You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/04/06 13:06:11 UTC
cxf git commit: Set secure processing feature on all
TransformerFactories
Repository: cxf
Updated Branches:
refs/heads/master 435a0c7da -> 96d04323e
Set secure processing feature on all TransformerFactories
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/96d04323
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/96d04323
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/96d04323
Branch: refs/heads/master
Commit: 96d04323ed27f81de36b5b99913abde421a86bf2
Parents: 435a0c7
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Apr 6 12:05:54 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Apr 6 12:05:54 2016 +0100
----------------------------------------------------------------------
.../org/apache/cxf/profile/FastInfosetExperiment.java | 1 +
.../cxf/feature/transform/AbstractXSLTInterceptor.java | 12 ++++++++++--
.../java/org/apache/cxf/staxutils/StaxUtilsTest.java | 11 +++++++----
.../demo/colocated/client/DispatchSourceClient.java | 4 +++-
.../server/GreeterDOMSourcePayloadProvider.java | 4 +++-
.../src/main/java/demo/hw/client/Get.java | 4 +++-
.../src/main/java/demo/restful/client/Client.java | 4 +++-
.../org/apache/cxf/jaxrs/impl/ResponseImplTest.java | 6 ++++--
.../apache/cxf/jaxrs/provider/SourceProviderTest.java | 5 +++--
.../cxf/jaxws/handler/HandlerChainInvokerTest.java | 4 +++-
.../org/apache/cxf/javascript/JsXMLHttpRequest.java | 6 ++++--
.../org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java | 9 ++++++---
.../cxf/systest/handlers/HandlerInvocationTest.java | 4 ++--
.../systest/provider/AbstractSourcePayloadProvider.java | 4 +++-
.../systest/provider/HWSAXSourcePayloadProvider.java | 4 +++-
.../systest/provider/HWStreamSourcePayloadProvider.java | 4 +++-
.../apache/cxf/systest/provider/TestLogicalHandler.java | 4 +++-
.../provider/datasource/DataSourceProviderTest.java | 8 +++++---
.../java/org/apache/cxf/systest/ws/rm/SequenceTest.java | 7 ++++---
.../cxf/systest/ws/security/WSSecurityClientTest.java | 9 +++++----
.../jaxwsmm/MessageProviderWithAddressingPolicy.java | 5 +++--
.../tools/common/toolspec/parser/CommandLineParser.java | 4 +++-
22 files changed, 84 insertions(+), 39 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/benchmark/profiling/src/main/java/org/apache/cxf/profile/FastInfosetExperiment.java
----------------------------------------------------------------------
diff --git a/benchmark/profiling/src/main/java/org/apache/cxf/profile/FastInfosetExperiment.java b/benchmark/profiling/src/main/java/org/apache/cxf/profile/FastInfosetExperiment.java
index 23ee83e..4c35e21 100644
--- a/benchmark/profiling/src/main/java/org/apache/cxf/profile/FastInfosetExperiment.java
+++ b/benchmark/profiling/src/main/java/org/apache/cxf/profile/FastInfosetExperiment.java
@@ -64,6 +64,7 @@ public class FastInfosetExperiment {
private FastInfosetExperiment() throws ParserConfigurationException {
documentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
fiFile = new File("fiTest.fixml");
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/core/src/main/java/org/apache/cxf/feature/transform/AbstractXSLTInterceptor.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/feature/transform/AbstractXSLTInterceptor.java b/core/src/main/java/org/apache/cxf/feature/transform/AbstractXSLTInterceptor.java
index b18ffcf..4259220 100644
--- a/core/src/main/java/org/apache/cxf/feature/transform/AbstractXSLTInterceptor.java
+++ b/core/src/main/java/org/apache/cxf/feature/transform/AbstractXSLTInterceptor.java
@@ -41,7 +41,15 @@ import org.apache.cxf.staxutils.StaxUtils;
* Creates an XMLStreamReader from the InputStream on the Message.
*/
public abstract class AbstractXSLTInterceptor extends AbstractPhaseInterceptor<Message> {
- private static final TransformerFactory TRANSFORM_FACTORIY = TransformerFactory.newInstance();
+ private static final TransformerFactory TRANSFORM_FACTORY = TransformerFactory.newInstance();
+
+ static {
+ try {
+ TRANSFORM_FACTORY.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ } catch (javax.xml.transform.TransformerConfigurationException ex) {
+ //
+ }
+ }
private String contextPropertyName;
private final Templates xsltTemplate;
@@ -61,7 +69,7 @@ public abstract class AbstractXSLTInterceptor extends AbstractPhaseInterceptor<M
throw new IllegalArgumentException("Cannot load XSLT from path: " + xsltPath);
}
Document doc = StaxUtils.read(xsltStream);
- xsltTemplate = TRANSFORM_FACTORIY.newTemplates(new DOMSource(doc));
+ xsltTemplate = TRANSFORM_FACTORY.newTemplates(new DOMSource(doc));
} catch (TransformerConfigurationException e) {
throw new IllegalArgumentException(
String.format("Cannot create XSLT template from path: %s, error: ",
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/core/src/test/java/org/apache/cxf/staxutils/StaxUtilsTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/cxf/staxutils/StaxUtilsTest.java b/core/src/test/java/org/apache/cxf/staxutils/StaxUtilsTest.java
index 8f680f7..818d262 100644
--- a/core/src/test/java/org/apache/cxf/staxutils/StaxUtilsTest.java
+++ b/core/src/test/java/org/apache/cxf/staxutils/StaxUtilsTest.java
@@ -314,8 +314,9 @@ public class StaxUtilsTest extends Assert {
XMLStreamReader reader = StaxUtils.createXMLStreamReader(source);
XMLStreamWriter writer = StaxUtils.createXMLStreamWriter(baos);
StaxSource staxSource = new StaxSource(reader);
- TransformerFactory trf = TransformerFactory.newInstance();
- Transformer transformer = trf.newTransformer();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer transformer = transformerFactory.newTransformer();
transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
transformer.transform(staxSource, new StreamResult(baos));
writer.flush();
@@ -332,9 +333,10 @@ public class StaxUtilsTest extends Assert {
XMLStreamReader reader = StaxUtils.createXMLStreamReader(stringReader);
XMLStreamWriter writer = StaxUtils.createXMLStreamWriter(baos);
StaxSource staxSource = new StaxSource(reader);
- TransformerFactory trf = TransformerFactory.newInstance();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
Document doc = StaxUtils.read(getTestStream("./resources/copy.xsl"));
- Transformer transformer = trf.newTransformer(new DOMSource(doc));
+ Transformer transformer = transformerFactory.newTransformer(new DOMSource(doc));
//System.out.println("Used transformer: " + transformer.getClass().getName());
transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
transformer.transform(staxSource, new StreamResult(baos));
@@ -349,6 +351,7 @@ public class StaxUtilsTest extends Assert {
try {
trf = TransformerFactory
.newInstance("com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl", null);
+ trf.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
String xml = "<root xmlns=\"urn:org.apache.cxf:test\">Text</root>";
StringReader stringReader = new StringReader(xml);
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/distribution/src/main/release/samples/in_jvm_transport/src/main/java/demo/colocated/client/DispatchSourceClient.java
----------------------------------------------------------------------
diff --git a/distribution/src/main/release/samples/in_jvm_transport/src/main/java/demo/colocated/client/DispatchSourceClient.java b/distribution/src/main/release/samples/in_jvm_transport/src/main/java/demo/colocated/client/DispatchSourceClient.java
index 8b728eb..181b931 100755
--- a/distribution/src/main/release/samples/in_jvm_transport/src/main/java/demo/colocated/client/DispatchSourceClient.java
+++ b/distribution/src/main/release/samples/in_jvm_transport/src/main/java/demo/colocated/client/DispatchSourceClient.java
@@ -111,7 +111,9 @@ public final class DispatchSourceClient {
}
private static String decodeSource(Source source, String uri, String name) throws Exception {
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer transformer = transformerFactory.newTransformer();
ContentHandler handler = new ContentHandler(uri, name);
transformer.transform(source, new SAXResult(handler));
return handler.getValue();
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/distribution/src/main/release/samples/jaxws_dispatch_provider/src/main/java/demo/hwDispatch/server/GreeterDOMSourcePayloadProvider.java
----------------------------------------------------------------------
diff --git a/distribution/src/main/release/samples/jaxws_dispatch_provider/src/main/java/demo/hwDispatch/server/GreeterDOMSourcePayloadProvider.java b/distribution/src/main/release/samples/jaxws_dispatch_provider/src/main/java/demo/hwDispatch/server/GreeterDOMSourcePayloadProvider.java
index 1383491..5d6ba88 100644
--- a/distribution/src/main/release/samples/jaxws_dispatch_provider/src/main/java/demo/hwDispatch/server/GreeterDOMSourcePayloadProvider.java
+++ b/distribution/src/main/release/samples/jaxws_dispatch_provider/src/main/java/demo/hwDispatch/server/GreeterDOMSourcePayloadProvider.java
@@ -41,7 +41,9 @@ public class GreeterDOMSourcePayloadProvider implements Provider<DOMSource> {
DOMSource response = new DOMSource();
try {
System.out.println("Incoming Client Request as a DOMSource data in PAYLOAD Mode");
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer transformer = transformerFactory.newTransformer();
StreamResult result = new StreamResult(System.out);
transformer.transform(request, result);
System.out.println("\n");
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/distribution/src/main/release/samples/js_browser_client_simple/src/main/java/demo/hw/client/Get.java
----------------------------------------------------------------------
diff --git a/distribution/src/main/release/samples/js_browser_client_simple/src/main/java/demo/hw/client/Get.java b/distribution/src/main/release/samples/js_browser_client_simple/src/main/java/demo/hw/client/Get.java
index 85b83d0..92f04c4 100644
--- a/distribution/src/main/release/samples/js_browser_client_simple/src/main/java/demo/hw/client/Get.java
+++ b/distribution/src/main/release/samples/js_browser_client_simple/src/main/java/demo/hw/client/Get.java
@@ -99,7 +99,9 @@ public final class Get {
try {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
StreamResult sr = new StreamResult(bos);
- Transformer trans = TransformerFactory.newInstance().newTransformer();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer transformer = transformerFactory.newTransformer();
Properties oprops = new Properties();
oprops.put(OutputKeys.OMIT_XML_DECLARATION, "yes");
trans.setOutputProperties(oprops);
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/distribution/src/main/release/samples/restful_dispatch/src/main/java/demo/restful/client/Client.java
----------------------------------------------------------------------
diff --git a/distribution/src/main/release/samples/restful_dispatch/src/main/java/demo/restful/client/Client.java b/distribution/src/main/release/samples/restful_dispatch/src/main/java/demo/restful/client/Client.java
index 60bcb56..7f99764 100644
--- a/distribution/src/main/release/samples/restful_dispatch/src/main/java/demo/restful/client/Client.java
+++ b/distribution/src/main/release/samples/restful_dispatch/src/main/java/demo/restful/client/Client.java
@@ -92,7 +92,9 @@ public final class Client {
try {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
StreamResult sr = new StreamResult(bos);
- Transformer trans = TransformerFactory.newInstance().newTransformer();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer transformer = transformerFactory.newTransformer();
Properties oprops = new Properties();
oprops.put(OutputKeys.OMIT_XML_DECLARATION, "yes");
trans.setOutputProperties(oprops);
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/ResponseImplTest.java
----------------------------------------------------------------------
diff --git a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/ResponseImplTest.java b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/ResponseImplTest.java
index d409072..72d90d5 100644
--- a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/ResponseImplTest.java
+++ b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/ResponseImplTest.java
@@ -89,9 +89,11 @@ public class ResponseImplTest extends Assert {
public void testReadBufferedStaxSource() throws Exception {
ResponseImpl r = new ResponseImpl(200);
Source responseSource = readResponseSource(r);
- Transformer trans = TransformerFactory.newInstance().newTransformer();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer transformer = transformerFactory.newTransformer();
DOMResult res = new DOMResult();
- trans.transform(responseSource, res);
+ transformer.transform(responseSource, res);
Document doc = (Document)res.getNode();
assertEquals("Response", doc.getDocumentElement().getLocalName());
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/SourceProviderTest.java
----------------------------------------------------------------------
diff --git a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/SourceProviderTest.java b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/SourceProviderTest.java
index aab4cae..f881cf0 100644
--- a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/SourceProviderTest.java
+++ b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/SourceProviderTest.java
@@ -100,8 +100,9 @@ public class SourceProviderTest extends Assert {
Source source = p.readFrom(Source.class,
null, null, null, null, is);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
- TransformerFactory.newInstance().newTransformer()
- .transform(source, new StreamResult(bos));
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ transformerFactory.newTransformer().transform(source, new StreamResult(bos));
assertTrue(bos.toString().contains("test2"));
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/handler/HandlerChainInvokerTest.java
----------------------------------------------------------------------
diff --git a/rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/handler/HandlerChainInvokerTest.java b/rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/handler/HandlerChainInvokerTest.java
index 3080ebc..99082ef 100644
--- a/rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/handler/HandlerChainInvokerTest.java
+++ b/rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/handler/HandlerChainInvokerTest.java
@@ -999,7 +999,9 @@ public class HandlerChainInvokerTest extends Assert {
String result = "";
try {
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer transformer = transformerFactory.newTransformer();
transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
transformer.setOutputProperty(OutputKeys.METHOD, "xml");
OutputStream out = new ByteArrayOutputStream();
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/rt/javascript/javascript-tests/src/test/java/org/apache/cxf/javascript/JsXMLHttpRequest.java
----------------------------------------------------------------------
diff --git a/rt/javascript/javascript-tests/src/test/java/org/apache/cxf/javascript/JsXMLHttpRequest.java b/rt/javascript/javascript-tests/src/test/java/org/apache/cxf/javascript/JsXMLHttpRequest.java
index ec1b5df..219c819 100644
--- a/rt/javascript/javascript-tests/src/test/java/org/apache/cxf/javascript/JsXMLHttpRequest.java
+++ b/rt/javascript/javascript-tests/src/test/java/org/apache/cxf/javascript/JsXMLHttpRequest.java
@@ -456,7 +456,9 @@ public class JsXMLHttpRequest extends ScriptableObject {
StreamResult result = new StreamResult(baos);
DOMSource source = new DOMSource(node);
try {
- TransformerFactory.newInstance().newTransformer().transform(source, result);
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ transformerFactory.newTransformer().transform(source, result);
} catch (TransformerConfigurationException e) {
throw new RuntimeException(e);
} catch (TransformerException e) {
@@ -672,4 +674,4 @@ public class JsXMLHttpRequest extends ScriptableObject {
return doGetStatusText();
}
}
-
\ No newline at end of file
+
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java
----------------------------------------------------------------------
diff --git a/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java b/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java
index 1d2e75b..a110e3c 100644
--- a/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java
+++ b/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java
@@ -1227,14 +1227,17 @@ public class WadlGenerator implements ContainerRequestFilter {
DOMSource domSource = new DOMSource(wadlDoc);
// temporary workaround
StringWriter stringWriter = new StringWriter();
- TransformerFactory tFactory = TransformerFactory.newInstance();
- Transformer transformer = tFactory.newTransformer();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer transformer = transformerFactory.newTransformer();
transformer.transform(domSource, new StreamResult(stringWriter));
return stringWriter.toString();
}
private String transformLocally(Message m, UriInfo ui, Source source) throws Exception {
InputStream is = ResourceUtils.getResourceStream(stylesheetReference, m.getExchange().getBus());
- Transformer t = TransformerFactory.newInstance().newTemplates(new StreamSource(is)).newTransformer();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer t = transformerFactory.newTemplates(new StreamSource(is)).newTransformer();
t.setParameter("base.path", (String)m.get("http.base.path"));
StringWriter stringWriter = new StringWriter();
t.transform(source, new StreamResult(stringWriter));
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/systests/jaxws/src/test/java/org/apache/cxf/systest/handlers/HandlerInvocationTest.java
----------------------------------------------------------------------
diff --git a/systests/jaxws/src/test/java/org/apache/cxf/systest/handlers/HandlerInvocationTest.java b/systests/jaxws/src/test/java/org/apache/cxf/systest/handlers/HandlerInvocationTest.java
index 369f052..2b922c9 100644
--- a/systests/jaxws/src/test/java/org/apache/cxf/systest/handlers/HandlerInvocationTest.java
+++ b/systests/jaxws/src/test/java/org/apache/cxf/systest/handlers/HandlerInvocationTest.java
@@ -1011,8 +1011,8 @@ public class HandlerInvocationTest extends AbstractBusClientServerTestBase {
throws TransformerException {
StringWriter stringWriter = new StringWriter();
StreamResult streamResult = new StreamResult(stringWriter);
- TransformerFactory transformerFactory =
- TransformerFactory.newInstance();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer = transformerFactory.newTransformer();
transformer.setOutputProperty(OutputKeys.INDENT, "no");
transformer.setOutputProperty(
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/AbstractSourcePayloadProvider.java
----------------------------------------------------------------------
diff --git a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/AbstractSourcePayloadProvider.java b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/AbstractSourcePayloadProvider.java
index 4060b69..d6842d0 100644
--- a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/AbstractSourcePayloadProvider.java
+++ b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/AbstractSourcePayloadProvider.java
@@ -117,7 +117,9 @@ public abstract class AbstractSourcePayloadProvider implements SourceProvider {
public static String getSourceAsString(Source s) throws Exception {
try {
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer transformer = transformerFactory.newTransformer();
transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
transformer.setOutputProperty(OutputKeys.METHOD, "xml");
Writer out = new StringWriter();
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWSAXSourcePayloadProvider.java
----------------------------------------------------------------------
diff --git a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWSAXSourcePayloadProvider.java b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWSAXSourcePayloadProvider.java
index 0f16067..01b151c 100644
--- a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWSAXSourcePayloadProvider.java
+++ b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWSAXSourcePayloadProvider.java
@@ -92,7 +92,9 @@ public class HWSAXSourcePayloadProvider implements Provider<SAXSource> {
try {
DOMResult domResult = new DOMResult();
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer transformer = transformerFactory.newTransformer();
transformer.transform(request, domResult);
Node n = domResult.getNode().getFirstChild();
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWStreamSourcePayloadProvider.java
----------------------------------------------------------------------
diff --git a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWStreamSourcePayloadProvider.java b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWStreamSourcePayloadProvider.java
index bebef77..ee1cff1 100644
--- a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWStreamSourcePayloadProvider.java
+++ b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWStreamSourcePayloadProvider.java
@@ -91,7 +91,9 @@ public class HWStreamSourcePayloadProvider implements Provider<StreamSource> {
StreamSource response = new StreamSource();
try {
DOMResult domResult = new DOMResult();
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer transformer = transformerFactory.newTransformer();
transformer.transform(request, domResult);
Node n = domResult.getNode().getFirstChild();
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/TestLogicalHandler.java
----------------------------------------------------------------------
diff --git a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/TestLogicalHandler.java b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/TestLogicalHandler.java
index 9789cc2..11141ce 100644
--- a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/TestLogicalHandler.java
+++ b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/TestLogicalHandler.java
@@ -70,7 +70,9 @@ public class TestLogicalHandler implements LogicalHandler<LogicalMessageContext>
}
public static String getSourceAsString(Source s) throws Exception {
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer transformer = transformerFactory.newTransformer();
transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
transformer.setOutputProperty(OutputKeys.METHOD, "xml");
Writer out = new StringWriter();
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/datasource/DataSourceProviderTest.java
----------------------------------------------------------------------
diff --git a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/datasource/DataSourceProviderTest.java b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/datasource/DataSourceProviderTest.java
index de3d0e3..792fa8e 100644
--- a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/datasource/DataSourceProviderTest.java
+++ b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/datasource/DataSourceProviderTest.java
@@ -104,11 +104,13 @@ public class DataSourceProviderTest extends AbstractBusClientServerTestBase {
try {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
StreamResult sr = new StreamResult(bos);
- Transformer trans = TransformerFactory.newInstance().newTransformer();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer transformer = transformerFactory.newTransformer();
Properties oprops = new Properties();
oprops.put(OutputKeys.OMIT_XML_DECLARATION, "yes");
- trans.setOutputProperties(oprops);
- trans.transform(source, sr);
+ transformer.setOutputProperties(oprops);
+ transformer.transform(source, sr);
assertEquals(bos.toString(), "<doc><response>Hello</response></doc>");
bos.close();
} catch (Exception e) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/systests/ws-rm/src/test/java/org/apache/cxf/systest/ws/rm/SequenceTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-rm/src/test/java/org/apache/cxf/systest/ws/rm/SequenceTest.java b/systests/ws-rm/src/test/java/org/apache/cxf/systest/ws/rm/SequenceTest.java
index 346a0f6..fbd3239 100644
--- a/systests/ws-rm/src/test/java/org/apache/cxf/systest/ws/rm/SequenceTest.java
+++ b/systests/ws-rm/src/test/java/org/apache/cxf/systest/ws/rm/SequenceTest.java
@@ -1660,10 +1660,11 @@ public class SequenceTest extends AbstractBusClientServerTestBase {
private static String convertToString(DOMSource domSource)
throws TransformerException {
- Transformer xformer =
- TransformerFactory.newInstance().newTransformer();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer transformer = transformerFactory.newTransformer();
StringWriter output = new StringWriter();
- xformer.transform(domSource, new StreamResult(output));
+ transformer.transform(domSource, new StreamResult(output));
return output.toString();
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java
index b738986..3e21958 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java
@@ -402,12 +402,13 @@ public class WSSecurityClientTest extends AbstractBusClientServerTestBase {
private static String source2String(Source source) throws Exception {
final java.io.ByteArrayOutputStream bos = new java.io.ByteArrayOutputStream();
final StreamResult sr = new StreamResult(bos);
- final Transformer trans =
- TransformerFactory.newInstance().newTransformer();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer transformer = transformerFactory.newTransformer();
final java.util.Properties oprops = new java.util.Properties();
oprops.put(OutputKeys.OMIT_XML_DECLARATION, "yes");
- trans.setOutputProperties(oprops);
- trans.transform(source, sr);
+ transformer.setOutputProperties(oprops);
+ transformer.transform(source, sr);
return bos.toString();
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/addr_wsdl/jaxwsmm/MessageProviderWithAddressingPolicy.java
----------------------------------------------------------------------
diff --git a/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/addr_wsdl/jaxwsmm/MessageProviderWithAddressingPolicy.java b/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/addr_wsdl/jaxwsmm/MessageProviderWithAddressingPolicy.java
index 9b3975a..d8f0ed1 100644
--- a/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/addr_wsdl/jaxwsmm/MessageProviderWithAddressingPolicy.java
+++ b/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/addr_wsdl/jaxwsmm/MessageProviderWithAddressingPolicy.java
@@ -51,12 +51,13 @@ public class MessageProviderWithAddressingPolicy implements Provider<Source> {
}
public Source invoke(Source request) {
- TransformerFactory tfactory = TransformerFactory.newInstance();
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
try {
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
/*
tfactory.setAttribute("indent-number", "2");
*/
- Transformer serializer = tfactory.newTransformer();
+ Transformer serializer = transformerFactory.newTransformer();
// Setup indenting to "pretty print"
serializer.setOutputProperty(OutputKeys.INDENT, "yes");
serializer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "2");
http://git-wip-us.apache.org/repos/asf/cxf/blob/96d04323/tools/common/src/main/java/org/apache/cxf/tools/common/toolspec/parser/CommandLineParser.java
----------------------------------------------------------------------
diff --git a/tools/common/src/main/java/org/apache/cxf/tools/common/toolspec/parser/CommandLineParser.java b/tools/common/src/main/java/org/apache/cxf/tools/common/toolspec/parser/CommandLineParser.java
index 852b76d..7da11ef 100644
--- a/tools/common/src/main/java/org/apache/cxf/tools/common/toolspec/parser/CommandLineParser.java
+++ b/tools/common/src/main/java/org/apache/cxf/tools/common/toolspec/parser/CommandLineParser.java
@@ -178,7 +178,9 @@ public class CommandLineParser {
// output the result document
if (LOG.isLoggable(Level.FINE)) {
try {
- Transformer serializer = TransformerFactory.newInstance()
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ Transformer serializer = transformerFactory.newInstance()
.newTransformer(
new StreamSource(Tool.class
.getResourceAsStream("indent-no-xml-declaration.xsl")));