You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ni...@apache.org on 2014/08/18 15:21:23 UTC
git commit: CAMEL-7713 Set the Xerces SecurityManager for the DocumentBuilderFactory by default

Repository: camel
Updated Branches:
  refs/heads/master 6f8e98f48 -> b592f2967


CAMEL-7713 Set the Xerces SecurityManager for the DocumentBuilderFactory by default


Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/b592f296
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/b592f296
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/b592f296

Branch: refs/heads/master
Commit: b592f2967798fc3fc21457dd54f0bc7e1d6e6743
Parents: 6f8e98f
Author: Willem Jiang <wi...@gmail.com>
Authored: Mon Aug 18 20:54:55 2014 +0800
Committer: Willem Jiang <wi...@gmail.com>
Committed: Mon Aug 18 20:55:14 2014 +0800

----------------------------------------------------------------------
 .../org/apache/camel/converter/jaxp/XmlConverter.java | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/camel/blob/b592f296/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
index 4580c41..2543de5 100644
--- a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
+++ b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
@@ -957,7 +957,19 @@ public class XmlConverter {
             factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
         } catch (ParserConfigurationException e) {
             LOG.warn("DocumentBuilderFactory doesn't support the feature {} with value {}, due to {}."
-                     , new Object[]{"http://xml.org/sax/features/external-general-entities", true, e});
+                     , new Object[]{"http://xml.org/sax/features/external-general-entities", false, e});
+        }
+        // setup the SecurityManager by default if it's apache xerces
+        try {
+            Class<?> smClass = ObjectHelper.loadClass("org.apache.xerces.util.SecurityManager");
+            if (smClass != null) {
+                Object sm = smClass.newInstance();
+                // Here we just use the default setting of the SeurityManager
+                factory.setAttribute("http://apache.org/xml/properties/security-manager", sm);
+            }
+        } catch (Exception e) {
+            LOG.warn("DocumentBuilderFactory doesn't support the attribute {} with value {}, due to {}."
+                     , new Object[]{"http://apache.org/xml/properties/security-manager", true, e});
         }
         // setup the feature from the system property
         setupFeatures(factory);