src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java

Print this page

        

*** 43,52 **** --- 43,53 ---- import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter; import com.sun.org.apache.xerces.internal.util.SecurityManager; import com.sun.org.apache.xerces.internal.util.StAXInputSource; import com.sun.org.apache.xerces.internal.util.Status; import com.sun.org.apache.xerces.internal.util.XMLGrammarPoolImpl; + import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import com.sun.org.apache.xerces.internal.xni.XNIException; import com.sun.org.apache.xerces.internal.xni.grammars.Grammar; import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription; import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool; import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
*** 80,89 **** --- 81,96 ---- /** Property identifier: SecurityManager. */ private static final String SECURITY_MANAGER = Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; + /** property identifier: access external dtd. */ + public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD; + + /** Property identifier: access to external schema */ + public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA; + // // Data // /** The XMLSchemaLoader */
*** 130,139 **** --- 137,154 ---- fXMLSchemaLoader.setErrorHandler(fErrorHandlerWrapper); // Enable secure processing feature by default fSecurityManager = new SecurityManager(); fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager); + + //by default, the secure feature is set to true, otherwise the default would have been 'file' + String accessExternal = SecuritySupport.getDefaultAccessProperty( + Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT); + fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, accessExternal); + accessExternal = SecuritySupport.getDefaultAccessProperty( + Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT); + fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, accessExternal); } /** * <p>Is specified schema supported by this <code>SchemaFactory</code>?</p> *
*** 272,281 **** --- 287,297 ---- public Schema newSchema() throws SAXException { // Use a Schema that uses the system id as the equality source. AbstractXMLSchema schema = new WeakReferenceXMLSchema(); propagateFeatures(schema); + propagateProperties(schema); return schema; } public boolean getFeature(String name) throws SAXNotRecognizedException, SAXNotSupportedException {
*** 348,357 **** --- 364,375 ---- SAXMessageFormatter.formatMessage(null, "jaxp-secureprocessing-feature", null)); } fSecurityManager = value ? new SecurityManager() : null; fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager); + fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP); + fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP); return; } else if (name.equals(Constants.ORACLE_FEATURE_SERVICE_MECHANISM)) { //in secure mode, let _useServicesMechanism be determined by the constructor if (System.getSecurityManager() != null) return;
*** 416,425 **** --- 434,452 ---- boolean state = fXMLSchemaLoader.getFeature(features[i]); schema.setFeature(features[i], state); } } + private void propagateProperties(AbstractXMLSchema schema) { + String[] properties = fXMLSchemaLoader.getRecognizedProperties(); + for (int i = 0; i < properties.length; ++i) { + Object state = fXMLSchemaLoader.getProperty(properties[i]); + schema.setProperty(properties[i], state); + } + } + + /** * Extension of XMLGrammarPoolImpl which exposes the number of * grammars stored in the grammar pool. */ static class XMLGrammarPoolImplExtension extends XMLGrammarPoolImpl {