147 // This will keep the configuration from throwing an exception if it
148 // does not support XInclude.
149 if (spf.isXIncludeAware()) {
150 xmlReader.setFeature0(XINCLUDE_FEATURE, true);
151 }
152
153 xmlReader.setProperty0(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
154
155 xmlReader.setProperty0(SECURITY_MANAGER, fSecurityManager);
156
157 if (secureProcessing) {
158 /**
159 * By default, secure processing is set, no external access is allowed.
160 * However, we need to check if it is actively set on the factory since we
161 * allow the use of the System Property or jaxp.properties to override
162 * the default value
163 */
164 if (features != null) {
165
166 Boolean temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING);
167 if (temp != null) {
168 if (temp && Constants.IS_JDK8_OR_ABOVE) {
169 fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD,
170 XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
171 fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA,
172 XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
173
174 }
175 }
176 }
177 }
178
179 // Set application's features, followed by validation features.
180 setFeatures(features);
181
182 // If validating, provide a default ErrorHandler that prints
183 // validation errors with a warning telling the user to set an
184 // ErrorHandler.
185 if (spf.isValidating()) {
186 fInitErrorHandler = new DefaultValidationErrorHandler(xmlReader.getLocale());
187 xmlReader.setErrorHandler(fInitErrorHandler);
188 }
189 else {
190 fInitErrorHandler = xmlReader.getErrorHandler();
191 }
192 xmlReader.setFeature0(VALIDATION_FEATURE, spf.isValidating());
193
194 // Get the Schema object from the factory
|
147 // This will keep the configuration from throwing an exception if it
148 // does not support XInclude.
149 if (spf.isXIncludeAware()) {
150 xmlReader.setFeature0(XINCLUDE_FEATURE, true);
151 }
152
153 xmlReader.setProperty0(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
154
155 xmlReader.setProperty0(SECURITY_MANAGER, fSecurityManager);
156
157 if (secureProcessing) {
158 /**
159 * By default, secure processing is set, no external access is allowed.
160 * However, we need to check if it is actively set on the factory since we
161 * allow the use of the System Property or jaxp.properties to override
162 * the default value
163 */
164 if (features != null) {
165
166 Boolean temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING);
167 if (temp != null && temp) {
168 fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD,
169 XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
170 fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA,
171 XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
172 }
173 }
174 }
175
176 // Set application's features, followed by validation features.
177 setFeatures(features);
178
179 // If validating, provide a default ErrorHandler that prints
180 // validation errors with a warning telling the user to set an
181 // ErrorHandler.
182 if (spf.isValidating()) {
183 fInitErrorHandler = new DefaultValidationErrorHandler(xmlReader.getLocale());
184 xmlReader.setErrorHandler(fInitErrorHandler);
185 }
186 else {
187 fInitErrorHandler = xmlReader.getErrorHandler();
188 }
189 xmlReader.setFeature0(VALIDATION_FEATURE, spf.isValidating());
190
191 // Get the Schema object from the factory
|