src/com/sun/org/apache/xerces/internal/impl/Constants.java
Print this page
@@ -18,10 +18,11 @@
* limitations under the License.
*/
package com.sun.org.apache.xerces.internal.impl;
+import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
import java.util.Enumeration;
import java.util.NoSuchElementException;
/**
* Commonly used constants.
@@ -136,10 +137,25 @@
/** XML string property ("xml-string"). */
public static final String XML_STRING_PROPERTY = "xml-string";
public static final String FEATURE_SECURE_PROCESSING = "http://javax.xml.XMLConstants/feature/secure-processing";
+ // Oracle Feature:
+ /**
+ * <p>Use Service Mechanism</p>
+ *
+ * <ul>
+ * <li>
+ * {@code true} instruct an object to use service mechanism to
+ * find a service implementation. This is the default behavior.
+ * </li>
+ * <li>
+ * {@code false} instruct an object to skip service mechanism and
+ * use the default implementation for that service.
+ * </li>
+ * </ul>
+ */
public static final String ORACLE_FEATURE_SERVICE_MECHANISM = "http://www.oracle.com/feature/use-service-mechanism";
/** Document XML version property ("document-xml-version"). */
public static final String DOCUMENT_XML_VERSION_PROPERTY = "document-xml-version";
@@ -158,10 +174,38 @@
/** JAXP schemaSource language: when used internally may include DTD namespace (DOM) */
public static final String SCHEMA_LANGUAGE = "schemaLanguage";
public static final String SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT = "elementAttributeLimit" ;
+ /** JAXP Standard property prefix ("http://javax.xml.XMLConstants/property/"). */
+ public static final String JAXPAPI_PROPERTY_PREFIX =
+ "http://javax.xml.XMLConstants/property/";
+
+ /** Oracle JAXP property prefix ("http://www.oracle.com/xml/jaxp/properties/"). */
+ public static final String ORACLE_JAXP_PROPERTY_PREFIX =
+ "http://www.oracle.com/xml/jaxp/properties/";
+
+ //System Properties corresponding to ACCESS_EXTERNAL_* properties
+ public static final String SP_ACCESS_EXTERNAL_DTD = "javax.xml.accessExternalDTD";
+ public static final String SP_ACCESS_EXTERNAL_SCHEMA = "javax.xml.accessExternalSchema";
+ //all access keyword
+ public static final String ACCESS_EXTERNAL_ALL = "all";
+
+ /**
+ * Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
+ */
+ public static final String EXTERNAL_ACCESS_DEFAULT_FSP = "";
+ /**
+ * JDK version by which the default is to restrict external connection
+ */
+ public static final int RESTRICT_BY_DEFAULT_JDK_VERSION = 8;
+
+ /**
+ * FEATURE_SECURE_PROCESSING (FSP) is true by default
+ */
+ public static final String EXTERNAL_ACCESS_DEFAULT = getExternalAccessDefault(true);
+
//
// DOM features
//
/** Comments feature ("include-comments"). */
@@ -651,10 +695,63 @@
public static Enumeration getXercesProperties() {
return fgXercesProperties.length > 0
? new ArrayEnumeration(fgXercesProperties) : fgEmptyEnumeration;
} // getXercesProperties():Enumeration
+ /**
+ * Determine the default value of the external access properties
+ *
+ * jaxp 1.5 does not require implementations to restrict by default
+ *
+ * For JDK8:
+ * The default value is 'file' (including jar:file); The keyword "all" grants permission
+ * to all protocols. When {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is on,
+ * the default value is an empty string indicating no access is allowed.
+ *
+ * For JDK7:
+ * The default value is 'all' granting permission to all protocols. If by default,
+ * {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is true, it should
+ * not change the default value. However, if {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING}
+ * is set explicitly, the values of the properties shall be set to an empty string
+ * indicating no access is allowed.
+ *
+ * @param isSecureProcessing indicating if Secure Processing is set
+ * @return default value
+ */
+ public static String getExternalAccessDefault(boolean isSecureProcessing) {
+ String defaultValue = "all";
+ if (isJDKandAbove(RESTRICT_BY_DEFAULT_JDK_VERSION)) {
+ defaultValue = "file";
+ if (isSecureProcessing) {
+ defaultValue = EXTERNAL_ACCESS_DEFAULT_FSP;
+ }
+ }
+ return defaultValue;
+ }
+
+ /*
+ * Check the version of the current JDK against that specified in the
+ * parameter
+ *
+ * There is a proposal to change the java version string to:
+ * MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
+ * This method would work with both the current format and that proposed
+ *
+ * @param compareTo a JDK version to be compared to
+ * @return true if the current version is the same or above that represented
+ * by the parameter
+ */
+ public static boolean isJDKandAbove(int compareTo) {
+ String javaVersion = SecuritySupport.getSystemProperty("java.version");
+ String versions[] = javaVersion.split("\\.", 3);
+ if (Integer.parseInt(versions[0]) >= compareTo ||
+ Integer.parseInt(versions[1]) >= compareTo) {
+ return true;
+ }
+ return false;
+ }
+
//
// Classes
//
/**