8149029: Secure validation of XML based digital signature always enabled when...

8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks Summary: Trigger xml digsig validation based on value of property org.jcp.xml.dsig.secureValidation Reviewed-by: mullan Contributed-by: bhanu.prakash.gopularam@oracle.com

8149029: Secure validation of XML based digital signature always enabled when...
8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks Summary: Trigger xml digsig validation based on value of property org.jcp.xml.dsig.secureValidation Reviewed-by: mullan Contributed-by: bhanu.prakash.gopularam@oracle.com
ac729b08 · bgopularam · ae324003 · ac729b08
隐藏空白更改
内联并排

Showing with 3 addition and 2 deletion

src/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java ...ses/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java +3 -2

未找到文件。
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMURIDereferencer.java
@@ -21,7 +21,7 @@
 * under the License.
 */
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
 */
 /*
 * $Id: DOMURIDereferencer.java 1231033 2012-01-13 12:12:12Z coheigea $
@@ -111,7 +111,8 @@ public class DOMURIDereferencer implements URIDereferencer {
        try {
            ResourceResolver apacheResolver =
                ResourceResolver.getInstance(uriAttr, baseURI, secVal);
-            XMLSignatureInput in = apacheResolver.resolve(uriAttr, baseURI);
+            XMLSignatureInput in = apacheResolver.resolve(uriAttr,
+                                                          baseURI, secVal);
            if (in.isOctetStream()) {
                return new ApacheOctetStreamData(in);
            } else {