src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java
Print this page
@@ -25,10 +25,13 @@
import com.sun.org.apache.xalan.internal.XalanConstants;
import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
+import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager;
+import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.Property;
+import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.State;
import com.sun.org.apache.xalan.internal.xsltc.compiler.Constants;
import com.sun.org.apache.xalan.internal.xsltc.compiler.SourceLoader;
import com.sun.org.apache.xalan.internal.xsltc.compiler.XSLTC;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
import com.sun.org.apache.xalan.internal.xsltc.dom.XSLTCDTMManager;
@@ -213,15 +216,17 @@
/**
* protocols allowed for external references set by the stylesheet processing instruction, Import and Include element.
*/
private String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
+
/**
* protocols allowed for external DTD references in source file and/or stylesheet.
*/
private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
+ private XMLSecurityPropertyManager _xmlSecurityPropertyMgr;
/**
* javax.xml.transform.sax.TransformerFactory implementation.
*/
public TransformerFactoryImpl() {
@@ -233,19 +238,20 @@
}
private TransformerFactoryImpl(boolean useServicesMechanism) {
this._useServicesMechanism = useServicesMechanism;
- String defaultAccess = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
if (System.getSecurityManager() != null) {
_isSecureMode = true;
_isNotSecureProcessing = false;
}
- _accessExternalStylesheet = SecuritySupport.getDefaultAccessProperty(
- XalanConstants.SP_ACCESS_EXTERNAL_STYLESHEET, defaultAccess);
- _accessExternalDTD = SecuritySupport.getDefaultAccessProperty(
- XalanConstants.SP_ACCESS_EXTERNAL_DTD, defaultAccess);
+
+ _xmlSecurityPropertyMgr = new XMLSecurityPropertyManager();
+ _accessExternalDTD = _xmlSecurityPropertyMgr.getValue(
+ Property.ACCESS_EXTERNAL_DTD);
+ _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue(
+ Property.ACCESS_EXTERNAL_STYLESHEET);
}
/**
* javax.xml.transform.sax.TransformerFactory implementation.
* Set the error event listener for the TransformerFactory, which is used
@@ -304,16 +310,15 @@
if (_enableInlining)
return Boolean.TRUE;
else
return Boolean.FALSE;
}
- else if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
- return _accessExternalStylesheet;
+
+ int index = _xmlSecurityPropertyMgr.getIndex(name);
+ if (index > -1) {
+ return _xmlSecurityPropertyMgr.getValueByIndex(index);
}
- else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
- return _accessExternalDTD;
- }
// Throw an exception for all other attributes
ErrorMsg err = new ErrorMsg(ErrorMsg.JAXP_INVALID_ATTR_ERR, name);
throw new IllegalArgumentException(err.toString());
}
@@ -411,18 +416,21 @@
else if (value instanceof Integer) {
_indentNumber = ((Integer) value).intValue();
return;
}
}
- else if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
- _accessExternalStylesheet = (String)value;
+
+ int index = _xmlSecurityPropertyMgr.getIndex(name);
+ if (index > -1) {
+ _xmlSecurityPropertyMgr.setValue(index,
+ State.APIPROPERTY, (String)value);
+ _accessExternalDTD = _xmlSecurityPropertyMgr.getValue(
+ Property.ACCESS_EXTERNAL_DTD);
+ _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue(
+ Property.ACCESS_EXTERNAL_STYLESHEET);
return;
}
- else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
- _accessExternalDTD = (String)value;
- return;
- }
// Throw an exception for all other attributes
final ErrorMsg err
= new ErrorMsg(ErrorMsg.JAXP_INVALID_ATTR_ERR, name);
throw new IllegalArgumentException(err.toString());
@@ -464,15 +472,22 @@
ErrorMsg err = new ErrorMsg(ErrorMsg.JAXP_SECUREPROCESSING_FEATURE);
throw new TransformerConfigurationException(err.toString());
}
_isNotSecureProcessing = !value;
- // set restriction, allowing no access to external stylesheet
- if (value) {
- _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP;
- _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP;
+ // set external access restriction when FSP is explicitly set
+ if (value && XalanConstants.IS_JDK8_OR_ABOVE) {
+ _xmlSecurityPropertyMgr.setValue(Property.ACCESS_EXTERNAL_DTD,
+ State.FSP, XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP);
+ _xmlSecurityPropertyMgr.setValue(Property.ACCESS_EXTERNAL_STYLESHEET,
+ State.FSP, XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP);
+ _accessExternalDTD = _xmlSecurityPropertyMgr.getValue(
+ Property.ACCESS_EXTERNAL_DTD);
+ _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue(
+ Property.ACCESS_EXTERNAL_STYLESHEET);
}
+
return;
}
else if (name.equals(XalanConstants.ORACLE_FEATURE_SERVICE_MECHANISM)) {
//in secure mode, let _useServicesMechanism be determined by the constructor
if (!_isSecureMode)