fSecurityManager
=
new
SecurityManager
();
fXMLSchemaLoader
.
setProperty
(
SECURITY_MANAGER
,
fSecurityManager
);
//by default, the secure feature is set to true, otherwise the default would have been 'file'
String
accessExternal
=
SecuritySupport
.
getDefaultAccessProperty
(
Constants
.
SP_ACCESS_EXTERNAL_DTD
,
Constants
.
EXTERNAL_ACCESS_DEFAULT
);
fXMLSchemaLoader
.
setProperty
(
ACCESS_EXTERNAL_DTD
,
accessExternal
);
accessExternal
=
SecuritySupport
.
getDefaultAccessProperty
(
Constants
.
SP_ACCESS_EXTERNAL_SCHEMA
,
Constants
.
EXTERNAL_ACCESS_DEFAULT
);
fXMLSchemaLoader
.
setProperty
(
ACCESS_EXTERNAL_SCHEMA
,
accessExternal
);
fSecurityPropertyMgr
=
new
XMLSecurityPropertyManager
();
fXMLSchemaLoader
.
setProperty
(
XML_SECURITY_PROPERTY_MANAGER
,
fSecurityPropertyMgr
);
}
/**
...
...
@@ -282,6 +282,7 @@ public final class XMLSchemaFactory extends SchemaFactory {
schema
=
new
EmptyXMLSchema
();
}
propagateFeatures
(
schema
);
propagateProperties
(
schema
);
return
schema
;
}
...
...
@@ -366,8 +367,13 @@ public final class XMLSchemaFactory extends SchemaFactory {
}
if
(
value
)
{
fSecurityManager
=
new
SecurityManager
();
fXMLSchemaLoader
.
setProperty
(
ACCESS_EXTERNAL_DTD
,
Constants
.
EXTERNAL_ACCESS_DEFAULT_FSP
);
fXMLSchemaLoader
.
setProperty
(
ACCESS_EXTERNAL_SCHEMA
,
Constants
.
EXTERNAL_ACCESS_DEFAULT_FSP
);
if
(
Constants
.
IS_JDK8_OR_ABOVE
)
{
fSecurityPropertyMgr
.
setValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_DTD
,
XMLSecurityPropertyManager
.
State
.
FSP
,
Constants
.
EXTERNAL_ACCESS_DEFAULT_FSP
);
fSecurityPropertyMgr
.
setValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_SCHEMA
,
XMLSecurityPropertyManager
.
State
.
FSP
,
Constants
.
EXTERNAL_ACCESS_DEFAULT_FSP
);
}
}
else
{
fSecurityManager
=
null
;
}
...
...
@@ -414,7 +420,13 @@ public final class XMLSchemaFactory extends SchemaFactory {
"property-not-supported"
,
new
Object
[]
{
name
}));
}
try
{
fXMLSchemaLoader
.
setProperty
(
name
,
object
);
int
index
=
fSecurityPropertyMgr
.
getIndex
(
name
);
if
(
index
>
-
1
)
{
fSecurityPropertyMgr
.
setValue
(
index
,
XMLSecurityPropertyManager
.
State
.
APIPROPERTY
,
(
String
)
object
);
}
else
{
fXMLSchemaLoader
.
setProperty
(
name
,
object
);
}
}
catch
(
XMLConfigurationException
e
)
{
String
identifier
=
e
.
getIdentifier
();
...
...
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java
浏览文件 @
787f76a4
...
...
@@ -42,6 +42,7 @@ import com.sun.org.apache.xerces.internal.util.PropertyState;
import
com.sun.org.apache.xerces.internal.util.SecurityManager
;
import
com.sun.org.apache.xerces.internal.util.Status
;
import
com.sun.org.apache.xerces.internal.util.SymbolTable
;
import
com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager
;
import
com.sun.org.apache.xerces.internal.xni.NamespaceContext
;
import
com.sun.org.apache.xerces.internal.xni.XNIException
;
import
com.sun.org.apache.xerces.internal.xni.parser.XMLComponent
;
...
...
@@ -107,6 +108,10 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
private
static
final
String
SECURITY_MANAGER
=
Constants
.
XERCES_PROPERTY_PREFIX
+
Constants
.
SECURITY_MANAGER_PROPERTY
;
/** Property identifier: security property manager. */
private
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
Constants
.
XML_SECURITY_PROPERTY_MANAGER
;
/** Property identifier: symbol table. */
private
static
final
String
SYMBOL_TABLE
=
Constants
.
XERCES_PROPERTY_PREFIX
+
Constants
.
SYMBOL_TABLE_PROPERTY
;
...
...
@@ -123,12 +128,6 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
private
static
final
String
LOCALE
=
Constants
.
XERCES_PROPERTY_PREFIX
+
Constants
.
LOCALE_PROPERTY
;
/** property identifier: access external dtd. */
private
static
final
String
ACCESS_EXTERNAL_DTD
=
XMLConstants
.
ACCESS_EXTERNAL_DTD
;
/** Property identifier: access to external schema */
private
static
final
String
ACCESS_EXTERNAL_SCHEMA
=
XMLConstants
.
ACCESS_EXTERNAL_SCHEMA
;
//
// Data
//
...
...
@@ -184,6 +183,9 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
/** Stores the initial security manager. */
private
final
SecurityManager
fInitSecurityManager
;
/** Stores the initial security property manager. */
private
final
XMLSecurityPropertyManager
fSecurityPropertyMgr
;
//
// User Objects
//
...
...
@@ -250,8 +252,9 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
fComponents
.
put
(
SECURITY_MANAGER
,
fInitSecurityManager
);
//pass on properties set on SchemaFactory
setProperty
(
ACCESS_EXTERNAL_DTD
,
grammarContainer
.
getProperty
(
ACCESS_EXTERNAL_DTD
));
setProperty
(
ACCESS_EXTERNAL_SCHEMA
,
grammarContainer
.
getProperty
(
ACCESS_EXTERNAL_SCHEMA
));
fSecurityPropertyMgr
=
(
XMLSecurityPropertyManager
)
grammarContainer
.
getProperty
(
Constants
.
XML_SECURITY_PROPERTY_MANAGER
);
setProperty
(
XML_SECURITY_PROPERTY_MANAGER
,
fSecurityPropertyMgr
);
}
/**
...
...
@@ -309,6 +312,15 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
throw
new
XMLConfigurationException
(
Status
.
NOT_ALLOWED
,
XMLConstants
.
FEATURE_SECURE_PROCESSING
);
}
setProperty
(
SECURITY_MANAGER
,
value
?
new
SecurityManager
()
:
null
);
if
(
value
&&
Constants
.
IS_JDK8_OR_ABOVE
)
{
fSecurityPropertyMgr
.
setValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_DTD
,
XMLSecurityPropertyManager
.
State
.
FSP
,
Constants
.
EXTERNAL_ACCESS_DEFAULT_FSP
);
fSecurityPropertyMgr
.
setValue
(
XMLSecurityPropertyManager
.
Property
.
ACCESS_EXTERNAL_SCHEMA
,
XMLSecurityPropertyManager
.
State
.
FSP
,
Constants
.
EXTERNAL_ACCESS_DEFAULT_FSP
);
setProperty
(
XML_SECURITY_PROPERTY_MANAGER
,
fSecurityPropertyMgr
);
}
return
;
}
fConfigUpdated
=
true
;
...
...
jaxp/src/com/sun/org/apache/xerces/internal/parsers/DOMParser.java
浏览文件 @
787f76a4
...
...
@@ -29,6 +29,7 @@ import com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper;
import
com.sun.org.apache.xerces.internal.util.SAXMessageFormatter
;
import
com.sun.org.apache.xerces.internal.util.Status
;
import
com.sun.org.apache.xerces.internal.util.SymbolTable
;
import
com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager
;
import
com.sun.org.apache.xerces.internal.xni.XNIException
;
import
com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool
;
import
com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException
;
...
...
@@ -74,6 +75,10 @@ public class DOMParser
protected
static
final
String
REPORT_WHITESPACE
=
Constants
.
SUN_SCHEMA_FEATURE_PREFIX
+
Constants
.
SUN_REPORT_IGNORED_ELEMENT_CONTENT_WHITESPACE
;
/** Property identifier: Security property manager. */
private
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
Constants
.
XML_SECURITY_PROPERTY_MANAGER
;
// recognized features:
private
static
final
String
[]
RECOGNIZED_FEATURES
=
{
REPORT_WHITESPACE
...
...
@@ -579,6 +584,13 @@ public class DOMParser
}
try
{
XMLSecurityPropertyManager
spm
=
(
XMLSecurityPropertyManager
)
fConfiguration
.
getProperty
(
XML_SECURITY_PROPERTY_MANAGER
);
int
index
=
spm
.
getIndex
(
propertyId
);
if
(
index
>
-
1
)
{
return
spm
.
getValueByIndex
(
index
);
}
return
fConfiguration
.
getProperty
(
propertyId
);
}
catch
(
XMLConfigurationException
e
)
{
...
...
jaxp/src/com/sun/org/apache/xerces/internal/parsers/SAXParser.java
浏览文件 @
787f76a4
...
...
@@ -22,8 +22,11 @@ package com.sun.org.apache.xerces.internal.parsers;
import
com.sun.org.apache.xerces.internal.impl.Constants
;
import
com.sun.org.apache.xerces.internal.util.SymbolTable
;
import
com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager
;
import
com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool
;
import
com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration
;
import
org.xml.sax.SAXNotRecognizedException
;
import
org.xml.sax.SAXNotSupportedException
;
/**
* This is the main Xerces SAX parser class. It uses the abstract SAX
...
...
@@ -120,4 +123,24 @@ public class SAXParser
}
// <init>(SymbolTable,XMLGrammarPool)
/**
* Sets the particular property in the underlying implementation of
* org.xml.sax.XMLReader.
*/
public
void
setProperty
(
String
name
,
Object
value
)
throws
SAXNotRecognizedException
,
SAXNotSupportedException
{
XMLSecurityPropertyManager
spm
=
new
XMLSecurityPropertyManager
();
int
index
=
spm
.
getIndex
(
name
);
if
(
index
>
-
1
)
{
/**
* this is a direct call to this parser, not a subclass since
* internally the support of this property is done through
* XMLSecurityPropertyManager
*/
spm
.
setValue
(
index
,
XMLSecurityPropertyManager
.
State
.
APIPROPERTY
,
(
String
)
value
);
super
.
setProperty
(
Constants
.
XML_SECURITY_PROPERTY_MANAGER
,
spm
);
}
else
{
super
.
setProperty
(
name
,
value
);
}
}
}
// class SAXParser
jaxp/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java
浏览文件 @
787f76a4
...
...
@@ -20,12 +20,10 @@
package
com.sun.org.apache.xerces.internal.parsers
;
import
java.io.File
;
import
java.io.IOException
;
import
java.util.ArrayList
;
import
java.util.HashMap
;
import
java.util.Locale
;
import
java.util.Properties
;
import
javax.xml.XMLConstants
;
import
com.sun.org.apache.xerces.internal.impl.Constants
;
...
...
@@ -53,9 +51,8 @@ import com.sun.org.apache.xerces.internal.impl.xs.XSMessageFormatter;
import
com.sun.org.apache.xerces.internal.util.FeatureState
;
import
com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings
;
import
com.sun.org.apache.xerces.internal.util.PropertyState
;
import
com.sun.org.apache.xerces.internal.util.Status
;
import
com.sun.org.apache.xerces.internal.util.SymbolTable
;
import
com.sun.org.apache.xerces.internal.utils.
SecuritySupport
;
import
com.sun.org.apache.xerces.internal.utils.
XMLSecurityPropertyManager
;
import
com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler
;
import
com.sun.org.apache.xerces.internal.xni.XMLDTDHandler
;
import
com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler
;
...
...
@@ -278,11 +275,10 @@ public class XML11Configuration extends ParserConfigurationSettings
protected
static
final
String
SCHEMA_DV_FACTORY
=
Constants
.
XERCES_PROPERTY_PREFIX
+
Constants
.
SCHEMA_DV_FACTORY_PROPERTY
;
/** Property identifier: access to external dtd */
protected
static
final
String
ACCESS_EXTERNAL_DTD
=
XMLConstants
.
ACCESS_EXTERNAL_DTD
;
/** Property identifier: Security property manager. */
private
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
Constants
.
XML_SECURITY_PROPERTY_MANAGER
;
/** Property identifier: access to external schema */
protected
static
final
String
ACCESS_EXTERNAL_SCHEMA
=
XMLConstants
.
ACCESS_EXTERNAL_SCHEMA
;
// debugging
...
...
@@ -535,8 +531,7 @@ public class XML11Configuration extends ParserConfigurationSettings
SCHEMA_NONS_LOCATION
,
LOCALE
,
SCHEMA_DV_FACTORY
,
ACCESS_EXTERNAL_DTD
,
ACCESS_EXTERNAL_SCHEMA
XML_SECURITY_PROPERTY_MANAGER
};
addRecognizedProperties
(
recognizedProperties
);
...
...
@@ -584,14 +579,7 @@ public class XML11Configuration extends ParserConfigurationSettings
fVersionDetector
=
new
XMLVersionDetector
();
//FEATURE_SECURE_PROCESSING is true, see the feature above
String
accessExternal
=
SecuritySupport
.
getDefaultAccessProperty
(
Constants
.
SP_ACCESS_EXTERNAL_DTD
,
Constants
.
EXTERNAL_ACCESS_DEFAULT
);
fProperties
.
put
(
ACCESS_EXTERNAL_DTD
,
accessExternal
);
accessExternal
=
SecuritySupport
.
getDefaultAccessProperty
(
Constants
.
SP_ACCESS_EXTERNAL_SCHEMA
,
Constants
.
EXTERNAL_ACCESS_DEFAULT
);
fProperties
.
put
(
ACCESS_EXTERNAL_SCHEMA
,
accessExternal
);
fProperties
.
put
(
XML_SECURITY_PROPERTY_MANAGER
,
new
XMLSecurityPropertyManager
());
// add message formatters
if
(
fErrorReporter
.
getMessageFormatter
(
XMLMessageFormatter
.
XML_DOMAIN
)
==
null
)
{
...
...
jaxp/src/com/sun/org/apache/xerces/internal/utils/SecuritySupport.java
浏览文件 @
787f76a4
...
...
@@ -223,7 +223,8 @@ public final class SecuritySupport {
* @return the name of the protocol if rejected, null otherwise
*/
public
static
String
checkAccess
(
String
systemId
,
String
allowedProtocols
,
String
accessAny
)
throws
IOException
{
if
(
systemId
==
null
||
allowedProtocols
.
equalsIgnoreCase
(
accessAny
))
{
if
(
systemId
==
null
||
(
allowedProtocols
!=
null
&&
allowedProtocols
.
equalsIgnoreCase
(
accessAny
)))
{
return
null
;
}
...
...
@@ -256,6 +257,9 @@ public final class SecuritySupport {
* @return true if the protocol is in the list
*/
private
static
boolean
isProtocolAllowed
(
String
protocol
,
String
allowedProtocols
)
{
if
(
allowedProtocols
==
null
)
{
return
false
;
}
String
temp
[]
=
allowedProtocols
.
split
(
","
);
for
(
String
t
:
temp
)
{
t
=
t
.
trim
();
...
...
@@ -267,18 +271,16 @@ public final class SecuritySupport {
}
/**
* Read from $java.home/lib/jaxp.properties for the specified property
* Read JAXP system property in this order: system property,
* $java.home/lib/jaxp.properties if the system property is not specified
*
* @param propertyId the Id of the property
* @return the value of the property
*/
public
static
String
get
DefaultAccessProperty
(
String
sysPropertyId
,
String
defaultVal
)
{
String
accessExternal
=
SecuritySupport
.
getSystemProperty
(
sysPropertyId
);
public
static
String
get
JAXPSystemProperty
(
String
sysPropertyId
)
{
String
accessExternal
=
getSystemProperty
(
sysPropertyId
);
if
(
accessExternal
==
null
)
{
accessExternal
=
readJAXPProperty
(
sysPropertyId
);
if
(
accessExternal
==
null
)
{
accessExternal
=
defaultVal
;
}
}
return
accessExternal
;
}
...
...
jaxp/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityPropertyManager.java
0 → 100644
浏览文件 @
787f76a4
/*
* Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package
com.sun.org.apache.xerces.internal.utils
;
import
com.sun.org.apache.xerces.internal.impl.Constants
;
import
javax.xml.XMLConstants
;
/**
* This class manages security related properties
*
*/
public
final
class
XMLSecurityPropertyManager
{
/**
* States of the settings of a property, in the order: default value, value
* set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system
* properties, and jaxp api properties
*/
public
static
enum
State
{
//this order reflects the overriding order
DEFAULT
,
FSP
,
JAXPDOTPROPERTIES
,
SYSTEMPROPERTY
,
APIPROPERTY
}
/**
* Limits managed by the security manager
*/
public
static
enum
Property
{
ACCESS_EXTERNAL_DTD
(
XMLConstants
.
ACCESS_EXTERNAL_DTD
,
Constants
.
EXTERNAL_ACCESS_DEFAULT
),
ACCESS_EXTERNAL_SCHEMA
(
XMLConstants
.
ACCESS_EXTERNAL_SCHEMA
,
Constants
.
EXTERNAL_ACCESS_DEFAULT
);
final
String
name
;
final
String
defaultValue
;
Property
(
String
name
,
String
value
)
{
this
.
name
=
name
;
this
.
defaultValue
=
value
;
}
public
boolean
equalsName
(
String
propertyName
)
{
return
(
propertyName
==
null
)
?
false
:
name
.
equals
(
propertyName
);
}
String
defaultValue
()
{
return
defaultValue
;
}
}
/**
* Values of the properties as defined in enum Properties
*/
private
final
String
[]
values
;
/**
* States of the settings for each property in Properties above
*/
private
State
[]
states
=
{
State
.
DEFAULT
,
State
.
DEFAULT
};
/**
* Default constructor. Establishes default values
*/
public
XMLSecurityPropertyManager
()
{
values
=
new
String
[
Property
.
values
().
length
];
for
(
Property
property
:
Property
.
values
())
{
values
[
property
.
ordinal
()]
=
property
.
defaultValue
();
}
//read system properties or jaxp.properties
readSystemProperties
();
}
/**
* Set the value for a specific property.
*
* @param property the property
* @param state the state of the property
* @param value the value of the property
*/
public
void
setValue
(
Property
property
,
State
state
,
String
value
)
{
//only update if it shall override
if
(
state
.
compareTo
(
states
[
property
.
ordinal
()])
>=
0
)
{
values
[
property
.
ordinal
()]
=
value
;
states
[
property
.
ordinal
()]
=
state
;
}
}
/**
* Set the value of a property by its index
* @param index the index of the property
* @param state the state of the property
* @param value the value of the property
*/
public
void
setValue
(
int
index
,
State
state
,
String
value
)
{
//only update if it shall override
if
(
state
.
compareTo
(
states
[
index
])
>=
0
)
{
values
[
index
]
=
value
;
states
[
index
]
=
state
;
}
}
/**
* Return the value of the specified property
*
* @param property the property
* @return the value of the property
*/
public
String
getValue
(
Property
property
)
{
return
values
[
property
.
ordinal
()];
}
/**
* Return the value of a property by its ordinal
* @param index the index of a property
* @return value of a property
*/
public
String
getValueByIndex
(
int
index
)
{
return
values
[
index
];
}
/**
* Get the index by property name
* @param propertyName property name
* @return the index of the property if found; return -1 if not
*/
public
int
getIndex
(
String
propertyName
){
for
(
Property
property
:
Property
.
values
())
{
if
(
property
.
equalsName
(
propertyName
))
{
//internally, ordinal is used as index
return
property
.
ordinal
();
}
}
return
-
1
;
}
/**
* Read from system properties, or those in jaxp.properties
*/
private
void
readSystemProperties
()
{
getSystemProperty
(
Property
.
ACCESS_EXTERNAL_DTD
,
Constants
.
SP_ACCESS_EXTERNAL_DTD
);
getSystemProperty
(
Property
.
ACCESS_EXTERNAL_SCHEMA
,
Constants
.
SP_ACCESS_EXTERNAL_SCHEMA
);
}
/**
* Read from system properties, or those in jaxp.properties
*
* @param property the property
* @param systemProperty the name of the system property
*/
private
void
getSystemProperty
(
Property
property
,
String
systemProperty
)
{
try
{
String
value
=
SecuritySupport
.
getSystemProperty
(
systemProperty
);
if
(
value
!=
null
)
{
values
[
property
.
ordinal
()]
=
value
;
states
[
property
.
ordinal
()]
=
State
.
SYSTEMPROPERTY
;
return
;
}
value
=
SecuritySupport
.
readJAXPProperty
(
systemProperty
);
if
(
value
!=
null
)
{
values
[
property
.
ordinal
()]
=
value
;
states
[
property
.
ordinal
()]
=
State
.
JAXPDOTPROPERTIES
;
}
}
catch
(
NumberFormatException
e
)
{
//invalid setting ignored
}
}
}
jaxp/src/com/sun/org/apache/xerces/internal/xinclude/XIncludeHandler.java
浏览文件 @
787f76a4
...
...
@@ -68,6 +68,7 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
import
com.sun.org.apache.xerces.internal.xpointer.XPointerHandler
;
import
com.sun.org.apache.xerces.internal.xpointer.XPointerProcessor
;
import
com.sun.org.apache.xerces.internal.utils.ObjectFactory
;
import
com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager
;
import
java.util.Objects
;
/**
...
...
@@ -231,13 +232,9 @@ public class XIncludeHandler
protected
static
final
String
PARSER_SETTINGS
=
Constants
.
XERCES_FEATURE_PREFIX
+
Constants
.
PARSER_SETTINGS
;
/** property identifier: access external dtd. */
protected
static
final
String
ACCESS_EXTERNAL_DTD
=
XMLConstants
.
ACCESS_EXTERNAL_DTD
;
/** access external dtd: file protocol
* For DOM/SAX, the secure feature is set to true by default
*/
final
static
String
EXTERNAL_ACCESS_DEFAULT
=
Constants
.
EXTERNAL_ACCESS_DEFAULT
;
/** property identifier: XML security property manager. */
protected
static
final
String
XML_SECURITY_PROPERTY_MANAGER
=
Constants
.
XML_SECURITY_PROPERTY_MANAGER
;
/** Recognized features. */
private
static
final
String
[]
RECOGNIZED_FEATURES
=
...
...
@@ -293,12 +290,7 @@ public class XIncludeHandler
protected
XMLErrorReporter
fErrorReporter
;
protected
XMLEntityResolver
fEntityResolver
;
protected
SecurityManager
fSecurityManager
;
/**
* comma-delimited list of protocols that are allowed for the purpose
* of accessing external dtd or entity references
*/
protected
String
fAccessExternalDTD
=
EXTERNAL_ACCESS_DEFAULT
;
protected
XMLSecurityPropertyManager
fSecurityPropertyMgr
;
// these are needed for text include processing
protected
XIncludeTextReader
fXInclude10TextReader
;
...
...
@@ -540,7 +532,8 @@ public class XIncludeHandler
fSecurityManager
=
null
;
}
fAccessExternalDTD
=
(
String
)
componentManager
.
getProperty
(
ACCESS_EXTERNAL_DTD
);
fSecurityPropertyMgr
=
(
XMLSecurityPropertyManager
)
componentManager
.
getProperty
(
Constants
.
XML_SECURITY_PROPERTY_MANAGER
);
// Get buffer size.
try
{
...
...
@@ -687,11 +680,13 @@ public class XIncludeHandler
}
return
;
}
if
(
propertyId
.
equals
(
ACCESS_EXTERNAL_DTD
))
{
fAccessExternalDTD
=
(
String
)
value
;
if
(
propertyId
.
equals
(
XML_SECURITY_PROPERTY_MANAGER
))
{
fSecurityPropertyMgr
=
(
XMLSecurityPropertyManager
)
value
;
if
(
fChildConfig
!=
null
)
{
fChildConfig
.
setProperty
(
propertyId
,
value
);
fChildConfig
.
setProperty
(
XML_SECURITY_PROPERTY_MANAGER
,
value
);
}
return
;
}
...
...
@@ -1652,7 +1647,7 @@ public class XIncludeHandler
if
(
fErrorReporter
!=
null
)
fChildConfig
.
setProperty
(
ERROR_REPORTER
,
fErrorReporter
);
if
(
fEntityResolver
!=
null
)
fChildConfig
.
setProperty
(
ENTITY_RESOLVER
,
fEntityResolver
);
fChildConfig
.
setProperty
(
SECURITY_MANAGER
,
fSecurityManager
);
fChildConfig
.
setProperty
(
ACCESS_EXTERNAL_DTD
,
fAccessExternalDTD
);
fChildConfig
.
setProperty
(
XML_SECURITY_PROPERTY_MANAGER
,
fSecurityPropertyMgr
);
fChildConfig
.
setProperty
(
BUFFER_SIZE
,
new
Integer
(
fBufferSize
));
// features must be copied to child configuration
...
...
jaxp/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java
浏览文件 @
787f76a4
...
...
@@ -140,12 +140,6 @@ public class XMLReaderManager {
// Try to carry on if we've got a parser that
// doesn't know about namespace prefixes.
}
try
{
reader
.
setProperty
(
XMLConstants
.
ACCESS_EXTERNAL_DTD
,
_accessExternalDTD
);
}
catch
(
SAXException
se
)
{
System
.
err
.
println
(
"Warning: "
+
reader
.
getClass
().
getName
()
+
": "
+
se
.
getMessage
());
}
}
catch
(
ParserConfigurationException
ex
)
{
throw
new
SAXException
(
ex
);
}
catch
(
FactoryConfigurationError
ex1
)
{
...
...
@@ -162,6 +156,14 @@ public class XMLReaderManager {
}
}
try
{
//reader is cached, but this property might have been reset
reader
.
setProperty
(
XMLConstants
.
ACCESS_EXTERNAL_DTD
,
_accessExternalDTD
);
}
catch
(
SAXException
se
)
{
System
.
err
.
println
(
"Warning: "
+
reader
.
getClass
().
getName
()
+
": "
+
se
.
getMessage
());
}
return
reader
;
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录