--- old/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/unmarshaller/UnmarshallerImpl.java 2013-04-04 15:27:28.920613106 +0200
+++ new/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/unmarshaller/UnmarshallerImpl.java 2013-04-04 15:27:28.856613105 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -60,8 +60,11 @@
import com.sun.xml.internal.bind.v2.runtime.AssociationMap;
import com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl;
import com.sun.xml.internal.bind.v2.runtime.JaxBeanInfo;
+import com.sun.xml.internal.bind.v2.util.XmlFactory;
import java.io.Closeable;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.parsers.SAXParserFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -80,7 +83,7 @@
* @author
* Kohsuke KAWAGUCHI
*/
-public final class UnmarshallerImpl extends AbstractUnmarshallerImpl implements ValidationEventHandler, Closeable
+ public final class UnmarshallerImpl extends AbstractUnmarshallerImpl implements ValidationEventHandler, Closeable
{
/** Owning {@link JAXBContext} */
protected final JAXBContextImpl context;
@@ -116,10 +119,43 @@
return getUnmarshallerHandler(true,null);
}
+ private XMLReader reader = null;
+
+ /**
+ * Obtains a configured XMLReader.
+ *
+ * This method is used when the client-specified
+ * {@link SAXSource} object doesn't have XMLReader.
+ *
+ * {@link Unmarshaller} is not re-entrant, so we will
+ * only use one instance of XMLReader.
+ *
+ * Overriden in order to fix potential security issue.
+ */
+ @Override
+ protected XMLReader getXMLReader() throws JAXBException {
+ if (reader == null) {
+ try {
+ SAXParserFactory parserFactory = XmlFactory.createParserFactory(context.disableSecurityProcessing);
+ // there is no point in asking a validation because
+ // there is no guarantee that the document will come with
+ // a proper schemaLocation.
+ parserFactory.setValidating(false);
+ reader = parserFactory.newSAXParser().getXMLReader();
+ } catch (ParserConfigurationException e) {
+ throw new JAXBException(e);
+ } catch (SAXException e) {
+ throw new JAXBException(e);
+ }
+ }
+ return reader;
+ }
+
private SAXConnector getUnmarshallerHandler( boolean intern, JaxBeanInfo expectedType ) {
- XmlVisitor h = createUnmarshallerHandler(null,false,expectedType);
- if(intern)
+ XmlVisitor h = createUnmarshallerHandler(null, false, expectedType);
+ if (intern) {
h = new InterningXmlVisitor(h);
+ }
return new SAXConnector(h,null);
}
@@ -142,11 +178,13 @@
XmlVisitor unmarshaller = coordinator;
// delegate to JAXP 1.3 for validation if the client provided a schema
- if (schema != null)
+ if (schema != null) {
unmarshaller = new ValidatingUnmarshaller(schema,unmarshaller);
+ }
- if(attachmentUnmarshaller!=null && attachmentUnmarshaller.isXOPPackage())
+ if(attachmentUnmarshaller!=null && attachmentUnmarshaller.isXOPPackage()) {
unmarshaller = new MTOMDecorator(this,unmarshaller,attachmentUnmarshaller);
+ }
return unmarshaller;
}
@@ -162,8 +200,9 @@
}
try {
- if( reader.getFeature("http://xml.org/sax/features/string-interning") )
+ if (reader.getFeature("http://xml.org/sax/features/string-interning")) {
return false; // no need for intern
+ }
} catch (SAXException e) {
// unrecognized/unsupported
}
@@ -176,8 +215,9 @@
}
protected JAXBElement unmarshal( XMLReader reader, InputSource source, Class expectedType ) throws JAXBException {
- if(expectedType==null)
+ if(expectedType==null) {
throw new IllegalArgumentException();
+ }
return (JAXBElement)unmarshal0(reader,source,getBeanInfo(expectedType));
}
@@ -222,40 +262,44 @@
@Override
public JAXBElement unmarshal( Source source, Class expectedType ) throws JAXBException {
- if(source instanceof SAXSource) {
- SAXSource ss = (SAXSource)source;
+ if (source instanceof SAXSource) {
+ SAXSource ss = (SAXSource) source;
- XMLReader reader = ss.getXMLReader();
- if( reader == null )
- reader = getXMLReader();
+ XMLReader locReader = ss.getXMLReader();
+ if (locReader == null) {
+ locReader = getXMLReader();
+ }
- return unmarshal( reader, ss.getInputSource(), expectedType );
+ return unmarshal(locReader, ss.getInputSource(), expectedType);
}
- if(source instanceof StreamSource) {
- return unmarshal( getXMLReader(), streamSourceToInputSource((StreamSource)source), expectedType );
+ if (source instanceof StreamSource) {
+ return unmarshal(getXMLReader(), streamSourceToInputSource((StreamSource) source), expectedType);
+ }
+ if (source instanceof DOMSource) {
+ return unmarshal(((DOMSource) source).getNode(), expectedType);
}
- if(source instanceof DOMSource)
- return unmarshal( ((DOMSource)source).getNode(), expectedType );
// we don't handle other types of Source
throw new IllegalArgumentException();
}
public Object unmarshal0( Source source, JaxBeanInfo expectedType ) throws JAXBException {
- if(source instanceof SAXSource) {
- SAXSource ss = (SAXSource)source;
+ if (source instanceof SAXSource) {
+ SAXSource ss = (SAXSource) source;
- XMLReader reader = ss.getXMLReader();
- if( reader == null )
- reader = getXMLReader();
+ XMLReader locReader = ss.getXMLReader();
+ if (locReader == null) {
+ locReader = getXMLReader();
+ }
- return unmarshal0( reader, ss.getInputSource(), expectedType );
+ return unmarshal0(locReader, ss.getInputSource(), expectedType);
}
- if(source instanceof StreamSource) {
- return unmarshal0( getXMLReader(), streamSourceToInputSource((StreamSource)source), expectedType );
+ if (source instanceof StreamSource) {
+ return unmarshal0(getXMLReader(), streamSourceToInputSource((StreamSource) source), expectedType);
+ }
+ if (source instanceof DOMSource) {
+ return unmarshal0(((DOMSource) source).getNode(), expectedType);
}
- if(source instanceof DOMSource)
- return unmarshal0( ((DOMSource)source).getNode(), expectedType );
// we don't handle other types of Source
throw new IllegalArgumentException();
@@ -283,8 +327,9 @@
@Override
public JAXBElement unmarshal(Node node, Class expectedType) throws JAXBException {
- if(expectedType==null)
+ if (expectedType == null) {
throw new IllegalArgumentException();
+ }
return (JAXBElement)unmarshal0(node,getBeanInfo(expectedType));
}
@@ -305,14 +350,13 @@
InterningXmlVisitor handler = new InterningXmlVisitor(createUnmarshallerHandler(null,false,expectedType));
scanner.setContentHandler(new SAXConnector(handler,scanner));
- if(node.getNodeType() == Node.ELEMENT_NODE)
+ if(node.getNodeType() == Node.ELEMENT_NODE) {
scanner.scan((Element)node);
- else
- if(node.getNodeType() == Node.DOCUMENT_NODE)
+ } else if(node.getNodeType() == Node.DOCUMENT_NODE) {
scanner.scan((Document)node);
- else
- // no other type of input is supported
+ } else {
throw new IllegalArgumentException("Unexpected node type: "+node);
+ }
Object retVal = handler.getContext().getResult();
handler.getContext().clearResult();
@@ -329,8 +373,9 @@
@Override
public JAXBElement unmarshal(XMLStreamReader reader, Class expectedType) throws JAXBException {
- if(expectedType==null)
+ if (expectedType==null) {
throw new IllegalArgumentException();
+ }
return (JAXBElement)unmarshal0(reader,getBeanInfo(expectedType));
}
@@ -364,8 +409,9 @@
@Override
public JAXBElement unmarshal(XMLEventReader reader, Class expectedType) throws JAXBException {
- if(expectedType==null)
+ if(expectedType==null) {
throw new IllegalArgumentException();
+ }
return (JAXBElement)unmarshal0(reader,getBeanInfo(expectedType));
}
@@ -393,8 +439,9 @@
// Quick hack until SJSXP fixes 6270116
boolean isZephyr = reader.getClass().getName().equals("com.sun.xml.internal.stream.XMLReaderImpl");
XmlVisitor h = createUnmarshallerHandler(null,false,expectedType);
- if(!isZephyr)
+ if(!isZephyr) {
h = new InterningXmlVisitor(h);
+ }
new StAXEventConnector(reader,h).bridge();
return h.getContext().getResult();
} catch (XMLStreamException e) {
@@ -414,10 +461,12 @@
// So we unwrap them here. But we don't want to unwrap too eagerly, because
// that could throw away some meaningful exception information.
Throwable ne = e.getNestedException();
- if(ne instanceof JAXBException)
+ if(ne instanceof JAXBException) {
return (JAXBException)ne;
- if(ne instanceof SAXException)
+ }
+ if(ne instanceof SAXException) {
return new UnmarshalException(ne);
+ }
return new UnmarshalException(e);
}
@@ -490,20 +539,22 @@
@Override
public void setAdapter(Class type, A adapter) {
- if(type==null)
+ if (type==null) {
throw new IllegalArgumentException();
+ }
coordinator.putAdapter(type,adapter);
}
@Override
public A getAdapter(Class type) {
- if(type==null)
+ if(type==null) {
throw new IllegalArgumentException();
- if(coordinator.containsAdapter(type))
- // so as not to create a new instance when this method is called
+ }
+ if(coordinator.containsAdapter(type)) {
return coordinator.getAdapter(type);
- else
+ } else {
return null;
+ }
}
// opening up for public use