185 "http://www.oracle.com/xml/jaxp/properties/";
186
187 //System Properties corresponding to ACCESS_EXTERNAL_* properties
188 public static final String SP_ACCESS_EXTERNAL_DTD = "javax.xml.accessExternalDTD";
189 public static final String SP_ACCESS_EXTERNAL_SCHEMA = "javax.xml.accessExternalSchema";
190 //all access keyword
191 public static final String ACCESS_EXTERNAL_ALL = "all";
192
193 /**
194 * Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
195 */
196 public static final String EXTERNAL_ACCESS_DEFAULT_FSP = "";
197 /**
198 * JDK version by which the default is to restrict external connection
199 */
200 public static final int RESTRICT_BY_DEFAULT_JDK_VERSION = 8;
201
202 /**
203 * FEATURE_SECURE_PROCESSING (FSP) is true by default
204 */
205 public static final String EXTERNAL_ACCESS_DEFAULT = getExternalAccessDefault(true);
206
207 //
208 // DOM features
209 //
210
211 /** Comments feature ("include-comments"). */
212 public static final String INCLUDE_COMMENTS_FEATURE = "include-comments";
213
214 /** Create cdata nodes feature ("create-cdata-nodes"). */
215 public static final String CREATE_CDATA_NODES_FEATURE = "create-cdata-nodes";
216
217 /** Feature id: load as infoset. */
218 public static final String LOAD_AS_INFOSET = "load-as-infoset";
219
220
221 //
222 // Constants: DOM Level 3 feature ids
223 //
224
225 public static final String DOM_CANONICAL_FORM = "canonical-form";
680 /** Returns an enumeration of the SAX properties. */
681 public static Enumeration getSAXProperties() {
682 return fgSAXProperties.length > 0
683 ? new ArrayEnumeration(fgSAXProperties) : fgEmptyEnumeration;
684 } // getSAXProperties():Enumeration
685
686 // xerces
687
688 /** Returns an enumeration of the Xerces features. */
689 public static Enumeration getXercesFeatures() {
690 return fgXercesFeatures.length > 0
691 ? new ArrayEnumeration(fgXercesFeatures) : fgEmptyEnumeration;
692 } // getXercesFeatures():Enumeration
693
694 /** Returns an enumeration of the Xerces properties. */
695 public static Enumeration getXercesProperties() {
696 return fgXercesProperties.length > 0
697 ? new ArrayEnumeration(fgXercesProperties) : fgEmptyEnumeration;
698 } // getXercesProperties():Enumeration
699
700 /**
701 * Determine the default value of the external access properties
702 *
703 * jaxp 1.5 does not require implementations to restrict by default
704 *
705 * For JDK8:
706 * The default value is 'file' (including jar:file); The keyword "all" grants permission
707 * to all protocols. When {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is on,
708 * the default value is an empty string indicating no access is allowed.
709 *
710 * For JDK7:
711 * The default value is 'all' granting permission to all protocols. If by default,
712 * {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is true, it should
713 * not change the default value. However, if {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING}
714 * is set explicitly, the values of the properties shall be set to an empty string
715 * indicating no access is allowed.
716 *
717 * @param isSecureProcessing indicating if Secure Processing is set
718 * @return default value
719 */
720 public static String getExternalAccessDefault(boolean isSecureProcessing) {
721 String defaultValue = "all";
722 if (isJDKandAbove(RESTRICT_BY_DEFAULT_JDK_VERSION)) {
723 defaultValue = "file";
724 if (isSecureProcessing) {
725 defaultValue = EXTERNAL_ACCESS_DEFAULT_FSP;
726 }
727 }
728 return defaultValue;
729 }
730
731 /*
732 * Check the version of the current JDK against that specified in the
733 * parameter
734 *
735 * There is a proposal to change the java version string to:
736 * MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
737 * This method would work with both the current format and that proposed
738 *
739 * @param compareTo a JDK version to be compared to
740 * @return true if the current version is the same or above that represented
741 * by the parameter
742 */
743 public static boolean isJDKandAbove(int compareTo) {
744 String javaVersion = SecuritySupport.getSystemProperty("java.version");
745 String versions[] = javaVersion.split("\\.", 3);
746 if (Integer.parseInt(versions[0]) >= compareTo ||
747 Integer.parseInt(versions[1]) >= compareTo) {
748 return true;
749 }
750 return false;
751 }
752
753 //
754 // Classes
755 //
756
757 /**
758 * An array enumeration.
759 *
760 * @author Andy Clark, IBM
761 */
762 static class ArrayEnumeration
763 implements Enumeration {
764
765 //
766 // Data
767 //
768
769 /** Array. */
770 private Object[] array;
771
772 /** Index. */
|
185 "http://www.oracle.com/xml/jaxp/properties/";
186
187 //System Properties corresponding to ACCESS_EXTERNAL_* properties
188 public static final String SP_ACCESS_EXTERNAL_DTD = "javax.xml.accessExternalDTD";
189 public static final String SP_ACCESS_EXTERNAL_SCHEMA = "javax.xml.accessExternalSchema";
190 //all access keyword
191 public static final String ACCESS_EXTERNAL_ALL = "all";
192
193 /**
194 * Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
195 */
196 public static final String EXTERNAL_ACCESS_DEFAULT_FSP = "";
197 /**
198 * JDK version by which the default is to restrict external connection
199 */
200 public static final int RESTRICT_BY_DEFAULT_JDK_VERSION = 8;
201
202 /**
203 * FEATURE_SECURE_PROCESSING (FSP) is true by default
204 */
205 public static final String EXTERNAL_ACCESS_DEFAULT = ACCESS_EXTERNAL_ALL;
206
207 //
208 // DOM features
209 //
210
211 /** Comments feature ("include-comments"). */
212 public static final String INCLUDE_COMMENTS_FEATURE = "include-comments";
213
214 /** Create cdata nodes feature ("create-cdata-nodes"). */
215 public static final String CREATE_CDATA_NODES_FEATURE = "create-cdata-nodes";
216
217 /** Feature id: load as infoset. */
218 public static final String LOAD_AS_INFOSET = "load-as-infoset";
219
220
221 //
222 // Constants: DOM Level 3 feature ids
223 //
224
225 public static final String DOM_CANONICAL_FORM = "canonical-form";
680 /** Returns an enumeration of the SAX properties. */
681 public static Enumeration getSAXProperties() {
682 return fgSAXProperties.length > 0
683 ? new ArrayEnumeration(fgSAXProperties) : fgEmptyEnumeration;
684 } // getSAXProperties():Enumeration
685
686 // xerces
687
688 /** Returns an enumeration of the Xerces features. */
689 public static Enumeration getXercesFeatures() {
690 return fgXercesFeatures.length > 0
691 ? new ArrayEnumeration(fgXercesFeatures) : fgEmptyEnumeration;
692 } // getXercesFeatures():Enumeration
693
694 /** Returns an enumeration of the Xerces properties. */
695 public static Enumeration getXercesProperties() {
696 return fgXercesProperties.length > 0
697 ? new ArrayEnumeration(fgXercesProperties) : fgEmptyEnumeration;
698 } // getXercesProperties():Enumeration
699
700
701 //
702 // Classes
703 //
704
705 /**
706 * An array enumeration.
707 *
708 * @author Andy Clark, IBM
709 */
710 static class ArrayEnumeration
711 implements Enumeration {
712
713 //
714 // Data
715 //
716
717 /** Array. */
718 private Object[] array;
719
720 /** Index. */
|