src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java
Print this page
*** 43,53 ****
import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
import com.sun.org.apache.xerces.internal.util.SecurityManager;
import com.sun.org.apache.xerces.internal.util.StAXInputSource;
import com.sun.org.apache.xerces.internal.util.Status;
import com.sun.org.apache.xerces.internal.util.XMLGrammarPoolImpl;
! import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
import com.sun.org.apache.xerces.internal.xni.XNIException;
import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription;
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
--- 43,53 ----
import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
import com.sun.org.apache.xerces.internal.util.SecurityManager;
import com.sun.org.apache.xerces.internal.util.StAXInputSource;
import com.sun.org.apache.xerces.internal.util.Status;
import com.sun.org.apache.xerces.internal.util.XMLGrammarPoolImpl;
! import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
import com.sun.org.apache.xerces.internal.xni.XNIException;
import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription;
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
*** 81,95 ****
/** Property identifier: SecurityManager. */
private static final String SECURITY_MANAGER =
Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
! /** property identifier: access external dtd. */
! public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
- /** Property identifier: access to external schema */
- public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
//
// Data
//
--- 81,94 ----
/** Property identifier: SecurityManager. */
private static final String SECURITY_MANAGER =
Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
! /** Property identifier: Security property manager. */
! private static final String XML_SECURITY_PROPERTY_MANAGER =
! Constants.XML_SECURITY_PROPERTY_MANAGER;
//
// Data
//
*** 109,127 ****
--- 108,131 ----
private ErrorHandlerWrapper fErrorHandlerWrapper;
/** The SecurityManager. */
private SecurityManager fSecurityManager;
+ /** The Security property manager. */
+ private XMLSecurityPropertyManager fSecurityPropertyMgr;
+
/** The container for the real grammar pool. */
private XMLGrammarPoolWrapper fXMLGrammarPoolWrapper;
/**
* Indicates whether implementation parts should use
* service loader (or similar).
* Note the default value (false) is the safe option..
*/
private final boolean fUseServicesMechanism;
+
+
public XMLSchemaFactory() {
this(true);
}
public static XMLSchemaFactory newXMLSchemaFactoryNoServiceLoader() {
return new XMLSchemaFactory(false);
*** 138,154 ****
// Enable secure processing feature by default
fSecurityManager = new SecurityManager();
fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
! //by default, the secure feature is set to true, otherwise the default would have been 'file'
! String accessExternal = SecuritySupport.getDefaultAccessProperty(
! Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
! fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, accessExternal);
! accessExternal = SecuritySupport.getDefaultAccessProperty(
! Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
! fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, accessExternal);
}
/**
* <p>Is specified schema supported by this <code>SchemaFactory</code>?</p>
*
--- 142,154 ----
// Enable secure processing feature by default
fSecurityManager = new SecurityManager();
fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
! fSecurityPropertyMgr = new XMLSecurityPropertyManager();
! fXMLSchemaLoader.setProperty(XML_SECURITY_PROPERTY_MANAGER,
! fSecurityPropertyMgr);
}
/**
* <p>Is specified schema supported by this <code>SchemaFactory</code>?</p>
*
*** 280,289 ****
--- 280,290 ----
}
else {
schema = new EmptyXMLSchema();
}
propagateFeatures(schema);
+ propagateProperties(schema);
return schema;
}
public Schema newSchema() throws SAXException {
// Use a Schema that uses the system id as the equality source.
*** 364,375 ****
SAXMessageFormatter.formatMessage(null,
"jaxp-secureprocessing-feature", null));
}
if (value) {
fSecurityManager = new SecurityManager();
! fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
! fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
} else {
fSecurityManager = null;
}
fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
--- 365,381 ----
SAXMessageFormatter.formatMessage(null,
"jaxp-secureprocessing-feature", null));
}
if (value) {
fSecurityManager = new SecurityManager();
!
! if (Constants.IS_JDK8_OR_ABOVE) {
! fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD,
! XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
! fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA,
! XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
! }
} else {
fSecurityManager = null;
}
fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
*** 412,423 ****
--- 418,435 ----
throw new SAXNotSupportedException(
SAXMessageFormatter.formatMessage(fXMLSchemaLoader.getLocale(),
"property-not-supported", new Object [] {name}));
}
try {
+ int index = fSecurityPropertyMgr.getIndex(name);
+ if (index > -1) {
+ fSecurityPropertyMgr.setValue(index,
+ XMLSecurityPropertyManager.State.APIPROPERTY, (String)object);
+ } else {
fXMLSchemaLoader.setProperty(name, object);
}
+ }
catch (XMLConfigurationException e) {
String identifier = e.getIdentifier();
if (e.getType() == Status.NOT_RECOGNIZED) {
throw new SAXNotRecognizedException(
SAXMessageFormatter.formatMessage(fXMLSchemaLoader.getLocale(),