mirror of
https://github.com/openjdk/jdk.git
synced 2026-01-28 12:09:14 +00:00
8353232: Standardizing and Unifying XML Component Configurations
Reviewed-by: lancea
This commit is contained in:
Joe Wang
parent
1c5eb370b7
commit
66f0442713
@ -69,14 +69,15 @@ import javax.xml.transform.stream.StreamSource;
|
||||
import jdk.xml.internal.FeaturePropertyBase;
|
||||
import jdk.xml.internal.JdkConstants;
|
||||
import jdk.xml.internal.JdkProperty;
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.JdkXmlFeatures;
|
||||
import jdk.xml.internal.JdkXmlUtils;
|
||||
import jdk.xml.internal.JdkProperty.ImplPropMap;
|
||||
import jdk.xml.internal.JdkProperty.State;
|
||||
import jdk.xml.internal.TransformErrorListener;
|
||||
import jdk.xml.internal.XMLSecurityManager;
|
||||
import jdk.xml.internal.XMLSecurityPropertyManager.Property;
|
||||
import jdk.xml.internal.XMLSecurityPropertyManager;
|
||||
import jdk.xml.internal.XMLSecurityPropertyManager.Property;
|
||||
import org.xml.sax.InputSource;
|
||||
import org.xml.sax.SAXException;
|
||||
import org.xml.sax.XMLFilter;
|
||||
@ -87,7 +88,7 @@ import org.xml.sax.XMLReader;
|
||||
* @author G. Todd Miller
|
||||
* @author Morten Jorgensen
|
||||
* @author Santiago Pericas-Geertsen
|
||||
* @LastModified: Apr 2025
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public class TransformerFactoryImpl
|
||||
extends SAXTransformerFactory implements SourceLoader
|
||||
@ -265,17 +266,18 @@ public class TransformerFactoryImpl
|
||||
* javax.xml.transform.sax.TransformerFactory implementation.
|
||||
*/
|
||||
public TransformerFactoryImpl() {
|
||||
_xmlFeatures = new JdkXmlFeatures(!_isNotSecureProcessing);
|
||||
JdkXmlConfig config = JdkXmlConfig.getInstance(false);
|
||||
// security (property) managers updated with current system properties
|
||||
_xmlSecurityManager = config.getXMLSecurityManager(true);
|
||||
_xmlSecurityPropertyMgr = config.getXMLSecurityPropertyManager(true);
|
||||
_xmlFeatures = config.getXMLFeatures(true);
|
||||
_overrideDefaultParser = _xmlFeatures.getFeature(
|
||||
JdkXmlFeatures.XmlFeature.JDK_OVERRIDE_PARSER);
|
||||
_xmlSecurityPropertyMgr = new XMLSecurityPropertyManager();
|
||||
_accessExternalDTD = _xmlSecurityPropertyMgr.getValue(
|
||||
Property.ACCESS_EXTERNAL_DTD);
|
||||
_accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue(
|
||||
Property.ACCESS_EXTERNAL_STYLESHEET);
|
||||
|
||||
//Parser's security manager
|
||||
_xmlSecurityManager = new XMLSecurityManager(true);
|
||||
//Unmodifiable hash map with loaded external extension functions
|
||||
_xsltcExtensionFunctions = null;
|
||||
_extensionClassLoader = new JdkProperty<>(ImplPropMap.EXTCLSLOADER,
|
||||
|
||||
@ -53,6 +53,7 @@ import java.util.StringTokenizer;
|
||||
import javax.xml.XMLConstants;
|
||||
import javax.xml.catalog.CatalogFeatures;
|
||||
import jdk.xml.internal.JdkConstants;
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.JdkXmlUtils;
|
||||
import jdk.xml.internal.XMLSecurityManager;
|
||||
import jdk.xml.internal.XMLSecurityPropertyManager;
|
||||
@ -71,7 +72,7 @@ import org.w3c.dom.ls.LSResourceResolver;
|
||||
*
|
||||
* @author Elena Litani, IBM
|
||||
* @author Neeraj Bajaj, Sun Microsystems.
|
||||
* @LastModified: Apr 2025
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public class DOMConfigurationImpl extends ParserConfigurationSettings
|
||||
implements XMLParserConfiguration, DOMConfiguration {
|
||||
@ -414,10 +415,10 @@ public class DOMConfigurationImpl extends ParserConfigurationSettings
|
||||
fValidationManager = createValidationManager();
|
||||
setProperty(VALIDATION_MANAGER, fValidationManager);
|
||||
|
||||
setProperty(SECURITY_MANAGER, new XMLSecurityManager(true));
|
||||
setProperty(SECURITY_MANAGER, JdkXmlConfig.getInstance(false).getXMLSecurityManager(false));
|
||||
|
||||
setProperty(JdkConstants.XML_SECURITY_PROPERTY_MANAGER,
|
||||
new XMLSecurityPropertyManager());
|
||||
JdkXmlConfig.getInstance(false).getXMLSecurityPropertyManager(false));
|
||||
|
||||
// add message formatters
|
||||
if (fErrorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) {
|
||||
|
||||
@ -31,6 +31,7 @@ import javax.xml.stream.XMLInputFactory;
|
||||
import javax.xml.stream.XMLOutputFactory;
|
||||
import javax.xml.stream.XMLResolver;
|
||||
import jdk.xml.internal.JdkConstants;
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.JdkXmlUtils;
|
||||
import jdk.xml.internal.XMLSecurityManager;
|
||||
import jdk.xml.internal.XMLSecurityPropertyManager;
|
||||
@ -44,7 +45,7 @@ import jdk.xml.internal.XMLSecurityPropertyManager;
|
||||
* @author K Venugopal
|
||||
* @author Sunitha Reddy
|
||||
*
|
||||
* @LastModified: Apr 2025
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public class PropertyManager {
|
||||
|
||||
@ -66,6 +67,7 @@ public class PropertyManager {
|
||||
|
||||
HashMap<String, Object> supportedProps = new HashMap<>();
|
||||
|
||||
JdkXmlConfig config = JdkXmlConfig.getInstance(true);
|
||||
private XMLSecurityManager fSecurityManager;
|
||||
private XMLSecurityPropertyManager fSecurityPropertyMgr;
|
||||
|
||||
@ -141,9 +143,9 @@ public class PropertyManager {
|
||||
supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_DUPLICATE_ENTITYDEF_FEATURE, false);
|
||||
supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_UNDECLARED_ELEMDEF_FEATURE, false);
|
||||
|
||||
fSecurityManager = new XMLSecurityManager(true);
|
||||
fSecurityManager = config.getXMLSecurityManager(true);
|
||||
fSecurityPropertyMgr = config.getXMLSecurityPropertyManager(true);
|
||||
supportedProps.put(SECURITY_MANAGER, fSecurityManager);
|
||||
fSecurityPropertyMgr = new XMLSecurityPropertyManager();
|
||||
supportedProps.put(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
|
||||
|
||||
// Initialize Catalog features
|
||||
@ -232,7 +234,7 @@ public class PropertyManager {
|
||||
}
|
||||
if (property.equals(JdkConstants.XML_SECURITY_PROPERTY_MANAGER)) {
|
||||
if (value == null) {
|
||||
fSecurityPropertyMgr = new XMLSecurityPropertyManager();
|
||||
fSecurityPropertyMgr = config.getXMLSecurityPropertyManager(true);
|
||||
} else {
|
||||
fSecurityPropertyMgr = (XMLSecurityPropertyManager) value;
|
||||
}
|
||||
|
||||
@ -49,15 +49,14 @@ import java.util.Stack;
|
||||
import java.util.StringTokenizer;
|
||||
import javax.xml.XMLConstants;
|
||||
import javax.xml.catalog.CatalogException;
|
||||
import javax.xml.catalog.CatalogFeatures.Feature;
|
||||
import javax.xml.catalog.CatalogFeatures;
|
||||
import javax.xml.catalog.CatalogManager;
|
||||
import javax.xml.catalog.CatalogResolver;
|
||||
import javax.xml.stream.XMLInputFactory;
|
||||
import javax.xml.transform.Source;
|
||||
import jdk.xml.internal.JdkCatalog;
|
||||
import jdk.xml.internal.JdkConstants;
|
||||
import jdk.xml.internal.JdkProperty;
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.JdkXmlUtils;
|
||||
import jdk.xml.internal.SecuritySupport;
|
||||
import jdk.xml.internal.XMLLimitAnalyzer;
|
||||
@ -94,7 +93,7 @@ import org.xml.sax.InputSource;
|
||||
* @author K.Venugopal SUN Microsystems
|
||||
* @author Neeraj Bajaj SUN Microsystems
|
||||
* @author Sunitha Reddy SUN Microsystems
|
||||
* @LastModified: Apr 2025
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
|
||||
|
||||
@ -436,7 +435,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
|
||||
* If this constructor is used to create the object, reset() should be invoked on this object
|
||||
*/
|
||||
public XMLEntityManager() {
|
||||
this(null, new XMLSecurityManager(true));
|
||||
this(null, JdkXmlConfig.getInstance(false).getXMLSecurityManager(false));
|
||||
}
|
||||
|
||||
public XMLEntityManager(XMLSecurityPropertyManager securityPropertyMgr, XMLSecurityManager securityManager) {
|
||||
@ -1055,7 +1054,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
|
||||
&& JdkXmlUtils.isResolveContinue(fCatalogFeatures)) {
|
||||
initJdkCatalogResolver();
|
||||
|
||||
staxInputSource = resolveWithCatalogStAX(fDefCR, JdkCatalog.JDKCATALOG, publicId, literalSystemId);
|
||||
staxInputSource = resolveWithCatalogStAX(fDefCR, JdkXmlConfig.JDKCATALOG_FILE, publicId, literalSystemId);
|
||||
}
|
||||
|
||||
// Step 4: default resolution if not resolved by a resolver and the RESOLVE
|
||||
@ -1697,7 +1696,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
|
||||
// JAXP 1.5 feature
|
||||
XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager) componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER, null);
|
||||
if (spm == null) {
|
||||
spm = new XMLSecurityPropertyManager();
|
||||
spm = JdkXmlConfig.getInstance(false).getXMLSecurityPropertyManager(false);
|
||||
}
|
||||
fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
|
||||
|
||||
|
||||
@ -74,6 +74,7 @@ import java.util.StringTokenizer;
|
||||
import java.util.WeakHashMap;
|
||||
import javax.xml.XMLConstants;
|
||||
import jdk.xml.internal.JdkConstants;
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.JdkXmlUtils;
|
||||
import jdk.xml.internal.XMLSecurityManager;
|
||||
import jdk.xml.internal.XMLSecurityPropertyManager;
|
||||
@ -102,7 +103,7 @@ import org.xml.sax.InputSource;
|
||||
* @xerces.internal
|
||||
*
|
||||
* @author Neil Graham, IBM
|
||||
* @LastModified: Apr 2025
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
|
||||
public class XMLSchemaLoader implements XMLGrammarLoader, XMLComponent, XSElementDeclHelper,
|
||||
@ -1001,13 +1002,13 @@ XSLoader, DOMConfiguration {
|
||||
|
||||
XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
|
||||
if (spm == null) {
|
||||
spm = new XMLSecurityPropertyManager();
|
||||
spm = JdkXmlConfig.getInstance(false).getXMLSecurityPropertyManager(false);
|
||||
setProperty(XML_SECURITY_PROPERTY_MANAGER, spm);
|
||||
}
|
||||
|
||||
XMLSecurityManager sm = (XMLSecurityManager)componentManager.getProperty(SECURITY_MANAGER);
|
||||
if (sm == null)
|
||||
setProperty(SECURITY_MANAGER,new XMLSecurityManager(true));
|
||||
setProperty(SECURITY_MANAGER, JdkXmlConfig.getInstance(false).getXMLSecurityManager(false));
|
||||
|
||||
faccessExternalSchema = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA);
|
||||
|
||||
|
||||
@ -105,6 +105,7 @@ import javax.xml.stream.XMLEventReader;
|
||||
import javax.xml.stream.XMLStreamException;
|
||||
import javax.xml.stream.XMLStreamReader;
|
||||
import jdk.xml.internal.JdkConstants;
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.JdkXmlUtils;
|
||||
import jdk.xml.internal.SecuritySupport;
|
||||
import jdk.xml.internal.XMLSecurityManager;
|
||||
@ -131,7 +132,7 @@ import org.xml.sax.XMLReader;
|
||||
* @author Neil Graham, IBM
|
||||
* @author Pavani Mukthipudi, Sun Microsystems
|
||||
*
|
||||
* @LastModified: Apr 2025
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public class XSDHandler {
|
||||
|
||||
@ -735,7 +736,8 @@ public class XSDHandler {
|
||||
fAnnotationValidator.setFeature(XMLSCHEMA_VALIDATION, true);
|
||||
fAnnotationValidator.setProperty(XMLGRAMMAR_POOL, fGrammarBucketAdapter);
|
||||
/** set security manager and XML Security Property Manager **/
|
||||
fAnnotationValidator.setProperty(SECURITY_MANAGER, (fSecurityManager != null) ? fSecurityManager : new XMLSecurityManager(true));
|
||||
fAnnotationValidator.setProperty(SECURITY_MANAGER,
|
||||
(fSecurityManager != null) ? fSecurityManager : JdkXmlConfig.getInstance(false).getXMLSecurityManager(false));
|
||||
fAnnotationValidator.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
|
||||
/** Set error handler. **/
|
||||
fAnnotationValidator.setProperty(ERROR_HANDLER, (fErrorHandler != null) ? fErrorHandler : new DefaultErrorHandler());
|
||||
|
||||
@ -29,6 +29,8 @@ import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
import javax.xml.validation.Schema;
|
||||
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.JdkXmlUtils;
|
||||
import jdk.xml.internal.XMLSecurityManager;
|
||||
import jdk.xml.internal.XMLSecurityPropertyManager;
|
||||
@ -39,7 +41,7 @@ import org.xml.sax.SAXNotSupportedException;
|
||||
/**
|
||||
* @author Rajiv Mordani
|
||||
* @author Edwin Goei
|
||||
* @LastModified: Apr 2025
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public class DocumentBuilderFactoryImpl extends DocumentBuilderFactory {
|
||||
/** These are DocumentBuilderFactory attributes not DOM attributes */
|
||||
@ -54,8 +56,15 @@ public class DocumentBuilderFactoryImpl extends DocumentBuilderFactory {
|
||||
private boolean fSecureProcess = true;
|
||||
|
||||
// used to verify attributes
|
||||
XMLSecurityManager fSecurityManager = new XMLSecurityManager(true);
|
||||
XMLSecurityPropertyManager fSecurityPropertyMgr = new XMLSecurityPropertyManager();
|
||||
XMLSecurityManager fSecurityManager;
|
||||
XMLSecurityPropertyManager fSecurityPropertyMgr;
|
||||
|
||||
public DocumentBuilderFactoryImpl() {
|
||||
JdkXmlConfig config = JdkXmlConfig.getInstance(false);
|
||||
// security (property) managers updated with current system properties
|
||||
fSecurityManager = config.getXMLSecurityManager(true);
|
||||
fSecurityPropertyMgr = config.getXMLSecurityPropertyManager(true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new instance of a {@link javax.xml.parsers.DocumentBuilder}
|
||||
|
||||
@ -59,7 +59,7 @@ import org.xml.sax.SAXNotSupportedException;
|
||||
/**
|
||||
* @author Rajiv Mordani
|
||||
* @author Edwin Goei
|
||||
* @LastModified: Apr 2025
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public class DocumentBuilderImpl extends DocumentBuilder
|
||||
implements JAXPConstants
|
||||
@ -140,7 +140,7 @@ public class DocumentBuilderImpl extends DocumentBuilder
|
||||
{
|
||||
domParser = new DOMParser();
|
||||
|
||||
fSecurityPropertyMgr = new XMLSecurityPropertyManager();
|
||||
fSecurityPropertyMgr = dbf.fSecurityPropertyMgr;
|
||||
domParser.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
|
||||
|
||||
fSecurityManager = dbf.fSecurityManager;
|
||||
|
||||
@ -28,6 +28,7 @@ import javax.xml.parsers.ParserConfigurationException;
|
||||
import javax.xml.parsers.SAXParser;
|
||||
import javax.xml.parsers.SAXParserFactory;
|
||||
import javax.xml.validation.Schema;
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.XMLSecurityManager;
|
||||
import jdk.xml.internal.XMLSecurityPropertyManager;
|
||||
import org.xml.sax.SAXException;
|
||||
@ -42,7 +43,7 @@ import org.xml.sax.SAXNotSupportedException;
|
||||
* @author Rajiv Mordani
|
||||
* @author Edwin Goei
|
||||
*
|
||||
* @LastModified: Apr 2025
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public class SAXParserFactoryImpl extends SAXParserFactory {
|
||||
|
||||
@ -68,8 +69,14 @@ public class SAXParserFactoryImpl extends SAXParserFactory {
|
||||
private boolean fSecureProcess = true;
|
||||
|
||||
// Security Managers
|
||||
XMLSecurityManager fSecurityManager = new XMLSecurityManager(true);
|
||||
XMLSecurityPropertyManager fSecurityPropertyMgr = new XMLSecurityPropertyManager();
|
||||
XMLSecurityManager fSecurityManager;
|
||||
XMLSecurityPropertyManager fSecurityPropertyMgr;
|
||||
|
||||
public SAXParserFactoryImpl() {
|
||||
JdkXmlConfig config = JdkXmlConfig.getInstance(false);
|
||||
fSecurityManager = config.getXMLSecurityManager(true);
|
||||
fSecurityPropertyMgr = config.getXMLSecurityPropertyManager(true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new instance of <code>SAXParser</code> using the currently
|
||||
|
||||
@ -43,6 +43,7 @@ import javax.xml.XMLConstants;
|
||||
import javax.xml.validation.Schema;
|
||||
import jdk.xml.internal.FeaturePropertyBase;
|
||||
import jdk.xml.internal.JdkConstants;
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.JdkXmlUtils;
|
||||
import jdk.xml.internal.XMLSecurityManager;
|
||||
import jdk.xml.internal.XMLSecurityPropertyManager;
|
||||
@ -64,7 +65,7 @@ import org.xml.sax.helpers.DefaultHandler;
|
||||
* @author Rajiv Mordani
|
||||
* @author Edwin Goei
|
||||
*
|
||||
* @LastModified: Apr 2025
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
@SuppressWarnings("deprecation")
|
||||
public class SAXParserImpl extends javax.xml.parsers.SAXParser
|
||||
@ -412,7 +413,7 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
|
||||
* it is null.
|
||||
*/
|
||||
if (fSecurityManager == null) {
|
||||
fSecurityManager = new XMLSecurityManager(true);
|
||||
fSecurityManager = JdkXmlConfig.getInstance(false).getXMLSecurityManager(false);
|
||||
}
|
||||
try {
|
||||
super.setProperty(SECURITY_MANAGER, fSecurityManager);
|
||||
@ -423,7 +424,7 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
|
||||
}
|
||||
|
||||
if (fSecurityPropertyMgr == null) {
|
||||
fSecurityPropertyMgr = new XMLSecurityPropertyManager();
|
||||
fSecurityPropertyMgr = JdkXmlConfig.getInstance(false).getXMLSecurityPropertyManager(false);
|
||||
}
|
||||
try {
|
||||
super.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2013, 2025, Oracle and/or its affiliates. All rights reserved.
|
||||
*/
|
||||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
@ -23,6 +23,7 @@ import com.sun.org.apache.xerces.internal.impl.Constants;
|
||||
import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter;
|
||||
import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
|
||||
import com.sun.org.apache.xerces.internal.parsers.XML11Configuration;
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.XMLSecurityManager;
|
||||
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
|
||||
@ -49,7 +50,7 @@ import org.xml.sax.SAXException;
|
||||
*
|
||||
* @author Michael Glavassevich, IBM
|
||||
* @author Sunitha Reddy
|
||||
* @LastModified: July 2023
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
final class StreamValidatorHelper implements ValidatorHelper {
|
||||
|
||||
@ -190,7 +191,7 @@ final class StreamValidatorHelper implements ValidatorHelper {
|
||||
private XMLParserConfiguration initialize() {
|
||||
XML11Configuration config = new XML11Configuration();
|
||||
if (fComponentManager.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING)) {
|
||||
config.setProperty(SECURITY_MANAGER, new XMLSecurityManager());
|
||||
config.setProperty(SECURITY_MANAGER, JdkXmlConfig.getInstance(false).getXMLSecurityManager(false));
|
||||
}
|
||||
config.setProperty(ENTITY_RESOLVER, fComponentManager.getProperty(ENTITY_RESOLVER));
|
||||
config.setProperty(ERROR_HANDLER, fComponentManager.getProperty(ERROR_HANDLER));
|
||||
|
||||
@ -52,6 +52,7 @@ import jdk.xml.internal.FeaturePropertyBase;
|
||||
import jdk.xml.internal.JdkConstants;
|
||||
import jdk.xml.internal.JdkProperty;
|
||||
import jdk.xml.internal.JdkProperty.ImplPropMap;
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.JdkXmlFeatures;
|
||||
import jdk.xml.internal.JdkXmlUtils;
|
||||
import jdk.xml.internal.XMLSecurityManager;
|
||||
@ -70,7 +71,7 @@ import org.xml.sax.SAXParseException;
|
||||
*
|
||||
* @author Kohsuke Kawaguchi
|
||||
*
|
||||
* @LastModified: Apr 2025
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public final class XMLSchemaFactory extends SchemaFactory {
|
||||
|
||||
@ -152,19 +153,19 @@ public final class XMLSchemaFactory extends SchemaFactory {
|
||||
fXMLSchemaLoader.setErrorHandler(fErrorHandlerWrapper);
|
||||
fUseGrammarPoolOnly = true;
|
||||
|
||||
// Enable secure processing feature by default
|
||||
fSecurityManager = new XMLSecurityManager(true);
|
||||
fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
|
||||
// security (property) managers updated with current system properties
|
||||
JdkXmlConfig config = JdkXmlConfig.getInstance(false);
|
||||
fSecurityManager = config.getXMLSecurityManager(true);
|
||||
fSecurityPropertyMgr = config.getXMLSecurityPropertyManager(true);
|
||||
fXmlFeatures = config.getXMLFeatures(true);
|
||||
|
||||
fSecurityPropertyMgr = new XMLSecurityPropertyManager();
|
||||
fXMLSchemaLoader.setProperty(XML_SECURITY_PROPERTY_MANAGER,
|
||||
fSecurityPropertyMgr);
|
||||
fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
|
||||
fXMLSchemaLoader.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
|
||||
|
||||
// use catalog
|
||||
fXMLSchemaLoader.setFeature(XMLConstants.USE_CATALOG, JdkXmlUtils.USE_CATALOG_DEFAULT);
|
||||
|
||||
fXMLSchemaLoader.setProperty(JdkConstants.CDATA_CHUNK_SIZE, JdkConstants.CDATA_CHUNK_SIZE_DEFAULT);
|
||||
fXmlFeatures = new JdkXmlFeatures(fSecurityManager.isSecureProcessing());
|
||||
fOverrideDefaultParser = fXmlFeatures.getFeature(
|
||||
JdkXmlFeatures.XmlFeature.JDK_OVERRIDE_PARSER);
|
||||
fXMLSchemaLoader.setFeature(JdkConstants.OVERRIDE_PARSER, fOverrideDefaultParser);
|
||||
@ -500,7 +501,7 @@ public final class XMLSchemaFactory extends SchemaFactory {
|
||||
return;
|
||||
} else if (name.equals(JdkConstants.XML_SECURITY_PROPERTY_MANAGER)) {
|
||||
if (object == null) {
|
||||
fSecurityPropertyMgr = new XMLSecurityPropertyManager();
|
||||
fSecurityPropertyMgr = JdkXmlConfig.getInstance(false).getXMLSecurityPropertyManager(true);
|
||||
} else {
|
||||
fSecurityPropertyMgr = (XMLSecurityPropertyManager)object;
|
||||
}
|
||||
|
||||
@ -48,6 +48,7 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
|
||||
import javax.xml.catalog.CatalogFeatures;
|
||||
import jdk.xml.internal.FeaturePropertyBase;
|
||||
import jdk.xml.internal.JdkConstants;
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.JdkXmlUtils;
|
||||
import jdk.xml.internal.XMLSecurityManager;
|
||||
import jdk.xml.internal.XMLSecurityPropertyManager;
|
||||
@ -58,7 +59,7 @@ import org.xml.sax.ErrorHandler;
|
||||
* <p>An implementation of XMLComponentManager for a schema validator.</p>
|
||||
*
|
||||
* @author Michael Glavassevich, IBM
|
||||
* @LastModified: Apr 2025
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettings implements
|
||||
XMLComponentManager {
|
||||
@ -298,7 +299,7 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
|
||||
if (fInitSecurityManager != null ) {
|
||||
fInitSecurityManager.setSecureProcessing(secureProcessing);
|
||||
} else {
|
||||
fInitSecurityManager = new XMLSecurityManager(secureProcessing);
|
||||
fInitSecurityManager = JdkXmlConfig.getInstance(false).getXMLSecurityManager(false);
|
||||
}
|
||||
|
||||
setProperty(SECURITY_MANAGER, fInitSecurityManager);
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2017, 2025, Oracle and/or its affiliates. All rights reserved.
|
||||
*/
|
||||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
@ -79,7 +79,7 @@ import org.xml.sax.helpers.LocatorImpl;
|
||||
* @author Arnaud Le Hors, IBM
|
||||
* @author Andy Clark, IBM
|
||||
*
|
||||
* @LastModified: Jan 2024
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
@SuppressWarnings("deprecation")
|
||||
public abstract class AbstractSAXParser
|
||||
@ -1665,7 +1665,7 @@ public abstract class AbstractSAXParser
|
||||
else if (featureId.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) {
|
||||
if (state) {
|
||||
if (fConfiguration.getProperty(SECURITY_MANAGER )==null) {
|
||||
fConfiguration.setProperty(SECURITY_MANAGER, new XMLSecurityManager());
|
||||
fConfiguration.setProperty(SECURITY_MANAGER, config.getXMLSecurityManager(true));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -61,7 +61,7 @@ import org.xml.sax.helpers.LocatorImpl;
|
||||
*
|
||||
* @author Arnaud Le Hors, IBM
|
||||
* @author Andy Clark, IBM
|
||||
* @LastModified: Apr 2025
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public class DOMParser
|
||||
extends AbstractDOMParser {
|
||||
@ -550,7 +550,7 @@ public class DOMParser
|
||||
}
|
||||
if (propertyId.equals(JdkConstants.XML_SECURITY_PROPERTY_MANAGER)) {
|
||||
if (value == null) {
|
||||
securityPropertyManager = new XMLSecurityPropertyManager();
|
||||
securityPropertyManager = config.getXMLSecurityPropertyManager(true);
|
||||
} else {
|
||||
securityPropertyManager = (XMLSecurityPropertyManager)value;
|
||||
}
|
||||
@ -559,12 +559,12 @@ public class DOMParser
|
||||
}
|
||||
|
||||
if (securityManager == null) {
|
||||
securityManager = new XMLSecurityManager(true);
|
||||
securityManager = config.getXMLSecurityManager(true);
|
||||
setProperty0(Constants.SECURITY_MANAGER, securityManager);
|
||||
}
|
||||
|
||||
if (securityPropertyManager == null) {
|
||||
securityPropertyManager = new XMLSecurityPropertyManager();
|
||||
securityPropertyManager = config.getXMLSecurityPropertyManager(true);
|
||||
setProperty0(JdkConstants.XML_SECURITY_PROPERTY_MANAGER, securityPropertyManager);
|
||||
}
|
||||
int index = securityPropertyManager.getIndex(propertyId);
|
||||
|
||||
@ -50,8 +50,8 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLPullParserConfiguration;
|
||||
import javax.xml.XMLConstants;
|
||||
import javax.xml.catalog.CatalogFeatures;
|
||||
import jdk.xml.internal.JdkConstants;
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.JdkXmlUtils;
|
||||
import jdk.xml.internal.XMLSecurityPropertyManager;
|
||||
|
||||
/**
|
||||
* This is the DTD-only parser configuration. It extends the basic
|
||||
@ -89,7 +89,7 @@ import jdk.xml.internal.XMLSecurityPropertyManager;
|
||||
* @author Arnaud Le Hors, IBM
|
||||
* @author Andy Clark, IBM
|
||||
* @author Neil Graham, IBM
|
||||
* @LastModified: Apr 2025
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public class DTDConfiguration
|
||||
extends BasicParserConfiguration
|
||||
@ -427,7 +427,8 @@ public class DTDConfiguration
|
||||
// REVISIT: What is the right thing to do? -Ac
|
||||
}
|
||||
|
||||
setProperty(XML_SECURITY_PROPERTY_MANAGER, new XMLSecurityPropertyManager());
|
||||
setProperty(XML_SECURITY_PROPERTY_MANAGER,
|
||||
JdkXmlConfig.getInstance(false).getXMLSecurityPropertyManager(false));
|
||||
|
||||
// Initialize Catalog features
|
||||
for( CatalogFeatures.Feature f : CatalogFeatures.Feature.values()) {
|
||||
|
||||
@ -49,8 +49,8 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLPullParserConfiguration;
|
||||
import javax.xml.XMLConstants;
|
||||
import javax.xml.catalog.CatalogFeatures;
|
||||
import jdk.xml.internal.JdkConstants;
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.JdkXmlUtils;
|
||||
import jdk.xml.internal.XMLSecurityPropertyManager;
|
||||
|
||||
/**
|
||||
* This is the non validating parser configuration. It extends the basic
|
||||
@ -390,7 +390,8 @@ public class NonValidatingConfiguration
|
||||
// REVISIT: What is the right thing to do? -Ac
|
||||
}
|
||||
|
||||
setProperty(XML_SECURITY_PROPERTY_MANAGER, new XMLSecurityPropertyManager());
|
||||
setProperty(XML_SECURITY_PROPERTY_MANAGER,
|
||||
JdkXmlConfig.getInstance(false).getXMLSecurityPropertyManager(false));
|
||||
|
||||
// Initialize Catalog features
|
||||
for( CatalogFeatures.Feature f : CatalogFeatures.Feature.values()) {
|
||||
|
||||
@ -42,7 +42,7 @@ import org.xml.sax.SAXNotSupportedException;
|
||||
* @author Arnaud Le Hors, IBM
|
||||
* @author Andy Clark, IBM
|
||||
*
|
||||
* @LastModified: Apr 2025
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public class SAXParser
|
||||
extends AbstractSAXParser {
|
||||
@ -154,7 +154,7 @@ public class SAXParser
|
||||
}
|
||||
if (name.equals(JdkConstants.XML_SECURITY_PROPERTY_MANAGER)) {
|
||||
if (value == null) {
|
||||
securityPropertyManager = new XMLSecurityPropertyManager();
|
||||
securityPropertyManager = config.getXMLSecurityPropertyManager(true);
|
||||
} else {
|
||||
securityPropertyManager = (XMLSecurityPropertyManager)value;
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2013, 2025, Oracle and/or its affiliates. All rights reserved.
|
||||
*/
|
||||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
@ -24,6 +24,7 @@ import com.sun.org.apache.xerces.internal.impl.Constants;
|
||||
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
|
||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
|
||||
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.XMLSecurityManager;
|
||||
|
||||
/**
|
||||
@ -43,7 +44,7 @@ import jdk.xml.internal.XMLSecurityManager;
|
||||
* </ul>
|
||||
*
|
||||
* @author Neil Graham, IBM
|
||||
* @LastModified: July 2023
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public class SecurityConfiguration extends XIncludeAwareParserConfiguration
|
||||
{
|
||||
@ -107,7 +108,8 @@ public class SecurityConfiguration extends XIncludeAwareParserConfiguration
|
||||
super(symbolTable, grammarPool, parentSettings);
|
||||
|
||||
// create the SecurityManager property:
|
||||
setProperty(SECURITY_MANAGER_PROPERTY, new XMLSecurityManager(true));
|
||||
setProperty(SECURITY_MANAGER_PROPERTY,
|
||||
JdkXmlConfig.getInstance(false).getXMLSecurityManager(false));
|
||||
} // <init>(SymbolTable,XMLGrammarPool)
|
||||
|
||||
} // class SecurityConfiguration
|
||||
|
||||
@ -27,6 +27,7 @@ import com.sun.org.apache.xerces.internal.xni.XNIException;
|
||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
|
||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
|
||||
import jdk.xml.internal.JdkConstants;
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.Utils;
|
||||
import jdk.xml.internal.XMLSecurityManager;
|
||||
import jdk.xml.internal.XMLSecurityPropertyManager;
|
||||
@ -50,7 +51,7 @@ import org.xml.sax.SAXNotRecognizedException;
|
||||
*
|
||||
* @author Arnaud Le Hors, IBM
|
||||
* @author Andy Clark, IBM
|
||||
* @LastModified: Apr 2025
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public abstract class XMLParser {
|
||||
|
||||
@ -81,6 +82,8 @@ public abstract class XMLParser {
|
||||
/** The parser configuration. */
|
||||
protected XMLParserConfiguration fConfiguration;
|
||||
|
||||
JdkXmlConfig config = JdkXmlConfig.getInstance(false);
|
||||
|
||||
/** The XML Security Manager. */
|
||||
XMLSecurityManager securityManager;
|
||||
|
||||
@ -142,12 +145,12 @@ public abstract class XMLParser {
|
||||
*/
|
||||
void initSecurityManager(XMLSecurityPropertyManager spm, XMLSecurityManager sm) {
|
||||
if (securityManager == null) {
|
||||
securityManager = sm != null ? sm : new XMLSecurityManager(true);
|
||||
securityManager = sm != null ? sm : config.getXMLSecurityManager(true);
|
||||
}
|
||||
fConfiguration.setProperty(Constants.SECURITY_MANAGER, securityManager);
|
||||
|
||||
if (securityPropertyManager == null) {
|
||||
securityPropertyManager = spm != null ? spm : new XMLSecurityPropertyManager();
|
||||
securityPropertyManager = spm != null ? spm : config.getXMLSecurityPropertyManager(true);
|
||||
}
|
||||
fConfiguration.setProperty(JdkConstants.XML_SECURITY_PROPERTY_MANAGER, securityPropertyManager);
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2025, Oracle and/or its affiliates. All rights reserved.
|
||||
*/
|
||||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
@ -31,6 +31,8 @@ import javax.xml.xpath.XPathExpressionException;
|
||||
import javax.xml.xpath.XPathFunctionException;
|
||||
import javax.xml.xpath.XPathFunctionResolver;
|
||||
import javax.xml.xpath.XPathVariableResolver;
|
||||
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.JdkXmlFeatures;
|
||||
import org.w3c.dom.Document;
|
||||
import org.xml.sax.InputSource;
|
||||
@ -39,7 +41,7 @@ import org.xml.sax.InputSource;
|
||||
* The XPathExpression interface encapsulates a (compiled) XPath expression.
|
||||
*
|
||||
* @author Ramesh Mandava
|
||||
* @LastModified: May 2022
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public class XPathExpressionImpl extends XPathImplUtil implements XPathExpression {
|
||||
|
||||
@ -49,7 +51,7 @@ public class XPathExpressionImpl extends XPathImplUtil implements XPathExpressio
|
||||
* from the context.
|
||||
*/
|
||||
protected XPathExpressionImpl() {
|
||||
this(null, null, null, null, false, new JdkXmlFeatures(false));
|
||||
this(null, null, null, null, false, JdkXmlConfig.getInstance(false).getXMLFeatures(true));
|
||||
};
|
||||
|
||||
protected XPathExpressionImpl(com.sun.org.apache.xpath.internal.XPath xpath,
|
||||
@ -57,7 +59,7 @@ public class XPathExpressionImpl extends XPathImplUtil implements XPathExpressio
|
||||
XPathFunctionResolver functionResolver,
|
||||
XPathVariableResolver variableResolver) {
|
||||
this(xpath, prefixResolver, functionResolver, variableResolver,
|
||||
false, new JdkXmlFeatures(false));
|
||||
false, JdkXmlConfig.getInstance(false).getXMLFeatures(true));
|
||||
};
|
||||
|
||||
protected XPathExpressionImpl(com.sun.org.apache.xpath.internal.XPath xpath,
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2011, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2011, 2025, Oracle and/or its affiliates. All rights reserved.
|
||||
*/
|
||||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
@ -27,17 +27,15 @@ import javax.xml.xpath.XPathFactory;
|
||||
import javax.xml.xpath.XPathFactoryConfigurationException;
|
||||
import javax.xml.xpath.XPathFunctionResolver;
|
||||
import javax.xml.xpath.XPathVariableResolver;
|
||||
import jdk.xml.internal.JdkConstants;
|
||||
import jdk.xml.internal.JdkProperty;
|
||||
import jdk.xml.internal.JdkXmlFeatures;
|
||||
import jdk.xml.internal.XMLSecurityManager;
|
||||
|
||||
import jdk.xml.internal.*;
|
||||
|
||||
/**
|
||||
* The XPathFactory builds XPaths.
|
||||
*
|
||||
* @author Ramesh Mandava
|
||||
*
|
||||
* @LastModified: Nov 2024
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public class XPathFactoryImpl extends XPathFactory {
|
||||
|
||||
@ -79,8 +77,9 @@ public class XPathFactoryImpl extends XPathFactory {
|
||||
* javax.xml.xpath.XPathFactory implementation.
|
||||
*/
|
||||
public XPathFactoryImpl() {
|
||||
_featureManager = new JdkXmlFeatures(!_isNotSecureProcessing);
|
||||
_xmlSecMgr = new XMLSecurityManager(true);
|
||||
JdkXmlConfig config = JdkXmlConfig.getInstance(false);
|
||||
_xmlSecMgr = config.getXMLSecurityManager(true);
|
||||
_featureManager = config.getXMLFeatures(true);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2025, Oracle and/or its affiliates. All rights reserved.
|
||||
*/
|
||||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
@ -32,6 +32,8 @@ import javax.xml.xpath.XPathExpression;
|
||||
import javax.xml.xpath.XPathExpressionException;
|
||||
import javax.xml.xpath.XPathFunctionResolver;
|
||||
import javax.xml.xpath.XPathVariableResolver;
|
||||
|
||||
import jdk.xml.internal.JdkXmlConfig;
|
||||
import jdk.xml.internal.JdkXmlFeatures;
|
||||
import jdk.xml.internal.XMLSecurityManager;
|
||||
import org.w3c.dom.Document;
|
||||
@ -48,7 +50,7 @@ import org.xml.sax.InputSource;
|
||||
* New methods: evaluateExpression
|
||||
* Refactored to share code with XPathExpressionImpl.
|
||||
*
|
||||
* @LastModified: May 2022
|
||||
* @LastModified: May 2025
|
||||
*/
|
||||
public class XPathImpl extends XPathImplUtil implements javax.xml.xpath.XPath {
|
||||
|
||||
@ -58,7 +60,9 @@ public class XPathImpl extends XPathImplUtil implements javax.xml.xpath.XPath {
|
||||
private NamespaceContext namespaceContext=null;
|
||||
|
||||
XPathImpl(XPathVariableResolver vr, XPathFunctionResolver fr) {
|
||||
this(vr, fr, false, new JdkXmlFeatures(false), new XMLSecurityManager(true));
|
||||
this(vr, fr, false,
|
||||
JdkXmlConfig.getInstance(false).getXMLFeatures(false),
|
||||
JdkXmlConfig.getInstance(false).getXMLSecurityManager(false));
|
||||
}
|
||||
|
||||
XPathImpl(XPathVariableResolver vr, XPathFunctionResolver fr,
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2025, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -28,6 +28,7 @@ package javax.xml.validation;
|
||||
import com.sun.org.apache.xerces.internal.jaxp.validation.XMLSchemaFactory;
|
||||
import java.io.File;
|
||||
import java.net.URL;
|
||||
import javax.xml.transform.Result;
|
||||
import javax.xml.transform.Source;
|
||||
import javax.xml.transform.stream.StreamSource;
|
||||
import jdk.xml.internal.SecuritySupport;
|
||||
|
||||
@ -186,27 +186,36 @@ public abstract class FeaturePropertyBase {
|
||||
|
||||
|
||||
/**
|
||||
* Read from system properties, or those in jaxp.properties
|
||||
* Reads the system property, and sets the value if successful.
|
||||
*
|
||||
* @param property the property
|
||||
* @param systemProperty the name of the system property
|
||||
*/
|
||||
void getSystemProperty(Enum<?> property, String systemProperty) {
|
||||
try {
|
||||
String value = System.getProperty(systemProperty);
|
||||
if (value != null) {
|
||||
values[property.ordinal()] = value;
|
||||
states[property.ordinal()] = State.SYSTEMPROPERTY;
|
||||
return;
|
||||
}
|
||||
|
||||
value = SecuritySupport.readConfig(systemProperty);
|
||||
if (value != null) {
|
||||
values[property.ordinal()] = value;
|
||||
states[property.ordinal()] = State.JAXPDOTPROPERTIES;
|
||||
}
|
||||
} catch (NumberFormatException e) {
|
||||
//invalid setting ignored
|
||||
boolean getSystemProperty(Enum<?> property, String systemProperty) {
|
||||
String value = System.getProperty(systemProperty);
|
||||
if (value != null) {
|
||||
values[property.ordinal()] = value;
|
||||
states[property.ordinal()] = State.SYSTEMPROPERTY;
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Reads the property from the JAXP Configuration File.
|
||||
*
|
||||
* @param property the property
|
||||
* @param sysPropertyName the name of the system property
|
||||
* @return true if the property is read successfully from the JAXP Config,
|
||||
* false otherwise.
|
||||
*/
|
||||
boolean getPropertyConfig(Enum<?> property, String sysPropertyName) {
|
||||
String value = SecuritySupport.readConfig(sysPropertyName);
|
||||
if (value != null) {
|
||||
values[property.ordinal()] = value;
|
||||
states[property.ordinal()] = State.JAXPDOTPROPERTIES;
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,46 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Oracle designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Oracle in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
package jdk.xml.internal;
|
||||
|
||||
import java.net.URI;
|
||||
import javax.xml.catalog.Catalog;
|
||||
import javax.xml.catalog.CatalogFeatures;
|
||||
import javax.xml.catalog.CatalogManager;
|
||||
|
||||
/**
|
||||
* Represents the built-in Catalog that hosts the DTDs for the Java platform.
|
||||
*/
|
||||
public class JdkCatalog {
|
||||
public static final String JDKCATALOG = "/jdk/xml/internal/jdkcatalog/JDKCatalog.xml";
|
||||
private static final String JDKCATALOG_URL = SecuritySupport.getResource(JDKCATALOG).toExternalForm();
|
||||
public static Catalog catalog;
|
||||
|
||||
public static void init(String resolve) {
|
||||
if (catalog == null) {
|
||||
CatalogFeatures cf = JdkXmlUtils.getCatalogFeatures(null, JDKCATALOG_URL, null, resolve);
|
||||
catalog = CatalogManager.catalog(cf, URI.create(JDKCATALOG_URL));
|
||||
}
|
||||
}
|
||||
}
|
||||
180
src/java.xml/share/classes/jdk/xml/internal/JdkXmlConfig.java
Normal file
180
src/java.xml/share/classes/jdk/xml/internal/JdkXmlConfig.java
Normal file
@ -0,0 +1,180 @@
|
||||
/*
|
||||
* Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Oracle designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Oracle in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
package jdk.xml.internal;
|
||||
|
||||
import javax.xml.catalog.Catalog;
|
||||
import javax.xml.catalog.CatalogFeatures;
|
||||
import javax.xml.catalog.CatalogManager;
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.net.URI;
|
||||
import java.nio.file.Paths;
|
||||
import java.util.Properties;
|
||||
|
||||
/**
|
||||
* Global configuration for JAXP components. A single instance of this class
|
||||
* holds the properties from the JAXP Configuration File, the JDK built-in
|
||||
* Catalog, a base XMLSecurityManager and XMLSecurityPropertyManager.
|
||||
*/
|
||||
public class JdkXmlConfig {
|
||||
public static final String JDKCATALOG_FILE = "/jdk/xml/internal/jdkcatalog/JDKCatalog.xml";
|
||||
private static final String JDKCATALOG_URL = "jrt:/java.xml/jdk/xml/internal/jdkcatalog/JDKCatalog.xml";
|
||||
|
||||
// The JDK Configuration instance
|
||||
private static volatile JdkXmlConfig INSTANCE;
|
||||
// Represents properties set in JAXP Configuration File
|
||||
private final Properties jaxpConfig = new Properties();
|
||||
// The security manager initialized when the JdkXmlConfig instance is created
|
||||
private final XMLSecurityManager baseManager;
|
||||
private final XMLSecurityPropertyManager basePropertyMgr;
|
||||
private final JdkXmlFeatures baseFeatures;
|
||||
|
||||
// The JDK built-in Catalog
|
||||
private static class CatalogHolder {
|
||||
private static final Catalog JDKCATALOG = CatalogManager.catalog(
|
||||
CatalogFeatures.defaults(), URI.create(JDKCATALOG_URL));
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructs an instance of this class.
|
||||
* @param stax a flag indicating whether the call is from StAX
|
||||
*/
|
||||
private JdkXmlConfig(boolean stax) {
|
||||
loadConfig(stax);
|
||||
baseManager = new XMLSecurityManager(true);
|
||||
basePropertyMgr = new XMLSecurityPropertyManager();
|
||||
baseFeatures = new JdkXmlFeatures(true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the singleton instance of this class.
|
||||
* @param stax a flag indicating whether the call is from StAX
|
||||
* @return the singleton instance of this class
|
||||
*/
|
||||
public static JdkXmlConfig getInstance(boolean stax) {
|
||||
if (INSTANCE == null) {
|
||||
synchronized (JdkXmlConfig.class) {
|
||||
if (INSTANCE == null) {
|
||||
INSTANCE = new JdkXmlConfig(stax);
|
||||
}
|
||||
}
|
||||
}
|
||||
return INSTANCE;
|
||||
}
|
||||
|
||||
public Properties getJaxpConfig() {
|
||||
return jaxpConfig;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a copy of the base XMLSecurityManager.
|
||||
* @param update the flag indicating whether the copy should be updated
|
||||
* @return a copy of the base XMLSecurityManager.
|
||||
*/
|
||||
public XMLSecurityManager getXMLSecurityManager(boolean update) {
|
||||
return update ? baseManager.cloneAndUpdate() : baseManager.clone();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a copy of the base XMLSecurityPropertyManager.
|
||||
* @param update the flag indicating whether the copy should be updated
|
||||
* @return a copy of the base XMLSecurityPropertyManager.
|
||||
*/
|
||||
public XMLSecurityPropertyManager getXMLSecurityPropertyManager(boolean update) {
|
||||
return update ? basePropertyMgr.cloneAndUpdate() : basePropertyMgr.clone();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a copy of the base XMLSecurityPropertyManager.
|
||||
* @param update the flag indicating whether the copy should be updated
|
||||
* @return a copy of the base XMLSecurityPropertyManager.
|
||||
*/
|
||||
public JdkXmlFeatures getXMLFeatures(boolean update) {
|
||||
return update ? baseFeatures.cloneAndUpdate() : baseFeatures.clone();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the JDK built-in Catalog.
|
||||
* @return the JDK built-in Catalog
|
||||
*/
|
||||
public Catalog getJdkCatalog() {
|
||||
return CatalogHolder.JDKCATALOG;
|
||||
}
|
||||
|
||||
/**
|
||||
* Loads the JAXP Configuration file.
|
||||
* The method reads the JDK default configuration that is typically located
|
||||
* at $java.home/conf/jaxp.properties. On top of the default, if the System
|
||||
* Property "java.xml.config.file" exists, the configuration file it points
|
||||
* to will also be read. Any settings in it will then override those in the
|
||||
* default.
|
||||
*
|
||||
* @param stax a flag indicating whether to read stax.properties
|
||||
* @return the value of the specified property, null if the property is not
|
||||
* found
|
||||
*/
|
||||
private void loadConfig(boolean stax) {
|
||||
Properties properties = new Properties();
|
||||
// load the default configuration file
|
||||
boolean found = loadProperties(
|
||||
Paths.get(System.getProperty("java.home"),
|
||||
"conf", "jaxp.properties")
|
||||
.toAbsolutePath().normalize().toString());
|
||||
|
||||
// attempts to find stax.properties only if jaxp.properties is not available
|
||||
if (stax && !found) {
|
||||
found = loadProperties(
|
||||
Paths.get(System.getProperty("java.home"),
|
||||
"conf", "stax.properties")
|
||||
.toAbsolutePath().normalize().toString()
|
||||
);
|
||||
}
|
||||
|
||||
// load the custom configure on top of the default if any
|
||||
String configFile = System.getProperty(JdkConstants.CONFIG_FILE_PROPNAME);
|
||||
if (configFile != null) {
|
||||
loadProperties(configFile);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Loads the properties from the specified file into the cache.
|
||||
* @param file the specified file
|
||||
* @return true if success, false otherwise
|
||||
*/
|
||||
private boolean loadProperties(String file) {
|
||||
File f = new File(file);
|
||||
if (SecuritySupport.doesFileExist(f)) {
|
||||
try (final InputStream in = SecuritySupport.getFileInputStream(f)) {
|
||||
jaxpConfig.load(in);
|
||||
return true;
|
||||
} catch (IOException e) {
|
||||
// shouldn't happen, but required by method getFileInputStream
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2016, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2016, 2025, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -34,7 +34,7 @@ import static jdk.xml.internal.JdkXmlUtils.SP_USE_CATALOG;
|
||||
* This class manages JDK's XML Features. Previously added features and properties
|
||||
* may be gradually moved to this class.
|
||||
*/
|
||||
public class JdkXmlFeatures {
|
||||
public class JdkXmlFeatures implements Cloneable {
|
||||
public static final String ORACLE_JAXP_PROPERTY_PREFIX =
|
||||
"http://www.oracle.com/xml/jaxp/properties/";
|
||||
|
||||
@ -217,12 +217,12 @@ public class JdkXmlFeatures {
|
||||
/**
|
||||
* Values of the features
|
||||
*/
|
||||
private final boolean[] featureValues;
|
||||
private boolean[] featureValues;
|
||||
|
||||
/**
|
||||
* States of the settings for each property
|
||||
*/
|
||||
private final State[] states;
|
||||
private State[] states;
|
||||
|
||||
/**
|
||||
* Flag indicating if secure processing is set
|
||||
@ -246,8 +246,33 @@ public class JdkXmlFeatures {
|
||||
states[f.ordinal()] = State.DEFAULT;
|
||||
}
|
||||
}
|
||||
//read system properties or jaxp.properties
|
||||
readSystemProperties();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a copy of the JdkXmlFeatures.
|
||||
* @return a copy of the JdkXmlFeatures
|
||||
*/
|
||||
public JdkXmlFeatures clone() {
|
||||
try {
|
||||
JdkXmlFeatures copy = (JdkXmlFeatures) super.clone();
|
||||
copy.featureValues = this.featureValues.clone();
|
||||
copy.states = this.states.clone();
|
||||
return copy;
|
||||
} catch (CloneNotSupportedException e) {
|
||||
// shouldn't happen as this class is Cloneable
|
||||
throw new InternalError(e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a copy of the JdkXmlFeatures that is updated with the
|
||||
* current System Properties.
|
||||
* @return a copy of the JdkXmlFeatures
|
||||
*/
|
||||
public JdkXmlFeatures cloneAndUpdate() {
|
||||
JdkXmlFeatures copy = clone();
|
||||
copy.readSystemProperties();
|
||||
return copy;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -387,33 +412,29 @@ public class JdkXmlFeatures {
|
||||
}
|
||||
|
||||
/**
|
||||
* Read from system properties, or those in jaxp.properties
|
||||
* Read the system property, or the setting in the Jaxp Configuration File
|
||||
* corresponding to the XmlFeature.
|
||||
*
|
||||
* @param property the type of the property
|
||||
* @param sysPropertyName the name of system property
|
||||
* @param feature the XmlFeature
|
||||
* @param sysPropertyName the corresponding system property
|
||||
* @return true if the system property is found, false otherwise
|
||||
*/
|
||||
private boolean getSystemProperty(XmlFeature feature, String sysPropertyName) {
|
||||
try {
|
||||
String value = System.getProperty(sysPropertyName);
|
||||
if (value == null && feature.systemPropertyOld() != null) {
|
||||
// legacy system property
|
||||
value = System.getProperty(feature.systemPropertyOld());
|
||||
}
|
||||
String value = System.getProperty(sysPropertyName);
|
||||
if (value == null && feature.systemPropertyOld() != null) {
|
||||
// legacy system property
|
||||
value = System.getProperty(feature.systemPropertyOld());
|
||||
}
|
||||
|
||||
if (value != null && !value.isEmpty()) {
|
||||
setFeature(feature, State.SYSTEMPROPERTY, Boolean.parseBoolean(value));
|
||||
return true;
|
||||
}
|
||||
if (value != null && !value.isEmpty()) {
|
||||
setFeature(feature, State.SYSTEMPROPERTY, Boolean.parseBoolean(value));
|
||||
return true;
|
||||
}
|
||||
|
||||
value = SecuritySupport.readConfig(sysPropertyName);
|
||||
if (value != null && !value.isEmpty()) {
|
||||
setFeature(feature, State.JAXPDOTPROPERTIES, Boolean.parseBoolean(value));
|
||||
return true;
|
||||
}
|
||||
} catch (NumberFormatException e) {
|
||||
//invalid setting
|
||||
throw new NumberFormatException("Invalid setting for system property: " + feature.systemProperty());
|
||||
value = SecuritySupport.readConfig(sysPropertyName);
|
||||
if (value != null && !value.isEmpty()) {
|
||||
setFeature(feature, State.JAXPDOTPROPERTIES, Boolean.parseBoolean(value));
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2025, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -140,54 +140,7 @@ public class SecuritySupport {
|
||||
* found
|
||||
*/
|
||||
public static String readConfig(String propName, boolean stax) {
|
||||
// always load the default configuration file
|
||||
if (firstTime) {
|
||||
synchronized (cacheProps) {
|
||||
if (firstTime) {
|
||||
boolean found = loadProperties(
|
||||
Paths.get(System.getProperty("java.home"),
|
||||
"conf", "jaxp.properties")
|
||||
.toAbsolutePath().normalize().toString());
|
||||
|
||||
// attempts to find stax.properties only if jaxp.properties is not available
|
||||
if (stax && !found) {
|
||||
found = loadProperties(
|
||||
Paths.get(System.getProperty("java.home"),
|
||||
"conf", "stax.properties")
|
||||
.toAbsolutePath().normalize().toString()
|
||||
);
|
||||
}
|
||||
|
||||
// load the custom configure on top of the default if any
|
||||
String configFile = System.getProperty(JdkConstants.CONFIG_FILE_PROPNAME);
|
||||
if (configFile != null) {
|
||||
loadProperties(configFile);
|
||||
}
|
||||
|
||||
firstTime = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return cacheProps.getProperty(propName);
|
||||
}
|
||||
|
||||
/**
|
||||
* Loads the properties from the specified file into the cache.
|
||||
* @param file the specified file
|
||||
* @return true if success, false otherwise
|
||||
*/
|
||||
private static boolean loadProperties(String file) {
|
||||
File f = new File(file);
|
||||
if (SecuritySupport.doesFileExist(f)) {
|
||||
try (final InputStream in = SecuritySupport.getFileInputStream(f)) {
|
||||
cacheProps.load(in);
|
||||
return true;
|
||||
} catch (IOException e) {
|
||||
// shouldn't happen, but required by method getFileInputStream
|
||||
}
|
||||
}
|
||||
return false;
|
||||
return JdkXmlConfig.getInstance(stax).getJaxpConfig().getProperty(propName);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2013, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2013, 2025, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -44,7 +44,7 @@ import org.xml.sax.SAXException;
|
||||
* This class manages standard and implementation-specific limitations.
|
||||
*
|
||||
*/
|
||||
public final class XMLSecurityManager {
|
||||
public final class XMLSecurityManager implements Cloneable {
|
||||
|
||||
public static final String DTD_KEY = JdkConstants.DTD_PROPNAME;
|
||||
|
||||
@ -232,7 +232,7 @@ public final class XMLSecurityManager {
|
||||
/**
|
||||
* Values of the properties
|
||||
*/
|
||||
private final int[] values;
|
||||
private int[] values;
|
||||
|
||||
/**
|
||||
* States of the settings for each property
|
||||
@ -283,31 +283,36 @@ public final class XMLSecurityManager {
|
||||
states[limit.ordinal()] = State.DEFAULT;
|
||||
}
|
||||
}
|
||||
|
||||
//read system properties or the config file (jaxp.properties by default)
|
||||
readSystemProperties();
|
||||
// prepare the JDK Catalog
|
||||
prepareCatalog();
|
||||
}
|
||||
|
||||
/**
|
||||
* Flag indicating whether the JDK Catalog has been initialized
|
||||
* Returns a copy of the XMLSecurityManager.
|
||||
* @return a copy of the XMLSecurityManager
|
||||
*/
|
||||
static volatile boolean jdkcatalogInitialized = false;
|
||||
private final Object lock = new Object();
|
||||
|
||||
private void prepareCatalog() {
|
||||
if (!jdkcatalogInitialized) {
|
||||
synchronized (lock) {
|
||||
if (!jdkcatalogInitialized) {
|
||||
jdkcatalogInitialized = true;
|
||||
String resolve = getLimitValueAsString(Limit.JDKCATALOG_RESOLVE);
|
||||
JdkCatalog.init(resolve);
|
||||
}
|
||||
}
|
||||
public XMLSecurityManager clone() {
|
||||
try {
|
||||
XMLSecurityManager copy = (XMLSecurityManager) super.clone();
|
||||
copy.values = this.values.clone();
|
||||
copy.states = this.states.clone();
|
||||
copy.isSet = this.isSet.clone();
|
||||
return copy;
|
||||
} catch (CloneNotSupportedException e) {
|
||||
// shouldn't happen as this class is Cloneable
|
||||
throw new InternalError(e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a copy of the XMLSecurityManager that is updated with the
|
||||
* current System Properties.
|
||||
* @return a copy of the XMLSecurityManager
|
||||
*/
|
||||
public XMLSecurityManager cloneAndUpdate() {
|
||||
XMLSecurityManager copy = clone();
|
||||
copy.readSystemProperties();
|
||||
return copy;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the JDKCatalogResolver with the current setting of the RESOLVE
|
||||
* property.
|
||||
@ -316,7 +321,8 @@ public final class XMLSecurityManager {
|
||||
*/
|
||||
public CatalogResolver getJDKCatalogResolver() {
|
||||
String resolve = getLimitValueAsString(Limit.JDKCATALOG_RESOLVE);
|
||||
return CatalogManager.catalogResolver(JdkCatalog.catalog, toActionType(resolve));
|
||||
return CatalogManager.catalogResolver(
|
||||
JdkXmlConfig.getInstance(false).getJdkCatalog(), toActionType(resolve));
|
||||
}
|
||||
|
||||
// convert the string value of the RESOLVE property to the corresponding
|
||||
|
||||
@ -31,33 +31,39 @@ import javax.xml.XMLConstants;
|
||||
* This class manages security related properties
|
||||
*
|
||||
*/
|
||||
public final class XMLSecurityPropertyManager extends FeaturePropertyBase {
|
||||
public final class XMLSecurityPropertyManager extends FeaturePropertyBase implements Cloneable {
|
||||
|
||||
/**
|
||||
* Properties managed by the security property manager
|
||||
*/
|
||||
public static enum Property {
|
||||
ACCESS_EXTERNAL_DTD(XMLConstants.ACCESS_EXTERNAL_DTD,
|
||||
ACCESS_EXTERNAL_DTD(XMLConstants.ACCESS_EXTERNAL_DTD, JdkConstants.SP_ACCESS_EXTERNAL_DTD,
|
||||
JdkConstants.EXTERNAL_ACCESS_DEFAULT),
|
||||
ACCESS_EXTERNAL_SCHEMA(XMLConstants.ACCESS_EXTERNAL_SCHEMA,
|
||||
ACCESS_EXTERNAL_SCHEMA(XMLConstants.ACCESS_EXTERNAL_SCHEMA, JdkConstants.SP_ACCESS_EXTERNAL_SCHEMA,
|
||||
JdkConstants.EXTERNAL_ACCESS_DEFAULT),
|
||||
ACCESS_EXTERNAL_STYLESHEET(XMLConstants.ACCESS_EXTERNAL_STYLESHEET,
|
||||
ACCESS_EXTERNAL_STYLESHEET(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, JdkConstants.SP_ACCESS_EXTERNAL_STYLESHEET,
|
||||
JdkConstants.EXTERNAL_ACCESS_DEFAULT);
|
||||
|
||||
final String name;
|
||||
final String apiProperty;
|
||||
final String systemProperty;
|
||||
final String defaultValue;
|
||||
|
||||
Property(String name, String value) {
|
||||
this.name = name;
|
||||
Property(String apiProperty, String systemProperty, String value) {
|
||||
this.apiProperty = apiProperty;
|
||||
this.systemProperty = systemProperty;
|
||||
this.defaultValue = value;
|
||||
}
|
||||
|
||||
public boolean equalsName(String propertyName) {
|
||||
return (propertyName == null) ? false : name.equals(propertyName);
|
||||
return (propertyName == null) ? false :
|
||||
(apiProperty.equals(propertyName) || systemProperty.equals(propertyName));
|
||||
}
|
||||
|
||||
public String propertyName() {
|
||||
return name;
|
||||
return apiProperty;
|
||||
}
|
||||
public String systemProperty() {
|
||||
return systemProperty;
|
||||
}
|
||||
String defaultValue() {
|
||||
return defaultValue;
|
||||
@ -72,8 +78,33 @@ public final class XMLSecurityPropertyManager extends FeaturePropertyBase {
|
||||
for (Property property : Property.values()) {
|
||||
values[property.ordinal()] = property.defaultValue();
|
||||
}
|
||||
//read system properties or jaxp.properties
|
||||
readSystemProperties();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a copy of the XMLSecurityManager.
|
||||
* @return a copy of the XMLSecurityManager
|
||||
*/
|
||||
public XMLSecurityPropertyManager clone() {
|
||||
try {
|
||||
XMLSecurityPropertyManager copy = (XMLSecurityPropertyManager) super.clone();
|
||||
copy.values = this.values.clone();
|
||||
copy.states = this.states.clone();
|
||||
return copy;
|
||||
} catch (CloneNotSupportedException e) {
|
||||
// shouldn't happen as this class is Cloneable
|
||||
throw new InternalError(e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a copy of the XMLSecurityPropertyManager that is updated with the
|
||||
* current System Properties.
|
||||
* @return a copy of the XMLSecurityPropertyManager
|
||||
*/
|
||||
public XMLSecurityPropertyManager cloneAndUpdate() {
|
||||
XMLSecurityPropertyManager copy = clone();
|
||||
copy.readSystemProperties();
|
||||
return copy;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -133,13 +164,18 @@ public final class XMLSecurityPropertyManager extends FeaturePropertyBase {
|
||||
/**
|
||||
* Read from system properties, or those in jaxp.properties
|
||||
*/
|
||||
private void readSystemProperties() {
|
||||
getSystemProperty(Property.ACCESS_EXTERNAL_DTD,
|
||||
JdkConstants.SP_ACCESS_EXTERNAL_DTD);
|
||||
getSystemProperty(Property.ACCESS_EXTERNAL_SCHEMA,
|
||||
JdkConstants.SP_ACCESS_EXTERNAL_SCHEMA);
|
||||
getSystemProperty(Property.ACCESS_EXTERNAL_STYLESHEET,
|
||||
JdkConstants.SP_ACCESS_EXTERNAL_STYLESHEET);
|
||||
public void readSystemProperties() {
|
||||
for (Property property : Property.values()) {
|
||||
if (State.SYSTEMPROPERTY.compareTo(states[property.ordinal()]) >= 0 &&
|
||||
property.systemProperty() != null) {
|
||||
// attempts to read the System Property
|
||||
if (!getSystemProperty(property, property.systemProperty())) {
|
||||
//if system property is not found, try the config file
|
||||
if (State.JAXPDOTPROPERTIES.compareTo(states[property.ordinal()]) >= 0) {
|
||||
getPropertyConfig(property, property.systemProperty());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user