You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@xerces.apache.org by mr...@apache.org on 2005/06/10 05:20:41 UTC
cvs commit: xml-xerces/java/src/org/apache/xerces/jaxp SAXParserFactoryImpl.java SAXParserImpl.java DocumentBuilderFactoryImpl.java DocumentBuilderImpl.java
mrglavas 2005/06/09 20:20:41
Modified: java/src/org/apache/xerces/jaxp SAXParserFactoryImpl.java
SAXParserImpl.java DocumentBuilderFactoryImpl.java
DocumentBuilderImpl.java
Log:
Adding support for the secure processing feature. In the JAXP 1.3
RI it's stored in the feature Hashtable which requires special
handling not to propogate the feature to the underlying parser.
To simplify the logic here we just pass the feature to the parser
constructors as a boolean.
Revision Changes Path
1.12 +25 -6 xml-xerces/java/src/org/apache/xerces/jaxp/SAXParserFactoryImpl.java
Index: SAXParserFactoryImpl.java
===================================================================
RCS file: /home/cvs/xml-xerces/java/src/org/apache/xerces/jaxp/SAXParserFactoryImpl.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- SAXParserFactoryImpl.java 10 Jun 2005 01:57:35 -0000 1.11
+++ SAXParserFactoryImpl.java 10 Jun 2005 03:20:41 -0000 1.12
@@ -18,6 +18,7 @@
import java.util.Hashtable;
+import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
@@ -41,6 +42,11 @@
private Hashtable features;
private Schema grammar;
private boolean isXIncludeAware;
+
+ /**
+ * State of the secure processing feature, initially <code>false</code>
+ */
+ private boolean fSecureProcess = false;
/**
* Creates a new instance of <code>SAXParser</code> using the currently
@@ -52,7 +58,7 @@
{
SAXParser saxParserImpl;
try {
- saxParserImpl = new SAXParserImpl(this, features);
+ saxParserImpl = new SAXParserImpl(this, features, fSecureProcess);
} catch (SAXException se) {
// Translate to ParserConfigurationException
throw new ParserConfigurationException(se.getMessage());
@@ -86,8 +92,16 @@
*/
public void setFeature(String name, boolean value)
throws ParserConfigurationException, SAXNotRecognizedException,
- SAXNotSupportedException
- {
+ SAXNotSupportedException {
+ if (name == null) {
+ throw new NullPointerException();
+ }
+ // If this is the secure processing feature, save it then return.
+ if (name.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) {
+ fSecureProcess = value;
+ return;
+ }
+
// XXX This is ugly. We have to collect the features and then
// later create an XMLReader to verify the features.
if (features == null) {
@@ -113,8 +127,13 @@
*/
public boolean getFeature(String name)
throws ParserConfigurationException, SAXNotRecognizedException,
- SAXNotSupportedException
- {
+ SAXNotSupportedException {
+ if (name == null) {
+ throw new NullPointerException();
+ }
+ if (name.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) {
+ return fSecureProcess;
+ }
// Check for valid name by creating a dummy XMLReader to get
// feature value
return newSAXParserImpl().getXMLReader().getFeature(name);
1.26 +21 -2 xml-xerces/java/src/org/apache/xerces/jaxp/SAXParserImpl.java
Index: SAXParserImpl.java
===================================================================
RCS file: /home/cvs/xml-xerces/java/src/org/apache/xerces/jaxp/SAXParserImpl.java,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- SAXParserImpl.java 10 Jun 2005 02:38:18 -0000 1.25
+++ SAXParserImpl.java 10 Jun 2005 03:20:41 -0000 1.26
@@ -30,6 +30,7 @@
import org.xml.sax.XMLReader;
import org.apache.xerces.util.SAXMessageFormatter;
+import org.apache.xerces.util.SecurityManager;
import org.apache.xerces.xs.AttributePSVI;
import org.apache.xerces.xs.ElementPSVI;
import org.apache.xerces.xs.PSVIProvider;
@@ -65,6 +66,10 @@
/** Feature identifier: XInclude processing */
private static final String XINCLUDE_FEATURE =
Constants.XERCES_FEATURE_PREFIX + Constants.XINCLUDE_FEATURE;
+
+ /** Property identifier: security manager. */
+ private static final String SECURITY_MANAGER =
+ Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
private XMLReader xmlReader;
private String schemaLanguage = null; // null means DTD
@@ -74,7 +79,16 @@
* Create a SAX parser with the associated features
* @param features Hashtable of SAX features, may be null
*/
- SAXParserImpl(SAXParserFactory spf, Hashtable features)
+ SAXParserImpl(SAXParserFactory spf, Hashtable features)
+ throws SAXException {
+ this(spf, features, false);
+ }
+
+ /**
+ * Create a SAX parser with the associated features
+ * @param features Hashtable of SAX features, may be null
+ */
+ SAXParserImpl(SAXParserFactory spf, Hashtable features, boolean secureProcessing)
throws SAXException
{
// Instantiate a SAXParser directly and not through SAX so that we
@@ -107,6 +121,11 @@
xmlReader.setFeature(XINCLUDE_FEATURE, true);
}
+ // If the secure processing feature is on set a security manager.
+ if (secureProcessing) {
+ xmlReader.setProperty(SECURITY_MANAGER, new SecurityManager());
+ }
+
this.grammar = spf.getSchema();
setFeatures(features);
1.17 +30 -11 xml-xerces/java/src/org/apache/xerces/jaxp/DocumentBuilderFactoryImpl.java
Index: DocumentBuilderFactoryImpl.java
===================================================================
RCS file: /home/cvs/xml-xerces/java/src/org/apache/xerces/jaxp/DocumentBuilderFactoryImpl.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- DocumentBuilderFactoryImpl.java 10 Jun 2005 01:57:35 -0000 1.16
+++ DocumentBuilderFactoryImpl.java 10 Jun 2005 03:20:41 -0000 1.17
@@ -16,16 +16,18 @@
package org.apache.xerces.jaxp;
-import javax.xml.parsers.DocumentBuilderFactory;
+import java.util.Hashtable;
+import java.util.Locale;
+
+import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.validation.Schema;
-import org.xml.sax.SAXException;
-
-import java.util.Hashtable;
-
import org.apache.xerces.parsers.DOMParser;
+import org.apache.xerces.util.SAXMessageFormatter;
+import org.xml.sax.SAXException;
/**
* @author Rajiv Mordani
@@ -37,6 +39,11 @@
private Hashtable attributes;
private Schema grammar;
private boolean isXIncludeAware;
+
+ /**
+ * State of the secure processing feature, initially <code>false</code>
+ */
+ private boolean fSecureProcess = false;
/**
* Creates a new instance of a {@link javax.xml.parsers.DocumentBuilder}
@@ -46,7 +53,7 @@
throws ParserConfigurationException
{
try {
- return new DocumentBuilderImpl(this, attributes);
+ return new DocumentBuilderImpl(this, attributes, fSecureProcess);
} catch (SAXException se) {
// Handles both SAXNotSupportedException, SAXNotRecognizedException
throw new ParserConfigurationException(se.getMessage());
@@ -141,13 +148,25 @@
this.isXIncludeAware = state;
}
- // TODO: Add in implementation. This is just a stub so that the code complies with JAXP 1.3.
public boolean getFeature(String name)
throws ParserConfigurationException {
- return false;
+ if (name.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) {
+ return fSecureProcess;
+ }
+ throw new ParserConfigurationException(
+ SAXMessageFormatter.formatMessage(Locale.getDefault(),
+ "feature-not-supported", new Object [] {name}));
}
- // TODO: Add in implementation. This is just a stub so that the code complies with JAXP 1.3.
public void setFeature(String name, boolean value)
- throws ParserConfigurationException {}
+ throws ParserConfigurationException {
+ // If this is the secure processing feature, save it then return.
+ if (name.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) {
+ fSecureProcess = value;
+ return;
+ }
+ throw new ParserConfigurationException(
+ SAXMessageFormatter.formatMessage(Locale.getDefault(),
+ "feature-not-supported", new Object [] {name}));
+ }
}
1.27 +17 -2 xml-xerces/java/src/org/apache/xerces/jaxp/DocumentBuilderImpl.java
Index: DocumentBuilderImpl.java
===================================================================
RCS file: /home/cvs/xml-xerces/java/src/org/apache/xerces/jaxp/DocumentBuilderImpl.java,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- DocumentBuilderImpl.java 10 Jun 2005 02:38:18 -0000 1.26
+++ DocumentBuilderImpl.java 10 Jun 2005 03:20:41 -0000 1.27
@@ -28,6 +28,7 @@
import org.apache.xerces.dom.DOMMessageFormatter;
import org.apache.xerces.impl.Constants;
import org.apache.xerces.parsers.DOMParser;
+import org.apache.xerces.util.SecurityManager;
import org.w3c.dom.DOMImplementation;
import org.w3c.dom.Document;
import org.xml.sax.EntityResolver;
@@ -77,10 +78,19 @@
private static final String VALIDATION_FEATURE =
Constants.SAX_FEATURE_PREFIX + Constants.VALIDATION_FEATURE;
+ /** Property identifier: security manager. */
+ private static final String SECURITY_MANAGER =
+ Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
+
private DOMParser domParser = null;
private final Schema grammar;
-
+
DocumentBuilderImpl(DocumentBuilderFactory dbf, Hashtable dbfAttrs)
+ throws SAXNotRecognizedException, SAXNotSupportedException {
+ this(dbf, dbfAttrs, false);
+ }
+
+ DocumentBuilderImpl(DocumentBuilderFactory dbf, Hashtable dbfAttrs, boolean secureProcessing)
throws SAXNotRecognizedException, SAXNotSupportedException
{
domParser = new DOMParser();
@@ -114,6 +124,11 @@
domParser.setFeature(XINCLUDE_FEATURE, true);
}
+ // If the secure processing feature is on set a security manager.
+ if (secureProcessing) {
+ domParser.setProperty(SECURITY_MANAGER, new SecurityManager());
+ }
+
this.grammar = dbf.getSchema();
setDocumentBuilderFactoryAttributes(dbfAttrs);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@xerces.apache.org
For additional commands, e-mail: commits-help@xerces.apache.org