You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/10/04 10:22:22 UTC
[cxf] branch master updated: Setting secure processing to true for
DOMUtils
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 959a067 Setting secure processing to true for DOMUtils
959a067 is described below
commit 959a067ef27ff94b38aea5670418998a1add9999
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Oct 4 11:22:02 2017 +0100
Setting secure processing to true for DOMUtils
---
.../main/java/org/apache/cxf/helpers/DOMUtils.java | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java b/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java
index 7766295..c9d000e 100644
--- a/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java
+++ b/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java
@@ -62,12 +62,12 @@ public final class DOMUtils {
private static final Map<ClassLoader, DocumentBuilder> DOCUMENT_BUILDERS
= Collections.synchronizedMap(new WeakHashMap<ClassLoader, DocumentBuilder>());
private static final String XMLNAMESPACE = "xmlns";
-
-
-
+
+
+
static {
if (System.getProperty("java.version").startsWith("9")) {
-
+
try {
Method[] methods = DOMUtils.class.getClassLoader().
loadClass("com.sun.xml.internal.messaging.saaj.soap.SOAPDocumentImpl").getMethods();
@@ -82,7 +82,7 @@ public final class DOMUtils {
LogUtils.getL7dLogger(DOMUtils.class).finest(
"can't load class com.sun.xml.internal.messaging.saaj.soap.SOAPDocumentImpl");
}
-
+
}
}
@@ -95,12 +95,16 @@ public final class DOMUtils {
loader = getClassLoader(DOMUtils.class);
}
if (loader == null) {
- return DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
+ f.setNamespaceAware(true);
+ f.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ return f.newDocumentBuilder();
}
DocumentBuilder factory = DOCUMENT_BUILDERS.get(loader);
if (factory == null) {
DocumentBuilderFactory f2 = DocumentBuilderFactory.newInstance();
f2.setNamespaceAware(true);
+ f2.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
factory = f2.newDocumentBuilder();
DOCUMENT_BUILDERS.put(loader, factory);
}
@@ -682,9 +686,9 @@ public final class DOMUtils {
findAllElementsByTagNameNS(elem, nameSpaceURI, localName, ret);
return ret;
}
-
+
/**
- * Try to get the DOM Node from the SAAJ Node with JAVA9
+ * Try to get the DOM Node from the SAAJ Node with JAVA9
* @param node The original node we need check
* @return The DOM node
*/
--
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <co...@cxf.apache.org>'].