1 /* 2 * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package com.sun.xml.internal.bind.v2.util; 27 28 import com.sun.xml.internal.bind.Util; 29 import com.sun.xml.internal.bind.v2.Messages; 30 import java.util.logging.Level; 31 import java.util.logging.Logger; 32 import javax.xml.XMLConstants; 33 import javax.xml.parsers.DocumentBuilderFactory; 34 import javax.xml.parsers.ParserConfigurationException; 35 import javax.xml.parsers.SAXParserFactory; 36 import javax.xml.transform.TransformerConfigurationException; 37 import javax.xml.transform.TransformerFactory; 38 import javax.xml.validation.SchemaFactory; 39 import javax.xml.xpath.XPathFactory; 40 import javax.xml.xpath.XPathFactoryConfigurationException; 41 import org.xml.sax.SAXNotRecognizedException; 42 import org.xml.sax.SAXNotSupportedException; 43 44 /** 45 * Provides helper methods for creating properly configured XML parser 46 * factory instances with namespace support turned on and configured for 47 * security. 48 * @author snajper 49 */ 50 public class XmlFactory { 51 52 private static final Logger LOGGER = Logger.getLogger(XmlFactory.class.getName()); 53 54 /** 55 * If true XML security features when parsing XML documents will be disabled. 56 * The default value is false. 57 * 58 * Boolean 59 * @since 2.2.6 60 */ 61 private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.bind.disableXmlSecurity"; 62 63 public static final boolean DISABLE_SECURE_PROCESSING = 64 Boolean.parseBoolean(Util.getSystemProperty(DISABLE_XML_SECURITY)); 65 66 private static boolean xmlFeatureValue(boolean runtimeSetting) { 67 return !(DISABLE_SECURE_PROCESSING || runtimeSetting); 68 } 69 70 /** 71 * Returns properly configured (e.g. security features) schema factory 72 * - namespaceAware == true 73 * - securityProcessing == is set based on security processing property, default is true 74 */ 75 public static SchemaFactory createSchemaFactory(final String language, boolean disableSecureProcessing) throws IllegalStateException { 76 try { 77 SchemaFactory factory = SchemaFactory.newInstance(language); 78 if (LOGGER.isLoggable(Level.FINE)) { 79 LOGGER.log(Level.FINE, "SchemaFactory instance: {0}", factory); 80 } 81 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, xmlFeatureValue(disableSecureProcessing)); 82 return factory; 83 } catch (SAXNotRecognizedException ex) { 84 LOGGER.log(Level.SEVERE, null, ex); 85 throw new IllegalStateException(ex); 86 } catch (SAXNotSupportedException ex) { 87 LOGGER.log(Level.SEVERE, null, ex); 88 throw new IllegalStateException(ex); 89 } catch (AbstractMethodError er) { 90 LOGGER.log(Level.SEVERE, null, er); 91 throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); 92 } 93 } 94 95 /** 96 * Returns properly configured (e.g. security features) parser factory 97 * - namespaceAware == true 98 * - securityProcessing == is set based on security processing property, default is true 99 */ 100 public static SAXParserFactory createParserFactory(boolean disableSecureProcessing) throws IllegalStateException { 101 try { 102 SAXParserFactory factory = SAXParserFactory.newInstance(); 103 if (LOGGER.isLoggable(Level.FINE)) { 104 LOGGER.log(Level.FINE, "SAXParserFactory instance: {0}", factory); 105 } 106 factory.setNamespaceAware(true); 107 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, xmlFeatureValue(disableSecureProcessing)); 108 return factory; 109 } catch (ParserConfigurationException ex) { 110 LOGGER.log(Level.SEVERE, null, ex); 111 throw new IllegalStateException( ex); 112 } catch (SAXNotRecognizedException ex) { 113 LOGGER.log(Level.SEVERE, null, ex); 114 throw new IllegalStateException( ex); 115 } catch (SAXNotSupportedException ex) { 116 LOGGER.log(Level.SEVERE, null, ex); 117 throw new IllegalStateException( ex); 118 } catch (AbstractMethodError er) { 119 LOGGER.log(Level.SEVERE, null, er); 120 throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); 121 } 122 } 123 124 /** 125 * Returns properly configured (e.g. security features) factory 126 * - securityProcessing == is set based on security processing property, default is true 127 */ 128 public static XPathFactory createXPathFactory(boolean disableSecureProcessing) throws IllegalStateException { 129 try { 130 XPathFactory factory = XPathFactory.newInstance(); 131 if (LOGGER.isLoggable(Level.FINE)) { 132 LOGGER.log(Level.FINE, "XPathFactory instance: {0}", factory); 133 } 134 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, xmlFeatureValue(disableSecureProcessing)); 135 return factory; 136 } catch (XPathFactoryConfigurationException ex) { 137 LOGGER.log(Level.SEVERE, null, ex); 138 throw new IllegalStateException( ex); 139 } catch (AbstractMethodError er) { 140 LOGGER.log(Level.SEVERE, null, er); 141 throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); 142 } 143 } 144 145 /** 146 * Returns properly configured (e.g. security features) factory 147 * - securityProcessing == is set based on security processing property, default is true 148 */ 149 public static TransformerFactory createTransformerFactory(boolean disableSecureProcessing) throws IllegalStateException { 150 try { 151 TransformerFactory factory = TransformerFactory.newInstance(); 152 if (LOGGER.isLoggable(Level.FINE)) { 153 LOGGER.log(Level.FINE, "TransformerFactory instance: {0}", factory); 154 } 155 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, xmlFeatureValue(disableSecureProcessing)); 156 return factory; 157 } catch (TransformerConfigurationException ex) { 158 LOGGER.log(Level.SEVERE, null, ex); 159 throw new IllegalStateException( ex); 160 } catch (AbstractMethodError er) { 161 LOGGER.log(Level.SEVERE, null, er); 162 throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); 163 } 164 } 165 166 /** 167 * Returns properly configured (e.g. security features) factory 168 * - namespaceAware == true 169 * - securityProcessing == is set based on security processing property, default is true 170 */ 171 public static DocumentBuilderFactory createDocumentBuilderFactory(boolean disableSecureProcessing) throws IllegalStateException { 172 try { 173 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); 174 if (LOGGER.isLoggable(Level.FINE)) { 175 LOGGER.log(Level.FINE, "DocumentBuilderFactory instance: {0}", factory); 176 } 177 factory.setNamespaceAware(true); 178 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, xmlFeatureValue(disableSecureProcessing)); 179 return factory; 180 } catch (ParserConfigurationException ex) { 181 LOGGER.log(Level.SEVERE, null, ex); 182 throw new IllegalStateException( ex); 183 } catch (AbstractMethodError er) { 184 LOGGER.log(Level.SEVERE, null, er); 185 throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); 186 } 187 } 188 189 }