src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java

Print this page

        

*** 43,53 **** import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter; import com.sun.org.apache.xerces.internal.util.SecurityManager; import com.sun.org.apache.xerces.internal.util.StAXInputSource; import com.sun.org.apache.xerces.internal.util.Status; import com.sun.org.apache.xerces.internal.util.XMLGrammarPoolImpl; ! import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import com.sun.org.apache.xerces.internal.xni.XNIException; import com.sun.org.apache.xerces.internal.xni.grammars.Grammar; import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription; import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool; import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException; --- 43,53 ---- import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter; import com.sun.org.apache.xerces.internal.util.SecurityManager; import com.sun.org.apache.xerces.internal.util.StAXInputSource; import com.sun.org.apache.xerces.internal.util.Status; import com.sun.org.apache.xerces.internal.util.XMLGrammarPoolImpl; ! import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager; import com.sun.org.apache.xerces.internal.xni.XNIException; import com.sun.org.apache.xerces.internal.xni.grammars.Grammar; import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription; import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool; import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
*** 81,95 **** /** Property identifier: SecurityManager. */ private static final String SECURITY_MANAGER = Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; ! /** property identifier: access external dtd. */ ! public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD; - /** Property identifier: access to external schema */ - public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA; // // Data // --- 81,94 ---- /** Property identifier: SecurityManager. */ private static final String SECURITY_MANAGER = Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; ! /** Property identifier: Security property manager. */ ! private static final String XML_SECURITY_PROPERTY_MANAGER = ! Constants.XML_SECURITY_PROPERTY_MANAGER; // // Data //
*** 109,127 **** --- 108,131 ---- private ErrorHandlerWrapper fErrorHandlerWrapper; /** The SecurityManager. */ private SecurityManager fSecurityManager; + /** The Security property manager. */ + private XMLSecurityPropertyManager fSecurityPropertyMgr; + /** The container for the real grammar pool. */ private XMLGrammarPoolWrapper fXMLGrammarPoolWrapper; /** * Indicates whether implementation parts should use * service loader (or similar). * Note the default value (false) is the safe option.. */ private final boolean fUseServicesMechanism; + + public XMLSchemaFactory() { this(true); } public static XMLSchemaFactory newXMLSchemaFactoryNoServiceLoader() { return new XMLSchemaFactory(false);
*** 138,154 **** // Enable secure processing feature by default fSecurityManager = new SecurityManager(); fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager); ! //by default, the secure feature is set to true, otherwise the default would have been 'file' ! String accessExternal = SecuritySupport.getDefaultAccessProperty( ! Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT); ! fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, accessExternal); ! accessExternal = SecuritySupport.getDefaultAccessProperty( ! Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT); ! fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, accessExternal); } /** * <p>Is specified schema supported by this <code>SchemaFactory</code>?</p> * --- 142,154 ---- // Enable secure processing feature by default fSecurityManager = new SecurityManager(); fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager); ! fSecurityPropertyMgr = new XMLSecurityPropertyManager(); ! fXMLSchemaLoader.setProperty(XML_SECURITY_PROPERTY_MANAGER, ! fSecurityPropertyMgr); } /** * <p>Is specified schema supported by this <code>SchemaFactory</code>?</p> *
*** 280,289 **** --- 280,290 ---- } else { schema = new EmptyXMLSchema(); } propagateFeatures(schema); + propagateProperties(schema); return schema; } public Schema newSchema() throws SAXException { // Use a Schema that uses the system id as the equality source.
*** 364,375 **** SAXMessageFormatter.formatMessage(null, "jaxp-secureprocessing-feature", null)); } if (value) { fSecurityManager = new SecurityManager(); ! fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP); ! fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP); } else { fSecurityManager = null; } fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager); --- 365,381 ---- SAXMessageFormatter.formatMessage(null, "jaxp-secureprocessing-feature", null)); } if (value) { fSecurityManager = new SecurityManager(); ! ! if (Constants.IS_JDK8_OR_ABOVE) { ! fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD, ! XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP); ! fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA, ! XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP); ! } } else { fSecurityManager = null; } fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
*** 412,423 **** --- 418,435 ---- throw new SAXNotSupportedException( SAXMessageFormatter.formatMessage(fXMLSchemaLoader.getLocale(), "property-not-supported", new Object [] {name})); } try { + int index = fSecurityPropertyMgr.getIndex(name); + if (index > -1) { + fSecurityPropertyMgr.setValue(index, + XMLSecurityPropertyManager.State.APIPROPERTY, (String)object); + } else { fXMLSchemaLoader.setProperty(name, object); } + } catch (XMLConfigurationException e) { String identifier = e.getIdentifier(); if (e.getType() == Status.NOT_RECOGNIZED) { throw new SAXNotRecognizedException( SAXMessageFormatter.formatMessage(fXMLSchemaLoader.getLocale(),