206 public static String sanitizePath(String uri) {
207 if (uri == null) {
208 return "";
209 }
210 int i = uri.lastIndexOf("/");
211 if (i > 0) {
212 return uri.substring(i+1, uri.length());
213 }
214 return "";
215 }
216
217 /**
218 * Check the protocol used in the systemId against allowed protocols
219 *
220 * @param systemId the Id of the URI
221 * @param allowedProtocols a list of allowed protocols separated by comma
222 * @param accessAny keyword to indicate allowing any protocol
223 * @return the name of the protocol if rejected, null otherwise
224 */
225 public static String checkAccess(String systemId, String allowedProtocols, String accessAny) throws IOException {
226 if (systemId == null || allowedProtocols.equalsIgnoreCase(accessAny)) {
227 return null;
228 }
229
230 String protocol;
231 if (systemId.indexOf(":")==-1) {
232 protocol = "file";
233 } else {
234 URL url = new URL(systemId);
235 protocol = url.getProtocol();
236 if (protocol.equalsIgnoreCase("jar")) {
237 String path = url.getPath();
238 protocol = path.substring(0, path.indexOf(":"));
239 }
240 }
241
242 if (isProtocolAllowed(protocol, allowedProtocols)) {
243 //access allowed
244 return null;
245 } else {
246 return protocol;
247 }
248 }
249
250 /**
251 * Check if the protocol is in the allowed list of protocols. The check
252 * is case-insensitive while ignoring whitespaces.
253 *
254 * @param protocol a protocol
255 * @param allowedProtocols a list of allowed protocols
256 * @return true if the protocol is in the list
257 */
258 private static boolean isProtocolAllowed(String protocol, String allowedProtocols) {
259 String temp[] = allowedProtocols.split(",");
260 for (String t : temp) {
261 t = t.trim();
262 if (t.equalsIgnoreCase(protocol)) {
263 return true;
264 }
265 }
266 return false;
267 }
268
269 /**
270 * Read from $java.home/lib/jaxp.properties for the specified property
271 *
272 * @param propertyId the Id of the property
273 * @return the value of the property
274 */
275 public static String getDefaultAccessProperty(String sysPropertyId, String defaultVal) {
276 String accessExternal = SecuritySupport.getSystemProperty(sysPropertyId);
277 if (accessExternal == null) {
278 accessExternal = readJAXPProperty(sysPropertyId);
279 if (accessExternal == null) {
280 accessExternal = defaultVal;
281 }
282 }
283 return accessExternal;
284 }
285
286 /**
287 * Read from $java.home/lib/jaxp.properties for the specified property
288 * The program
289 *
290 * @param propertyId the Id of the property
291 * @return the value of the property
292 */
293 static String readJAXPProperty(String propertyId) {
294 String value = null;
295 InputStream is = null;
296 try {
297 if (firstTime) {
298 synchronized (cacheProps) {
299 if (firstTime) {
300 String configFile = getSystemProperty("java.home") + File.separator +
301 "lib" + File.separator + "jaxp.properties";
302 File f = new File(configFile);
|
206 public static String sanitizePath(String uri) {
207 if (uri == null) {
208 return "";
209 }
210 int i = uri.lastIndexOf("/");
211 if (i > 0) {
212 return uri.substring(i+1, uri.length());
213 }
214 return "";
215 }
216
217 /**
218 * Check the protocol used in the systemId against allowed protocols
219 *
220 * @param systemId the Id of the URI
221 * @param allowedProtocols a list of allowed protocols separated by comma
222 * @param accessAny keyword to indicate allowing any protocol
223 * @return the name of the protocol if rejected, null otherwise
224 */
225 public static String checkAccess(String systemId, String allowedProtocols, String accessAny) throws IOException {
226 if (systemId == null || (allowedProtocols != null &&
227 allowedProtocols.equalsIgnoreCase(accessAny))) {
228 return null;
229 }
230
231 String protocol;
232 if (systemId.indexOf(":")==-1) {
233 protocol = "file";
234 } else {
235 URL url = new URL(systemId);
236 protocol = url.getProtocol();
237 if (protocol.equalsIgnoreCase("jar")) {
238 String path = url.getPath();
239 protocol = path.substring(0, path.indexOf(":"));
240 }
241 }
242
243 if (isProtocolAllowed(protocol, allowedProtocols)) {
244 //access allowed
245 return null;
246 } else {
247 return protocol;
248 }
249 }
250
251 /**
252 * Check if the protocol is in the allowed list of protocols. The check
253 * is case-insensitive while ignoring whitespaces.
254 *
255 * @param protocol a protocol
256 * @param allowedProtocols a list of allowed protocols
257 * @return true if the protocol is in the list
258 */
259 private static boolean isProtocolAllowed(String protocol, String allowedProtocols) {
260 if (allowedProtocols == null) {
261 return false;
262 }
263 String temp[] = allowedProtocols.split(",");
264 for (String t : temp) {
265 t = t.trim();
266 if (t.equalsIgnoreCase(protocol)) {
267 return true;
268 }
269 }
270 return false;
271 }
272
273 /**
274 * Read JAXP system property in this order: system property,
275 * $java.home/lib/jaxp.properties if the system property is not specified
276 *
277 * @param propertyId the Id of the property
278 * @return the value of the property
279 */
280 public static String getJAXPSystemProperty(String sysPropertyId) {
281 String accessExternal = getSystemProperty(sysPropertyId);
282 if (accessExternal == null) {
283 accessExternal = readJAXPProperty(sysPropertyId);
284 }
285 return accessExternal;
286 }
287
288 /**
289 * Read from $java.home/lib/jaxp.properties for the specified property
290 * The program
291 *
292 * @param propertyId the Id of the property
293 * @return the value of the property
294 */
295 static String readJAXPProperty(String propertyId) {
296 String value = null;
297 InputStream is = null;
298 try {
299 if (firstTime) {
300 synchronized (cacheProps) {
301 if (firstTime) {
302 String configFile = getSystemProperty("java.home") + File.separator +
303 "lib" + File.separator + "jaxp.properties";
304 File f = new File(configFile);
|