jaxws Udiff src/share/jaxws_classes/com/sun/xml/internal/bind/v2/util/XmlFactory.java

src/share/jaxws_classes/com/sun/xml/internal/bind/v2/util/XmlFactory.java

@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.  Oracle designates this

@@ -36,10 +36,12 @@
 import javax.xml.transform.TransformerConfigurationException;
 import javax.xml.transform.TransformerFactory;
 import javax.xml.validation.SchemaFactory;
 import javax.xml.xpath.XPathFactory;
 import javax.xml.xpath.XPathFactoryConfigurationException;
+
+import org.xml.sax.SAXException;
 import org.xml.sax.SAXNotRecognizedException;
 import org.xml.sax.SAXNotSupportedException;
 
 /**
  * Provides helper methods for creating properly configured XML parser

@@ -47,10 +49,13 @@
  * security.
  * @author snajper
  */
 public class XmlFactory {
 
+    // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used
+    public static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema";
+
     private static final Logger LOGGER = Logger.getLogger(XmlFactory.class.getName());
 
     /**
      * If true XML security features when parsing XML documents will be disabled.
      * The default value is false.

@@ -184,6 +189,24 @@
             LOGGER.log(Level.SEVERE, null, er);
             throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er);
         }
     }
 
+    public static SchemaFactory allowFileAccess(SchemaFactory sf, boolean disableSecureProcessing) {
+
+        // if feature secure processing enabled, nothing to do, file is allowed,
+        // or user is able to control access by standard JAXP mechanisms
+        if (disableSecureProcessing) {
+            return sf;
+        }
+
+        try {
+            sf.setProperty(ACCESS_EXTERNAL_SCHEMA, "file");
+            LOGGER.log(Level.FINE, Messages.JAXP_SUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_SCHEMA));
+        } catch (SAXException ignored) {
+            // nothing to do; support depends on version JDK or SAX implementation
+            LOGGER.log(Level.CONFIG, Messages.JAXP_UNSUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_SCHEMA), ignored);
+        }
+        return sf;
+    }
+
 }