jaxp Udiff src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java

src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java

@@ -34,10 +34,11 @@
 import com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator;
 import com.sun.org.apache.xerces.internal.jaxp.validation.XSGrammarPoolContainer;
 import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
 import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.util.Status;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLDocumentSource;

@@ -90,16 +91,14 @@
 
     /** Property identifier: security manager. */
     private static final String SECURITY_MANAGER =
         Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
 
-    /** property identifier: access external dtd. */
-    public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+    /** Property identifier: Security property manager. */
+    private static final String XML_SECURITY_PROPERTY_MANAGER =
+            Constants.XML_SECURITY_PROPERTY_MANAGER;
 
-    /** Property identifier: access to external schema */
-    public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
-
     private final JAXPSAXParser xmlReader;
     private String schemaLanguage = null;     // null means DTD
     private final Schema grammar;
 
     private final XMLComponent fSchemaValidator;

@@ -111,10 +110,12 @@
     private final ErrorHandler fInitErrorHandler;
 
     /** Initial EntityResolver */
     private final EntityResolver fInitEntityResolver;
 
+    private XMLSecurityPropertyManager fSecurityPropertyMgr;
+
     /**
      * Create a SAX parser with the associated features
      * @param features Hashtable of SAX features, may be null
      */
     SAXParserImpl(SAXParserFactoryImpl spf, Hashtable features)

@@ -147,10 +148,13 @@
         // does not support XInclude.
         if (spf.isXIncludeAware()) {
             xmlReader.setFeature0(XINCLUDE_FEATURE, true);
         }
 
+        fSecurityPropertyMgr = new XMLSecurityPropertyManager();
+        xmlReader.setProperty0(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
+
         // If the secure processing feature is on set a security manager.
         if (secureProcessing) {
             xmlReader.setProperty0(SECURITY_MANAGER, new SecurityManager());
             /**
              * By default, secure processing is set, no external access is allowed.

@@ -160,13 +164,16 @@
              */
             if (features != null) {
                 Object temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING);
                 if (temp != null) {
                     boolean value = ((Boolean) temp).booleanValue();
-                    if (value) {
-                        xmlReader.setProperty0(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
-                        xmlReader.setProperty0(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                    if (value && Constants.IS_JDK8_OR_ABOVE) {
+                        fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD, 
+                                XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                        fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA, 
+                                XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+
                     }
                 }
             }
         }

@@ -528,19 +535,26 @@
                             new Object[] {JAXP_SCHEMA_LANGUAGE, JAXP_SCHEMA_SOURCE}));
                     }
                     return;
                 }
             }
-            if (!fInitProperties.containsKey(name)) {
-                fInitProperties.put(name, super.getProperty(name));
-            }
             /** Forward property to the schema validator if there is one. **/
             if (fSAXParser != null && fSAXParser.fSchemaValidator != null) {
                 setSchemaValidatorProperty(name, value);
             }
+            /** Check to see if the property is managed by the property manager **/
+            int index = fSAXParser.fSecurityPropertyMgr.getIndex(name);
+            if (index > -1) {
+                fSAXParser.fSecurityPropertyMgr.setValue(index, 
+                        XMLSecurityPropertyManager.State.APIPROPERTY, (String)value);                    
+            } else {
+                if (!fInitProperties.containsKey(name)) {
+                    fInitProperties.put(name, super.getProperty(name));
+                }
             super.setProperty(name, value);
         }
+        }
 
         public synchronized Object getProperty(String name)
             throws SAXNotRecognizedException, SAXNotSupportedException {
             if (name == null) {
                 // TODO: Add localized error message.

@@ -548,10 +562,15 @@
             }
             if (fSAXParser != null && JAXP_SCHEMA_LANGUAGE.equals(name)) {
                 // JAXP 1.2 support
                 return fSAXParser.schemaLanguage;
             }
+            int index = fSAXParser.fSecurityPropertyMgr.getIndex(name);
+            if (index > -1) {
+                return fSAXParser.fSecurityPropertyMgr.getValueByIndex(index);
+            }
+
             return super.getProperty(name);
         }
 
         synchronized void restoreInitState()
             throws SAXNotRecognizedException, SAXNotSupportedException {