diff --git a/src/java.xml/share/classes/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java b/src/java.xml/share/classes/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java index ee730d3900a..ca56223aa44 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java @@ -69,14 +69,15 @@ import javax.xml.transform.stream.StreamSource; import jdk.xml.internal.FeaturePropertyBase; import jdk.xml.internal.JdkConstants; import jdk.xml.internal.JdkProperty; +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.JdkXmlFeatures; import jdk.xml.internal.JdkXmlUtils; import jdk.xml.internal.JdkProperty.ImplPropMap; import jdk.xml.internal.JdkProperty.State; import jdk.xml.internal.TransformErrorListener; import jdk.xml.internal.XMLSecurityManager; -import jdk.xml.internal.XMLSecurityPropertyManager.Property; import jdk.xml.internal.XMLSecurityPropertyManager; +import jdk.xml.internal.XMLSecurityPropertyManager.Property; import org.xml.sax.InputSource; import org.xml.sax.SAXException; import org.xml.sax.XMLFilter; @@ -87,7 +88,7 @@ import org.xml.sax.XMLReader; * @author G. Todd Miller * @author Morten Jorgensen * @author Santiago Pericas-Geertsen - * @LastModified: Apr 2025 + * @LastModified: May 2025 */ public class TransformerFactoryImpl extends SAXTransformerFactory implements SourceLoader @@ -265,17 +266,18 @@ public class TransformerFactoryImpl * javax.xml.transform.sax.TransformerFactory implementation. */ public TransformerFactoryImpl() { - _xmlFeatures = new JdkXmlFeatures(!_isNotSecureProcessing); + JdkXmlConfig config = JdkXmlConfig.getInstance(false); + // security (property) managers updated with current system properties + _xmlSecurityManager = config.getXMLSecurityManager(true); + _xmlSecurityPropertyMgr = config.getXMLSecurityPropertyManager(true); + _xmlFeatures = config.getXMLFeatures(true); _overrideDefaultParser = _xmlFeatures.getFeature( JdkXmlFeatures.XmlFeature.JDK_OVERRIDE_PARSER); - _xmlSecurityPropertyMgr = new XMLSecurityPropertyManager(); _accessExternalDTD = _xmlSecurityPropertyMgr.getValue( Property.ACCESS_EXTERNAL_DTD); _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue( Property.ACCESS_EXTERNAL_STYLESHEET); - //Parser's security manager - _xmlSecurityManager = new XMLSecurityManager(true); //Unmodifiable hash map with loaded external extension functions _xsltcExtensionFunctions = null; _extensionClassLoader = new JdkProperty<>(ImplPropMap.EXTCLSLOADER, diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java index 7cf53f7478d..6c639c27c2c 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java @@ -53,6 +53,7 @@ import java.util.StringTokenizer; import javax.xml.XMLConstants; import javax.xml.catalog.CatalogFeatures; import jdk.xml.internal.JdkConstants; +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.JdkXmlUtils; import jdk.xml.internal.XMLSecurityManager; import jdk.xml.internal.XMLSecurityPropertyManager; @@ -71,7 +72,7 @@ import org.w3c.dom.ls.LSResourceResolver; * * @author Elena Litani, IBM * @author Neeraj Bajaj, Sun Microsystems. - * @LastModified: Apr 2025 + * @LastModified: May 2025 */ public class DOMConfigurationImpl extends ParserConfigurationSettings implements XMLParserConfiguration, DOMConfiguration { @@ -414,10 +415,10 @@ public class DOMConfigurationImpl extends ParserConfigurationSettings fValidationManager = createValidationManager(); setProperty(VALIDATION_MANAGER, fValidationManager); - setProperty(SECURITY_MANAGER, new XMLSecurityManager(true)); + setProperty(SECURITY_MANAGER, JdkXmlConfig.getInstance(false).getXMLSecurityManager(false)); setProperty(JdkConstants.XML_SECURITY_PROPERTY_MANAGER, - new XMLSecurityPropertyManager()); + JdkXmlConfig.getInstance(false).getXMLSecurityPropertyManager(false)); // add message formatters if (fErrorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) { diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/PropertyManager.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/PropertyManager.java index 8d83f039617..c759920c372 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/PropertyManager.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/PropertyManager.java @@ -31,6 +31,7 @@ import javax.xml.stream.XMLInputFactory; import javax.xml.stream.XMLOutputFactory; import javax.xml.stream.XMLResolver; import jdk.xml.internal.JdkConstants; +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.JdkXmlUtils; import jdk.xml.internal.XMLSecurityManager; import jdk.xml.internal.XMLSecurityPropertyManager; @@ -44,7 +45,7 @@ import jdk.xml.internal.XMLSecurityPropertyManager; * @author K Venugopal * @author Sunitha Reddy * - * @LastModified: Apr 2025 + * @LastModified: May 2025 */ public class PropertyManager { @@ -66,6 +67,7 @@ public class PropertyManager { HashMap supportedProps = new HashMap<>(); + JdkXmlConfig config = JdkXmlConfig.getInstance(true); private XMLSecurityManager fSecurityManager; private XMLSecurityPropertyManager fSecurityPropertyMgr; @@ -141,9 +143,9 @@ public class PropertyManager { supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_DUPLICATE_ENTITYDEF_FEATURE, false); supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_UNDECLARED_ELEMDEF_FEATURE, false); - fSecurityManager = new XMLSecurityManager(true); + fSecurityManager = config.getXMLSecurityManager(true); + fSecurityPropertyMgr = config.getXMLSecurityPropertyManager(true); supportedProps.put(SECURITY_MANAGER, fSecurityManager); - fSecurityPropertyMgr = new XMLSecurityPropertyManager(); supportedProps.put(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr); // Initialize Catalog features @@ -232,7 +234,7 @@ public class PropertyManager { } if (property.equals(JdkConstants.XML_SECURITY_PROPERTY_MANAGER)) { if (value == null) { - fSecurityPropertyMgr = new XMLSecurityPropertyManager(); + fSecurityPropertyMgr = config.getXMLSecurityPropertyManager(true); } else { fSecurityPropertyMgr = (XMLSecurityPropertyManager) value; } diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java index dbe03d41017..99b4193b39c 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java @@ -49,15 +49,14 @@ import java.util.Stack; import java.util.StringTokenizer; import javax.xml.XMLConstants; import javax.xml.catalog.CatalogException; -import javax.xml.catalog.CatalogFeatures.Feature; import javax.xml.catalog.CatalogFeatures; import javax.xml.catalog.CatalogManager; import javax.xml.catalog.CatalogResolver; import javax.xml.stream.XMLInputFactory; import javax.xml.transform.Source; -import jdk.xml.internal.JdkCatalog; import jdk.xml.internal.JdkConstants; import jdk.xml.internal.JdkProperty; +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.JdkXmlUtils; import jdk.xml.internal.SecuritySupport; import jdk.xml.internal.XMLLimitAnalyzer; @@ -94,7 +93,7 @@ import org.xml.sax.InputSource; * @author K.Venugopal SUN Microsystems * @author Neeraj Bajaj SUN Microsystems * @author Sunitha Reddy SUN Microsystems - * @LastModified: Apr 2025 + * @LastModified: May 2025 */ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { @@ -436,7 +435,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { * If this constructor is used to create the object, reset() should be invoked on this object */ public XMLEntityManager() { - this(null, new XMLSecurityManager(true)); + this(null, JdkXmlConfig.getInstance(false).getXMLSecurityManager(false)); } public XMLEntityManager(XMLSecurityPropertyManager securityPropertyMgr, XMLSecurityManager securityManager) { @@ -1055,7 +1054,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { && JdkXmlUtils.isResolveContinue(fCatalogFeatures)) { initJdkCatalogResolver(); - staxInputSource = resolveWithCatalogStAX(fDefCR, JdkCatalog.JDKCATALOG, publicId, literalSystemId); + staxInputSource = resolveWithCatalogStAX(fDefCR, JdkXmlConfig.JDKCATALOG_FILE, publicId, literalSystemId); } // Step 4: default resolution if not resolved by a resolver and the RESOLVE @@ -1697,7 +1696,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver { // JAXP 1.5 feature XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager) componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER, null); if (spm == null) { - spm = new XMLSecurityPropertyManager(); + spm = JdkXmlConfig.getInstance(false).getXMLSecurityPropertyManager(false); } fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD); diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaLoader.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaLoader.java index f93818683c6..b4b76546d6d 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaLoader.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaLoader.java @@ -74,6 +74,7 @@ import java.util.StringTokenizer; import java.util.WeakHashMap; import javax.xml.XMLConstants; import jdk.xml.internal.JdkConstants; +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.JdkXmlUtils; import jdk.xml.internal.XMLSecurityManager; import jdk.xml.internal.XMLSecurityPropertyManager; @@ -102,7 +103,7 @@ import org.xml.sax.InputSource; * @xerces.internal * * @author Neil Graham, IBM - * @LastModified: Apr 2025 + * @LastModified: May 2025 */ public class XMLSchemaLoader implements XMLGrammarLoader, XMLComponent, XSElementDeclHelper, @@ -1001,13 +1002,13 @@ XSLoader, DOMConfiguration { XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER); if (spm == null) { - spm = new XMLSecurityPropertyManager(); + spm = JdkXmlConfig.getInstance(false).getXMLSecurityPropertyManager(false); setProperty(XML_SECURITY_PROPERTY_MANAGER, spm); } XMLSecurityManager sm = (XMLSecurityManager)componentManager.getProperty(SECURITY_MANAGER); if (sm == null) - setProperty(SECURITY_MANAGER,new XMLSecurityManager(true)); + setProperty(SECURITY_MANAGER, JdkXmlConfig.getInstance(false).getXMLSecurityManager(false)); faccessExternalSchema = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA); diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java index b5becbcbde2..13973615adb 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java @@ -105,6 +105,7 @@ import javax.xml.stream.XMLEventReader; import javax.xml.stream.XMLStreamException; import javax.xml.stream.XMLStreamReader; import jdk.xml.internal.JdkConstants; +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.JdkXmlUtils; import jdk.xml.internal.SecuritySupport; import jdk.xml.internal.XMLSecurityManager; @@ -131,7 +132,7 @@ import org.xml.sax.XMLReader; * @author Neil Graham, IBM * @author Pavani Mukthipudi, Sun Microsystems * - * @LastModified: Apr 2025 + * @LastModified: May 2025 */ public class XSDHandler { @@ -735,7 +736,8 @@ public class XSDHandler { fAnnotationValidator.setFeature(XMLSCHEMA_VALIDATION, true); fAnnotationValidator.setProperty(XMLGRAMMAR_POOL, fGrammarBucketAdapter); /** set security manager and XML Security Property Manager **/ - fAnnotationValidator.setProperty(SECURITY_MANAGER, (fSecurityManager != null) ? fSecurityManager : new XMLSecurityManager(true)); + fAnnotationValidator.setProperty(SECURITY_MANAGER, + (fSecurityManager != null) ? fSecurityManager : JdkXmlConfig.getInstance(false).getXMLSecurityManager(false)); fAnnotationValidator.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr); /** Set error handler. **/ fAnnotationValidator.setProperty(ERROR_HANDLER, (fErrorHandler != null) ? fErrorHandler : new DefaultErrorHandler()); diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderFactoryImpl.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderFactoryImpl.java index 2939058e7d4..385b8e29439 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderFactoryImpl.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderFactoryImpl.java @@ -29,6 +29,8 @@ import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.validation.Schema; + +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.JdkXmlUtils; import jdk.xml.internal.XMLSecurityManager; import jdk.xml.internal.XMLSecurityPropertyManager; @@ -39,7 +41,7 @@ import org.xml.sax.SAXNotSupportedException; /** * @author Rajiv Mordani * @author Edwin Goei - * @LastModified: Apr 2025 + * @LastModified: May 2025 */ public class DocumentBuilderFactoryImpl extends DocumentBuilderFactory { /** These are DocumentBuilderFactory attributes not DOM attributes */ @@ -54,8 +56,15 @@ public class DocumentBuilderFactoryImpl extends DocumentBuilderFactory { private boolean fSecureProcess = true; // used to verify attributes - XMLSecurityManager fSecurityManager = new XMLSecurityManager(true); - XMLSecurityPropertyManager fSecurityPropertyMgr = new XMLSecurityPropertyManager(); + XMLSecurityManager fSecurityManager; + XMLSecurityPropertyManager fSecurityPropertyMgr; + + public DocumentBuilderFactoryImpl() { + JdkXmlConfig config = JdkXmlConfig.getInstance(false); + // security (property) managers updated with current system properties + fSecurityManager = config.getXMLSecurityManager(true); + fSecurityPropertyMgr = config.getXMLSecurityPropertyManager(true); + } /** * Creates a new instance of a {@link javax.xml.parsers.DocumentBuilder} diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java index 43b986b9939..c885cb58cbc 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java @@ -59,7 +59,7 @@ import org.xml.sax.SAXNotSupportedException; /** * @author Rajiv Mordani * @author Edwin Goei - * @LastModified: Apr 2025 + * @LastModified: May 2025 */ public class DocumentBuilderImpl extends DocumentBuilder implements JAXPConstants @@ -140,7 +140,7 @@ public class DocumentBuilderImpl extends DocumentBuilder { domParser = new DOMParser(); - fSecurityPropertyMgr = new XMLSecurityPropertyManager(); + fSecurityPropertyMgr = dbf.fSecurityPropertyMgr; domParser.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr); fSecurityManager = dbf.fSecurityManager; diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/SAXParserFactoryImpl.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/SAXParserFactoryImpl.java index ab6a1548546..298f60708f3 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/SAXParserFactoryImpl.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/SAXParserFactoryImpl.java @@ -28,6 +28,7 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; import javax.xml.validation.Schema; +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.XMLSecurityManager; import jdk.xml.internal.XMLSecurityPropertyManager; import org.xml.sax.SAXException; @@ -42,7 +43,7 @@ import org.xml.sax.SAXNotSupportedException; * @author Rajiv Mordani * @author Edwin Goei * - * @LastModified: Apr 2025 + * @LastModified: May 2025 */ public class SAXParserFactoryImpl extends SAXParserFactory { @@ -68,8 +69,14 @@ public class SAXParserFactoryImpl extends SAXParserFactory { private boolean fSecureProcess = true; // Security Managers - XMLSecurityManager fSecurityManager = new XMLSecurityManager(true); - XMLSecurityPropertyManager fSecurityPropertyMgr = new XMLSecurityPropertyManager(); + XMLSecurityManager fSecurityManager; + XMLSecurityPropertyManager fSecurityPropertyMgr; + + public SAXParserFactoryImpl() { + JdkXmlConfig config = JdkXmlConfig.getInstance(false); + fSecurityManager = config.getXMLSecurityManager(true); + fSecurityPropertyMgr = config.getXMLSecurityPropertyManager(true); + } /** * Creates a new instance of SAXParser using the currently diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java index fe435aabbcc..9e729c9a9a2 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java @@ -43,6 +43,7 @@ import javax.xml.XMLConstants; import javax.xml.validation.Schema; import jdk.xml.internal.FeaturePropertyBase; import jdk.xml.internal.JdkConstants; +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.JdkXmlUtils; import jdk.xml.internal.XMLSecurityManager; import jdk.xml.internal.XMLSecurityPropertyManager; @@ -64,7 +65,7 @@ import org.xml.sax.helpers.DefaultHandler; * @author Rajiv Mordani * @author Edwin Goei * - * @LastModified: Apr 2025 + * @LastModified: May 2025 */ @SuppressWarnings("deprecation") public class SAXParserImpl extends javax.xml.parsers.SAXParser @@ -412,7 +413,7 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser * it is null. */ if (fSecurityManager == null) { - fSecurityManager = new XMLSecurityManager(true); + fSecurityManager = JdkXmlConfig.getInstance(false).getXMLSecurityManager(false); } try { super.setProperty(SECURITY_MANAGER, fSecurityManager); @@ -423,7 +424,7 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser } if (fSecurityPropertyMgr == null) { - fSecurityPropertyMgr = new XMLSecurityPropertyManager(); + fSecurityPropertyMgr = JdkXmlConfig.getInstance(false).getXMLSecurityPropertyManager(false); } try { super.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr); diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java index 338655306b4..ae0f1964cc9 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2025, Oracle and/or its affiliates. All rights reserved. */ /* * Licensed to the Apache Software Foundation (ASF) under one or more @@ -23,6 +23,7 @@ import com.sun.org.apache.xerces.internal.impl.Constants; import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter; import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter; import com.sun.org.apache.xerces.internal.parsers.XML11Configuration; +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.XMLSecurityManager; import com.sun.org.apache.xerces.internal.xni.XNIException; import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource; @@ -49,7 +50,7 @@ import org.xml.sax.SAXException; * * @author Michael Glavassevich, IBM * @author Sunitha Reddy - * @LastModified: July 2023 + * @LastModified: May 2025 */ final class StreamValidatorHelper implements ValidatorHelper { @@ -190,7 +191,7 @@ final class StreamValidatorHelper implements ValidatorHelper { private XMLParserConfiguration initialize() { XML11Configuration config = new XML11Configuration(); if (fComponentManager.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING)) { - config.setProperty(SECURITY_MANAGER, new XMLSecurityManager()); + config.setProperty(SECURITY_MANAGER, JdkXmlConfig.getInstance(false).getXMLSecurityManager(false)); } config.setProperty(ENTITY_RESOLVER, fComponentManager.getProperty(ENTITY_RESOLVER)); config.setProperty(ERROR_HANDLER, fComponentManager.getProperty(ERROR_HANDLER)); diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java index 82960821f4d..fff15165ae8 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java @@ -52,6 +52,7 @@ import jdk.xml.internal.FeaturePropertyBase; import jdk.xml.internal.JdkConstants; import jdk.xml.internal.JdkProperty; import jdk.xml.internal.JdkProperty.ImplPropMap; +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.JdkXmlFeatures; import jdk.xml.internal.JdkXmlUtils; import jdk.xml.internal.XMLSecurityManager; @@ -70,7 +71,7 @@ import org.xml.sax.SAXParseException; * * @author Kohsuke Kawaguchi * - * @LastModified: Apr 2025 + * @LastModified: May 2025 */ public final class XMLSchemaFactory extends SchemaFactory { @@ -152,19 +153,19 @@ public final class XMLSchemaFactory extends SchemaFactory { fXMLSchemaLoader.setErrorHandler(fErrorHandlerWrapper); fUseGrammarPoolOnly = true; - // Enable secure processing feature by default - fSecurityManager = new XMLSecurityManager(true); - fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager); + // security (property) managers updated with current system properties + JdkXmlConfig config = JdkXmlConfig.getInstance(false); + fSecurityManager = config.getXMLSecurityManager(true); + fSecurityPropertyMgr = config.getXMLSecurityPropertyManager(true); + fXmlFeatures = config.getXMLFeatures(true); - fSecurityPropertyMgr = new XMLSecurityPropertyManager(); - fXMLSchemaLoader.setProperty(XML_SECURITY_PROPERTY_MANAGER, - fSecurityPropertyMgr); + fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager); + fXMLSchemaLoader.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr); // use catalog fXMLSchemaLoader.setFeature(XMLConstants.USE_CATALOG, JdkXmlUtils.USE_CATALOG_DEFAULT); fXMLSchemaLoader.setProperty(JdkConstants.CDATA_CHUNK_SIZE, JdkConstants.CDATA_CHUNK_SIZE_DEFAULT); - fXmlFeatures = new JdkXmlFeatures(fSecurityManager.isSecureProcessing()); fOverrideDefaultParser = fXmlFeatures.getFeature( JdkXmlFeatures.XmlFeature.JDK_OVERRIDE_PARSER); fXMLSchemaLoader.setFeature(JdkConstants.OVERRIDE_PARSER, fOverrideDefaultParser); @@ -500,7 +501,7 @@ public final class XMLSchemaFactory extends SchemaFactory { return; } else if (name.equals(JdkConstants.XML_SECURITY_PROPERTY_MANAGER)) { if (object == null) { - fSecurityPropertyMgr = new XMLSecurityPropertyManager(); + fSecurityPropertyMgr = JdkXmlConfig.getInstance(false).getXMLSecurityPropertyManager(true); } else { fSecurityPropertyMgr = (XMLSecurityPropertyManager)object; } diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java index 419bfe4b250..b53c582e41f 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java @@ -48,6 +48,7 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException; import javax.xml.catalog.CatalogFeatures; import jdk.xml.internal.FeaturePropertyBase; import jdk.xml.internal.JdkConstants; +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.JdkXmlUtils; import jdk.xml.internal.XMLSecurityManager; import jdk.xml.internal.XMLSecurityPropertyManager; @@ -58,7 +59,7 @@ import org.xml.sax.ErrorHandler; *

An implementation of XMLComponentManager for a schema validator.

* * @author Michael Glavassevich, IBM - * @LastModified: Apr 2025 + * @LastModified: May 2025 */ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettings implements XMLComponentManager { @@ -298,7 +299,7 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin if (fInitSecurityManager != null ) { fInitSecurityManager.setSecureProcessing(secureProcessing); } else { - fInitSecurityManager = new XMLSecurityManager(secureProcessing); + fInitSecurityManager = JdkXmlConfig.getInstance(false).getXMLSecurityManager(false); } setProperty(SECURITY_MANAGER, fInitSecurityManager); diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/AbstractSAXParser.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/AbstractSAXParser.java index 614bd2fdc99..1c46c95dba7 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/AbstractSAXParser.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/AbstractSAXParser.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2025, Oracle and/or its affiliates. All rights reserved. */ /* * Licensed to the Apache Software Foundation (ASF) under one or more @@ -79,7 +79,7 @@ import org.xml.sax.helpers.LocatorImpl; * @author Arnaud Le Hors, IBM * @author Andy Clark, IBM * - * @LastModified: Jan 2024 + * @LastModified: May 2025 */ @SuppressWarnings("deprecation") public abstract class AbstractSAXParser @@ -1665,7 +1665,7 @@ public abstract class AbstractSAXParser else if (featureId.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) { if (state) { if (fConfiguration.getProperty(SECURITY_MANAGER )==null) { - fConfiguration.setProperty(SECURITY_MANAGER, new XMLSecurityManager()); + fConfiguration.setProperty(SECURITY_MANAGER, config.getXMLSecurityManager(true)); } } } diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/DOMParser.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/DOMParser.java index 220b45ad243..9bc3d319619 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/DOMParser.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/DOMParser.java @@ -61,7 +61,7 @@ import org.xml.sax.helpers.LocatorImpl; * * @author Arnaud Le Hors, IBM * @author Andy Clark, IBM - * @LastModified: Apr 2025 + * @LastModified: May 2025 */ public class DOMParser extends AbstractDOMParser { @@ -550,7 +550,7 @@ public class DOMParser } if (propertyId.equals(JdkConstants.XML_SECURITY_PROPERTY_MANAGER)) { if (value == null) { - securityPropertyManager = new XMLSecurityPropertyManager(); + securityPropertyManager = config.getXMLSecurityPropertyManager(true); } else { securityPropertyManager = (XMLSecurityPropertyManager)value; } @@ -559,12 +559,12 @@ public class DOMParser } if (securityManager == null) { - securityManager = new XMLSecurityManager(true); + securityManager = config.getXMLSecurityManager(true); setProperty0(Constants.SECURITY_MANAGER, securityManager); } if (securityPropertyManager == null) { - securityPropertyManager = new XMLSecurityPropertyManager(); + securityPropertyManager = config.getXMLSecurityPropertyManager(true); setProperty0(JdkConstants.XML_SECURITY_PROPERTY_MANAGER, securityPropertyManager); } int index = securityPropertyManager.getIndex(propertyId); diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/DTDConfiguration.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/DTDConfiguration.java index 92755d7bc90..35e23909db9 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/DTDConfiguration.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/DTDConfiguration.java @@ -50,8 +50,8 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLPullParserConfiguration; import javax.xml.XMLConstants; import javax.xml.catalog.CatalogFeatures; import jdk.xml.internal.JdkConstants; +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.JdkXmlUtils; -import jdk.xml.internal.XMLSecurityPropertyManager; /** * This is the DTD-only parser configuration. It extends the basic @@ -89,7 +89,7 @@ import jdk.xml.internal.XMLSecurityPropertyManager; * @author Arnaud Le Hors, IBM * @author Andy Clark, IBM * @author Neil Graham, IBM - * @LastModified: Apr 2025 + * @LastModified: May 2025 */ public class DTDConfiguration extends BasicParserConfiguration @@ -427,7 +427,8 @@ public class DTDConfiguration // REVISIT: What is the right thing to do? -Ac } - setProperty(XML_SECURITY_PROPERTY_MANAGER, new XMLSecurityPropertyManager()); + setProperty(XML_SECURITY_PROPERTY_MANAGER, + JdkXmlConfig.getInstance(false).getXMLSecurityPropertyManager(false)); // Initialize Catalog features for( CatalogFeatures.Feature f : CatalogFeatures.Feature.values()) { diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/NonValidatingConfiguration.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/NonValidatingConfiguration.java index b9e2b6fb77a..b2d3c25a1fc 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/NonValidatingConfiguration.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/NonValidatingConfiguration.java @@ -49,8 +49,8 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLPullParserConfiguration; import javax.xml.XMLConstants; import javax.xml.catalog.CatalogFeatures; import jdk.xml.internal.JdkConstants; +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.JdkXmlUtils; -import jdk.xml.internal.XMLSecurityPropertyManager; /** * This is the non validating parser configuration. It extends the basic @@ -390,7 +390,8 @@ public class NonValidatingConfiguration // REVISIT: What is the right thing to do? -Ac } - setProperty(XML_SECURITY_PROPERTY_MANAGER, new XMLSecurityPropertyManager()); + setProperty(XML_SECURITY_PROPERTY_MANAGER, + JdkXmlConfig.getInstance(false).getXMLSecurityPropertyManager(false)); // Initialize Catalog features for( CatalogFeatures.Feature f : CatalogFeatures.Feature.values()) { diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/SAXParser.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/SAXParser.java index 9690ff58339..52be34a5a37 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/SAXParser.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/SAXParser.java @@ -42,7 +42,7 @@ import org.xml.sax.SAXNotSupportedException; * @author Arnaud Le Hors, IBM * @author Andy Clark, IBM * - * @LastModified: Apr 2025 + * @LastModified: May 2025 */ public class SAXParser extends AbstractSAXParser { @@ -154,7 +154,7 @@ public class SAXParser } if (name.equals(JdkConstants.XML_SECURITY_PROPERTY_MANAGER)) { if (value == null) { - securityPropertyManager = new XMLSecurityPropertyManager(); + securityPropertyManager = config.getXMLSecurityPropertyManager(true); } else { securityPropertyManager = (XMLSecurityPropertyManager)value; } diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/SecurityConfiguration.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/SecurityConfiguration.java index 17924445bd1..c97096010b6 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/SecurityConfiguration.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/SecurityConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2025, Oracle and/or its affiliates. All rights reserved. */ /* * Licensed to the Apache Software Foundation (ASF) under one or more @@ -24,6 +24,7 @@ import com.sun.org.apache.xerces.internal.impl.Constants; import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool; import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager; import com.sun.org.apache.xerces.internal.util.SymbolTable; +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.XMLSecurityManager; /** @@ -43,7 +44,7 @@ import jdk.xml.internal.XMLSecurityManager; * * * @author Neil Graham, IBM - * @LastModified: July 2023 + * @LastModified: May 2025 */ public class SecurityConfiguration extends XIncludeAwareParserConfiguration { @@ -107,7 +108,8 @@ public class SecurityConfiguration extends XIncludeAwareParserConfiguration super(symbolTable, grammarPool, parentSettings); // create the SecurityManager property: - setProperty(SECURITY_MANAGER_PROPERTY, new XMLSecurityManager(true)); + setProperty(SECURITY_MANAGER_PROPERTY, + JdkXmlConfig.getInstance(false).getXMLSecurityManager(false)); } // (SymbolTable,XMLGrammarPool) } // class SecurityConfiguration diff --git a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/XMLParser.java b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/XMLParser.java index 2e27e8719d8..7d49e55ce46 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/XMLParser.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/parsers/XMLParser.java @@ -27,6 +27,7 @@ import com.sun.org.apache.xerces.internal.xni.XNIException; import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource; import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration; import jdk.xml.internal.JdkConstants; +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.Utils; import jdk.xml.internal.XMLSecurityManager; import jdk.xml.internal.XMLSecurityPropertyManager; @@ -50,7 +51,7 @@ import org.xml.sax.SAXNotRecognizedException; * * @author Arnaud Le Hors, IBM * @author Andy Clark, IBM - * @LastModified: Apr 2025 + * @LastModified: May 2025 */ public abstract class XMLParser { @@ -81,6 +82,8 @@ public abstract class XMLParser { /** The parser configuration. */ protected XMLParserConfiguration fConfiguration; + JdkXmlConfig config = JdkXmlConfig.getInstance(false); + /** The XML Security Manager. */ XMLSecurityManager securityManager; @@ -142,12 +145,12 @@ public abstract class XMLParser { */ void initSecurityManager(XMLSecurityPropertyManager spm, XMLSecurityManager sm) { if (securityManager == null) { - securityManager = sm != null ? sm : new XMLSecurityManager(true); + securityManager = sm != null ? sm : config.getXMLSecurityManager(true); } fConfiguration.setProperty(Constants.SECURITY_MANAGER, securityManager); if (securityPropertyManager == null) { - securityPropertyManager = spm != null ? spm : new XMLSecurityPropertyManager(); + securityPropertyManager = spm != null ? spm : config.getXMLSecurityPropertyManager(true); } fConfiguration.setProperty(JdkConstants.XML_SECURITY_PROPERTY_MANAGER, securityPropertyManager); } diff --git a/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/jaxp/XPathExpressionImpl.java b/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/jaxp/XPathExpressionImpl.java index 5ded2b99eaa..e3f25731e6d 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/jaxp/XPathExpressionImpl.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/jaxp/XPathExpressionImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2025, Oracle and/or its affiliates. All rights reserved. */ /* * Licensed to the Apache Software Foundation (ASF) under one or more @@ -31,6 +31,8 @@ import javax.xml.xpath.XPathExpressionException; import javax.xml.xpath.XPathFunctionException; import javax.xml.xpath.XPathFunctionResolver; import javax.xml.xpath.XPathVariableResolver; + +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.JdkXmlFeatures; import org.w3c.dom.Document; import org.xml.sax.InputSource; @@ -39,7 +41,7 @@ import org.xml.sax.InputSource; * The XPathExpression interface encapsulates a (compiled) XPath expression. * * @author Ramesh Mandava - * @LastModified: May 2022 + * @LastModified: May 2025 */ public class XPathExpressionImpl extends XPathImplUtil implements XPathExpression { @@ -49,7 +51,7 @@ public class XPathExpressionImpl extends XPathImplUtil implements XPathExpressio * from the context. */ protected XPathExpressionImpl() { - this(null, null, null, null, false, new JdkXmlFeatures(false)); + this(null, null, null, null, false, JdkXmlConfig.getInstance(false).getXMLFeatures(true)); }; protected XPathExpressionImpl(com.sun.org.apache.xpath.internal.XPath xpath, @@ -57,7 +59,7 @@ public class XPathExpressionImpl extends XPathImplUtil implements XPathExpressio XPathFunctionResolver functionResolver, XPathVariableResolver variableResolver) { this(xpath, prefixResolver, functionResolver, variableResolver, - false, new JdkXmlFeatures(false)); + false, JdkXmlConfig.getInstance(false).getXMLFeatures(true)); }; protected XPathExpressionImpl(com.sun.org.apache.xpath.internal.XPath xpath, diff --git a/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.java b/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.java index 7c5269f9d12..1288f1dbac3 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2024, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2025, Oracle and/or its affiliates. All rights reserved. */ /* * Licensed to the Apache Software Foundation (ASF) under one or more @@ -27,17 +27,15 @@ import javax.xml.xpath.XPathFactory; import javax.xml.xpath.XPathFactoryConfigurationException; import javax.xml.xpath.XPathFunctionResolver; import javax.xml.xpath.XPathVariableResolver; -import jdk.xml.internal.JdkConstants; -import jdk.xml.internal.JdkProperty; -import jdk.xml.internal.JdkXmlFeatures; -import jdk.xml.internal.XMLSecurityManager; + +import jdk.xml.internal.*; /** * The XPathFactory builds XPaths. * * @author Ramesh Mandava * - * @LastModified: Nov 2024 + * @LastModified: May 2025 */ public class XPathFactoryImpl extends XPathFactory { @@ -79,8 +77,9 @@ public class XPathFactoryImpl extends XPathFactory { * javax.xml.xpath.XPathFactory implementation. */ public XPathFactoryImpl() { - _featureManager = new JdkXmlFeatures(!_isNotSecureProcessing); - _xmlSecMgr = new XMLSecurityManager(true); + JdkXmlConfig config = JdkXmlConfig.getInstance(false); + _xmlSecMgr = config.getXMLSecurityManager(true); + _featureManager = config.getXMLFeatures(true); } /** diff --git a/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/jaxp/XPathImpl.java b/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/jaxp/XPathImpl.java index 79a06eec785..53099ad078e 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/jaxp/XPathImpl.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/jaxp/XPathImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2025, Oracle and/or its affiliates. All rights reserved. */ /* * Licensed to the Apache Software Foundation (ASF) under one or more @@ -32,6 +32,8 @@ import javax.xml.xpath.XPathExpression; import javax.xml.xpath.XPathExpressionException; import javax.xml.xpath.XPathFunctionResolver; import javax.xml.xpath.XPathVariableResolver; + +import jdk.xml.internal.JdkXmlConfig; import jdk.xml.internal.JdkXmlFeatures; import jdk.xml.internal.XMLSecurityManager; import org.w3c.dom.Document; @@ -48,7 +50,7 @@ import org.xml.sax.InputSource; * New methods: evaluateExpression * Refactored to share code with XPathExpressionImpl. * - * @LastModified: May 2022 + * @LastModified: May 2025 */ public class XPathImpl extends XPathImplUtil implements javax.xml.xpath.XPath { @@ -58,7 +60,9 @@ public class XPathImpl extends XPathImplUtil implements javax.xml.xpath.XPath { private NamespaceContext namespaceContext=null; XPathImpl(XPathVariableResolver vr, XPathFunctionResolver fr) { - this(vr, fr, false, new JdkXmlFeatures(false), new XMLSecurityManager(true)); + this(vr, fr, false, + JdkXmlConfig.getInstance(false).getXMLFeatures(false), + JdkXmlConfig.getInstance(false).getXMLSecurityManager(false)); } XPathImpl(XPathVariableResolver vr, XPathFunctionResolver fr, diff --git a/src/java.xml/share/classes/javax/xml/validation/SchemaFactory.java b/src/java.xml/share/classes/javax/xml/validation/SchemaFactory.java index 260ffa652fe..400a68581ea 100644 --- a/src/java.xml/share/classes/javax/xml/validation/SchemaFactory.java +++ b/src/java.xml/share/classes/javax/xml/validation/SchemaFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,6 +28,7 @@ package javax.xml.validation; import com.sun.org.apache.xerces.internal.jaxp.validation.XMLSchemaFactory; import java.io.File; import java.net.URL; +import javax.xml.transform.Result; import javax.xml.transform.Source; import javax.xml.transform.stream.StreamSource; import jdk.xml.internal.SecuritySupport; diff --git a/src/java.xml/share/classes/jdk/xml/internal/FeaturePropertyBase.java b/src/java.xml/share/classes/jdk/xml/internal/FeaturePropertyBase.java index 908ed77ebec..0a17ffa1121 100644 --- a/src/java.xml/share/classes/jdk/xml/internal/FeaturePropertyBase.java +++ b/src/java.xml/share/classes/jdk/xml/internal/FeaturePropertyBase.java @@ -186,27 +186,36 @@ public abstract class FeaturePropertyBase { /** - * Read from system properties, or those in jaxp.properties + * Reads the system property, and sets the value if successful. * * @param property the property * @param systemProperty the name of the system property */ - void getSystemProperty(Enum property, String systemProperty) { - try { - String value = System.getProperty(systemProperty); - if (value != null) { - values[property.ordinal()] = value; - states[property.ordinal()] = State.SYSTEMPROPERTY; - return; - } - - value = SecuritySupport.readConfig(systemProperty); - if (value != null) { - values[property.ordinal()] = value; - states[property.ordinal()] = State.JAXPDOTPROPERTIES; - } - } catch (NumberFormatException e) { - //invalid setting ignored + boolean getSystemProperty(Enum property, String systemProperty) { + String value = System.getProperty(systemProperty); + if (value != null) { + values[property.ordinal()] = value; + states[property.ordinal()] = State.SYSTEMPROPERTY; + return true; } + return false; + } + + /** + * Reads the property from the JAXP Configuration File. + * + * @param property the property + * @param sysPropertyName the name of the system property + * @return true if the property is read successfully from the JAXP Config, + * false otherwise. + */ + boolean getPropertyConfig(Enum property, String sysPropertyName) { + String value = SecuritySupport.readConfig(sysPropertyName); + if (value != null) { + values[property.ordinal()] = value; + states[property.ordinal()] = State.JAXPDOTPROPERTIES; + return true; + } + return false; } } diff --git a/src/java.xml/share/classes/jdk/xml/internal/JdkCatalog.java b/src/java.xml/share/classes/jdk/xml/internal/JdkCatalog.java deleted file mode 100644 index 51890307399..00000000000 --- a/src/java.xml/share/classes/jdk/xml/internal/JdkCatalog.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ -package jdk.xml.internal; - -import java.net.URI; -import javax.xml.catalog.Catalog; -import javax.xml.catalog.CatalogFeatures; -import javax.xml.catalog.CatalogManager; - -/** - * Represents the built-in Catalog that hosts the DTDs for the Java platform. - */ -public class JdkCatalog { - public static final String JDKCATALOG = "/jdk/xml/internal/jdkcatalog/JDKCatalog.xml"; - private static final String JDKCATALOG_URL = SecuritySupport.getResource(JDKCATALOG).toExternalForm(); - public static Catalog catalog; - - public static void init(String resolve) { - if (catalog == null) { - CatalogFeatures cf = JdkXmlUtils.getCatalogFeatures(null, JDKCATALOG_URL, null, resolve); - catalog = CatalogManager.catalog(cf, URI.create(JDKCATALOG_URL)); - } - } -} diff --git a/src/java.xml/share/classes/jdk/xml/internal/JdkXmlConfig.java b/src/java.xml/share/classes/jdk/xml/internal/JdkXmlConfig.java new file mode 100644 index 00000000000..b3f6c33570a --- /dev/null +++ b/src/java.xml/share/classes/jdk/xml/internal/JdkXmlConfig.java @@ -0,0 +1,180 @@ +/* + * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +package jdk.xml.internal; + +import javax.xml.catalog.Catalog; +import javax.xml.catalog.CatalogFeatures; +import javax.xml.catalog.CatalogManager; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.nio.file.Paths; +import java.util.Properties; + +/** + * Global configuration for JAXP components. A single instance of this class + * holds the properties from the JAXP Configuration File, the JDK built-in + * Catalog, a base XMLSecurityManager and XMLSecurityPropertyManager. + */ +public class JdkXmlConfig { + public static final String JDKCATALOG_FILE = "/jdk/xml/internal/jdkcatalog/JDKCatalog.xml"; + private static final String JDKCATALOG_URL = "jrt:/java.xml/jdk/xml/internal/jdkcatalog/JDKCatalog.xml"; + + // The JDK Configuration instance + private static volatile JdkXmlConfig INSTANCE; + // Represents properties set in JAXP Configuration File + private final Properties jaxpConfig = new Properties(); + // The security manager initialized when the JdkXmlConfig instance is created + private final XMLSecurityManager baseManager; + private final XMLSecurityPropertyManager basePropertyMgr; + private final JdkXmlFeatures baseFeatures; + + // The JDK built-in Catalog + private static class CatalogHolder { + private static final Catalog JDKCATALOG = CatalogManager.catalog( + CatalogFeatures.defaults(), URI.create(JDKCATALOG_URL)); + } + + /** + * Constructs an instance of this class. + * @param stax a flag indicating whether the call is from StAX + */ + private JdkXmlConfig(boolean stax) { + loadConfig(stax); + baseManager = new XMLSecurityManager(true); + basePropertyMgr = new XMLSecurityPropertyManager(); + baseFeatures = new JdkXmlFeatures(true); + } + + /** + * Returns the singleton instance of this class. + * @param stax a flag indicating whether the call is from StAX + * @return the singleton instance of this class + */ + public static JdkXmlConfig getInstance(boolean stax) { + if (INSTANCE == null) { + synchronized (JdkXmlConfig.class) { + if (INSTANCE == null) { + INSTANCE = new JdkXmlConfig(stax); + } + } + } + return INSTANCE; + } + + public Properties getJaxpConfig() { + return jaxpConfig; + } + + /** + * Returns a copy of the base XMLSecurityManager. + * @param update the flag indicating whether the copy should be updated + * @return a copy of the base XMLSecurityManager. + */ + public XMLSecurityManager getXMLSecurityManager(boolean update) { + return update ? baseManager.cloneAndUpdate() : baseManager.clone(); + } + + /** + * Returns a copy of the base XMLSecurityPropertyManager. + * @param update the flag indicating whether the copy should be updated + * @return a copy of the base XMLSecurityPropertyManager. + */ + public XMLSecurityPropertyManager getXMLSecurityPropertyManager(boolean update) { + return update ? basePropertyMgr.cloneAndUpdate() : basePropertyMgr.clone(); + } + + /** + * Returns a copy of the base XMLSecurityPropertyManager. + * @param update the flag indicating whether the copy should be updated + * @return a copy of the base XMLSecurityPropertyManager. + */ + public JdkXmlFeatures getXMLFeatures(boolean update) { + return update ? baseFeatures.cloneAndUpdate() : baseFeatures.clone(); + } + + /** + * Returns the JDK built-in Catalog. + * @return the JDK built-in Catalog + */ + public Catalog getJdkCatalog() { + return CatalogHolder.JDKCATALOG; + } + + /** + * Loads the JAXP Configuration file. + * The method reads the JDK default configuration that is typically located + * at $java.home/conf/jaxp.properties. On top of the default, if the System + * Property "java.xml.config.file" exists, the configuration file it points + * to will also be read. Any settings in it will then override those in the + * default. + * + * @param stax a flag indicating whether to read stax.properties + * @return the value of the specified property, null if the property is not + * found + */ + private void loadConfig(boolean stax) { + Properties properties = new Properties(); + // load the default configuration file + boolean found = loadProperties( + Paths.get(System.getProperty("java.home"), + "conf", "jaxp.properties") + .toAbsolutePath().normalize().toString()); + + // attempts to find stax.properties only if jaxp.properties is not available + if (stax && !found) { + found = loadProperties( + Paths.get(System.getProperty("java.home"), + "conf", "stax.properties") + .toAbsolutePath().normalize().toString() + ); + } + + // load the custom configure on top of the default if any + String configFile = System.getProperty(JdkConstants.CONFIG_FILE_PROPNAME); + if (configFile != null) { + loadProperties(configFile); + } + } + + /** + * Loads the properties from the specified file into the cache. + * @param file the specified file + * @return true if success, false otherwise + */ + private boolean loadProperties(String file) { + File f = new File(file); + if (SecuritySupport.doesFileExist(f)) { + try (final InputStream in = SecuritySupport.getFileInputStream(f)) { + jaxpConfig.load(in); + return true; + } catch (IOException e) { + // shouldn't happen, but required by method getFileInputStream + } + } + return false; + } +} diff --git a/src/java.xml/share/classes/jdk/xml/internal/JdkXmlFeatures.java b/src/java.xml/share/classes/jdk/xml/internal/JdkXmlFeatures.java index e8e5c2c83de..7016d2227ea 100644 --- a/src/java.xml/share/classes/jdk/xml/internal/JdkXmlFeatures.java +++ b/src/java.xml/share/classes/jdk/xml/internal/JdkXmlFeatures.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, 2024, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,7 +34,7 @@ import static jdk.xml.internal.JdkXmlUtils.SP_USE_CATALOG; * This class manages JDK's XML Features. Previously added features and properties * may be gradually moved to this class. */ -public class JdkXmlFeatures { +public class JdkXmlFeatures implements Cloneable { public static final String ORACLE_JAXP_PROPERTY_PREFIX = "http://www.oracle.com/xml/jaxp/properties/"; @@ -217,12 +217,12 @@ public class JdkXmlFeatures { /** * Values of the features */ - private final boolean[] featureValues; + private boolean[] featureValues; /** * States of the settings for each property */ - private final State[] states; + private State[] states; /** * Flag indicating if secure processing is set @@ -246,8 +246,33 @@ public class JdkXmlFeatures { states[f.ordinal()] = State.DEFAULT; } } - //read system properties or jaxp.properties - readSystemProperties(); + } + + /** + * Returns a copy of the JdkXmlFeatures. + * @return a copy of the JdkXmlFeatures + */ + public JdkXmlFeatures clone() { + try { + JdkXmlFeatures copy = (JdkXmlFeatures) super.clone(); + copy.featureValues = this.featureValues.clone(); + copy.states = this.states.clone(); + return copy; + } catch (CloneNotSupportedException e) { + // shouldn't happen as this class is Cloneable + throw new InternalError(e); + } + } + + /** + * Returns a copy of the JdkXmlFeatures that is updated with the + * current System Properties. + * @return a copy of the JdkXmlFeatures + */ + public JdkXmlFeatures cloneAndUpdate() { + JdkXmlFeatures copy = clone(); + copy.readSystemProperties(); + return copy; } /** @@ -387,33 +412,29 @@ public class JdkXmlFeatures { } /** - * Read from system properties, or those in jaxp.properties + * Read the system property, or the setting in the Jaxp Configuration File + * corresponding to the XmlFeature. * - * @param property the type of the property - * @param sysPropertyName the name of system property + * @param feature the XmlFeature + * @param sysPropertyName the corresponding system property * @return true if the system property is found, false otherwise */ private boolean getSystemProperty(XmlFeature feature, String sysPropertyName) { - try { - String value = System.getProperty(sysPropertyName); - if (value == null && feature.systemPropertyOld() != null) { - // legacy system property - value = System.getProperty(feature.systemPropertyOld()); - } + String value = System.getProperty(sysPropertyName); + if (value == null && feature.systemPropertyOld() != null) { + // legacy system property + value = System.getProperty(feature.systemPropertyOld()); + } - if (value != null && !value.isEmpty()) { - setFeature(feature, State.SYSTEMPROPERTY, Boolean.parseBoolean(value)); - return true; - } + if (value != null && !value.isEmpty()) { + setFeature(feature, State.SYSTEMPROPERTY, Boolean.parseBoolean(value)); + return true; + } - value = SecuritySupport.readConfig(sysPropertyName); - if (value != null && !value.isEmpty()) { - setFeature(feature, State.JAXPDOTPROPERTIES, Boolean.parseBoolean(value)); - return true; - } - } catch (NumberFormatException e) { - //invalid setting - throw new NumberFormatException("Invalid setting for system property: " + feature.systemProperty()); + value = SecuritySupport.readConfig(sysPropertyName); + if (value != null && !value.isEmpty()) { + setFeature(feature, State.JAXPDOTPROPERTIES, Boolean.parseBoolean(value)); + return true; } return false; } diff --git a/src/java.xml/share/classes/jdk/xml/internal/SecuritySupport.java b/src/java.xml/share/classes/jdk/xml/internal/SecuritySupport.java index dee62f58950..478d12220d7 100644 --- a/src/java.xml/share/classes/jdk/xml/internal/SecuritySupport.java +++ b/src/java.xml/share/classes/jdk/xml/internal/SecuritySupport.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -140,54 +140,7 @@ public class SecuritySupport { * found */ public static String readConfig(String propName, boolean stax) { - // always load the default configuration file - if (firstTime) { - synchronized (cacheProps) { - if (firstTime) { - boolean found = loadProperties( - Paths.get(System.getProperty("java.home"), - "conf", "jaxp.properties") - .toAbsolutePath().normalize().toString()); - - // attempts to find stax.properties only if jaxp.properties is not available - if (stax && !found) { - found = loadProperties( - Paths.get(System.getProperty("java.home"), - "conf", "stax.properties") - .toAbsolutePath().normalize().toString() - ); - } - - // load the custom configure on top of the default if any - String configFile = System.getProperty(JdkConstants.CONFIG_FILE_PROPNAME); - if (configFile != null) { - loadProperties(configFile); - } - - firstTime = false; - } - } - } - - return cacheProps.getProperty(propName); - } - - /** - * Loads the properties from the specified file into the cache. - * @param file the specified file - * @return true if success, false otherwise - */ - private static boolean loadProperties(String file) { - File f = new File(file); - if (SecuritySupport.doesFileExist(f)) { - try (final InputStream in = SecuritySupport.getFileInputStream(f)) { - cacheProps.load(in); - return true; - } catch (IOException e) { - // shouldn't happen, but required by method getFileInputStream - } - } - return false; + return JdkXmlConfig.getInstance(stax).getJaxpConfig().getProperty(propName); } /** diff --git a/src/java.xml/share/classes/jdk/xml/internal/XMLSecurityManager.java b/src/java.xml/share/classes/jdk/xml/internal/XMLSecurityManager.java index 90c222de40e..5ca4073e20f 100644 --- a/src/java.xml/share/classes/jdk/xml/internal/XMLSecurityManager.java +++ b/src/java.xml/share/classes/jdk/xml/internal/XMLSecurityManager.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2024, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -44,7 +44,7 @@ import org.xml.sax.SAXException; * This class manages standard and implementation-specific limitations. * */ -public final class XMLSecurityManager { +public final class XMLSecurityManager implements Cloneable { public static final String DTD_KEY = JdkConstants.DTD_PROPNAME; @@ -232,7 +232,7 @@ public final class XMLSecurityManager { /** * Values of the properties */ - private final int[] values; + private int[] values; /** * States of the settings for each property @@ -283,31 +283,36 @@ public final class XMLSecurityManager { states[limit.ordinal()] = State.DEFAULT; } } - - //read system properties or the config file (jaxp.properties by default) - readSystemProperties(); - // prepare the JDK Catalog - prepareCatalog(); } /** - * Flag indicating whether the JDK Catalog has been initialized + * Returns a copy of the XMLSecurityManager. + * @return a copy of the XMLSecurityManager */ - static volatile boolean jdkcatalogInitialized = false; - private final Object lock = new Object(); - - private void prepareCatalog() { - if (!jdkcatalogInitialized) { - synchronized (lock) { - if (!jdkcatalogInitialized) { - jdkcatalogInitialized = true; - String resolve = getLimitValueAsString(Limit.JDKCATALOG_RESOLVE); - JdkCatalog.init(resolve); - } - } + public XMLSecurityManager clone() { + try { + XMLSecurityManager copy = (XMLSecurityManager) super.clone(); + copy.values = this.values.clone(); + copy.states = this.states.clone(); + copy.isSet = this.isSet.clone(); + return copy; + } catch (CloneNotSupportedException e) { + // shouldn't happen as this class is Cloneable + throw new InternalError(e); } } + /** + * Returns a copy of the XMLSecurityManager that is updated with the + * current System Properties. + * @return a copy of the XMLSecurityManager + */ + public XMLSecurityManager cloneAndUpdate() { + XMLSecurityManager copy = clone(); + copy.readSystemProperties(); + return copy; + } + /** * Returns the JDKCatalogResolver with the current setting of the RESOLVE * property. @@ -316,7 +321,8 @@ public final class XMLSecurityManager { */ public CatalogResolver getJDKCatalogResolver() { String resolve = getLimitValueAsString(Limit.JDKCATALOG_RESOLVE); - return CatalogManager.catalogResolver(JdkCatalog.catalog, toActionType(resolve)); + return CatalogManager.catalogResolver( + JdkXmlConfig.getInstance(false).getJdkCatalog(), toActionType(resolve)); } // convert the string value of the RESOLVE property to the corresponding diff --git a/src/java.xml/share/classes/jdk/xml/internal/XMLSecurityPropertyManager.java b/src/java.xml/share/classes/jdk/xml/internal/XMLSecurityPropertyManager.java index 0f2725fe762..ff9ab621fab 100644 --- a/src/java.xml/share/classes/jdk/xml/internal/XMLSecurityPropertyManager.java +++ b/src/java.xml/share/classes/jdk/xml/internal/XMLSecurityPropertyManager.java @@ -31,33 +31,39 @@ import javax.xml.XMLConstants; * This class manages security related properties * */ -public final class XMLSecurityPropertyManager extends FeaturePropertyBase { +public final class XMLSecurityPropertyManager extends FeaturePropertyBase implements Cloneable { /** * Properties managed by the security property manager */ public static enum Property { - ACCESS_EXTERNAL_DTD(XMLConstants.ACCESS_EXTERNAL_DTD, + ACCESS_EXTERNAL_DTD(XMLConstants.ACCESS_EXTERNAL_DTD, JdkConstants.SP_ACCESS_EXTERNAL_DTD, JdkConstants.EXTERNAL_ACCESS_DEFAULT), - ACCESS_EXTERNAL_SCHEMA(XMLConstants.ACCESS_EXTERNAL_SCHEMA, + ACCESS_EXTERNAL_SCHEMA(XMLConstants.ACCESS_EXTERNAL_SCHEMA, JdkConstants.SP_ACCESS_EXTERNAL_SCHEMA, JdkConstants.EXTERNAL_ACCESS_DEFAULT), - ACCESS_EXTERNAL_STYLESHEET(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, + ACCESS_EXTERNAL_STYLESHEET(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, JdkConstants.SP_ACCESS_EXTERNAL_STYLESHEET, JdkConstants.EXTERNAL_ACCESS_DEFAULT); - final String name; + final String apiProperty; + final String systemProperty; final String defaultValue; - Property(String name, String value) { - this.name = name; + Property(String apiProperty, String systemProperty, String value) { + this.apiProperty = apiProperty; + this.systemProperty = systemProperty; this.defaultValue = value; } public boolean equalsName(String propertyName) { - return (propertyName == null) ? false : name.equals(propertyName); + return (propertyName == null) ? false : + (apiProperty.equals(propertyName) || systemProperty.equals(propertyName)); } public String propertyName() { - return name; + return apiProperty; + } + public String systemProperty() { + return systemProperty; } String defaultValue() { return defaultValue; @@ -72,8 +78,33 @@ public final class XMLSecurityPropertyManager extends FeaturePropertyBase { for (Property property : Property.values()) { values[property.ordinal()] = property.defaultValue(); } - //read system properties or jaxp.properties - readSystemProperties(); + } + + /** + * Returns a copy of the XMLSecurityManager. + * @return a copy of the XMLSecurityManager + */ + public XMLSecurityPropertyManager clone() { + try { + XMLSecurityPropertyManager copy = (XMLSecurityPropertyManager) super.clone(); + copy.values = this.values.clone(); + copy.states = this.states.clone(); + return copy; + } catch (CloneNotSupportedException e) { + // shouldn't happen as this class is Cloneable + throw new InternalError(e); + } + } + + /** + * Returns a copy of the XMLSecurityPropertyManager that is updated with the + * current System Properties. + * @return a copy of the XMLSecurityPropertyManager + */ + public XMLSecurityPropertyManager cloneAndUpdate() { + XMLSecurityPropertyManager copy = clone(); + copy.readSystemProperties(); + return copy; } /** @@ -133,13 +164,18 @@ public final class XMLSecurityPropertyManager extends FeaturePropertyBase { /** * Read from system properties, or those in jaxp.properties */ - private void readSystemProperties() { - getSystemProperty(Property.ACCESS_EXTERNAL_DTD, - JdkConstants.SP_ACCESS_EXTERNAL_DTD); - getSystemProperty(Property.ACCESS_EXTERNAL_SCHEMA, - JdkConstants.SP_ACCESS_EXTERNAL_SCHEMA); - getSystemProperty(Property.ACCESS_EXTERNAL_STYLESHEET, - JdkConstants.SP_ACCESS_EXTERNAL_STYLESHEET); + public void readSystemProperties() { + for (Property property : Property.values()) { + if (State.SYSTEMPROPERTY.compareTo(states[property.ordinal()]) >= 0 && + property.systemProperty() != null) { + // attempts to read the System Property + if (!getSystemProperty(property, property.systemProperty())) { + //if system property is not found, try the config file + if (State.JAXPDOTPROPERTIES.compareTo(states[property.ordinal()]) >= 0) { + getPropertyConfig(property, property.systemProperty()); + } + } + } + } } - }