You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ni...@apache.org on 2014/08/18 15:21:23 UTC
git commit: CAMEL-7713 Set the Xerces SecurityManager for the
DocumentBuilderFactory by default
Repository: camel
Updated Branches:
refs/heads/master 6f8e98f48 -> b592f2967
CAMEL-7713 Set the Xerces SecurityManager for the DocumentBuilderFactory by default
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/b592f296
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/b592f296
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/b592f296
Branch: refs/heads/master
Commit: b592f2967798fc3fc21457dd54f0bc7e1d6e6743
Parents: 6f8e98f
Author: Willem Jiang <wi...@gmail.com>
Authored: Mon Aug 18 20:54:55 2014 +0800
Committer: Willem Jiang <wi...@gmail.com>
Committed: Mon Aug 18 20:55:14 2014 +0800
----------------------------------------------------------------------
.../org/apache/camel/converter/jaxp/XmlConverter.java | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/b592f296/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
index 4580c41..2543de5 100644
--- a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
+++ b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
@@ -957,7 +957,19 @@ public class XmlConverter {
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
} catch (ParserConfigurationException e) {
LOG.warn("DocumentBuilderFactory doesn't support the feature {} with value {}, due to {}."
- , new Object[]{"http://xml.org/sax/features/external-general-entities", true, e});
+ , new Object[]{"http://xml.org/sax/features/external-general-entities", false, e});
+ }
+ // setup the SecurityManager by default if it's apache xerces
+ try {
+ Class<?> smClass = ObjectHelper.loadClass("org.apache.xerces.util.SecurityManager");
+ if (smClass != null) {
+ Object sm = smClass.newInstance();
+ // Here we just use the default setting of the SeurityManager
+ factory.setAttribute("http://apache.org/xml/properties/security-manager", sm);
+ }
+ } catch (Exception e) {
+ LOG.warn("DocumentBuilderFactory doesn't support the attribute {} with value {}, due to {}."
+ , new Object[]{"http://apache.org/xml/properties/security-manager", true, e});
}
// setup the feature from the system property
setupFeatures(factory);