1 /* 2 * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package com.sun.xml.internal.ws.util.xml; 27 28 import com.sun.istack.internal.Nullable; 29 import com.sun.org.apache.xml.internal.resolver.Catalog; 30 import com.sun.org.apache.xml.internal.resolver.CatalogManager; 31 import com.sun.org.apache.xml.internal.resolver.tools.CatalogResolver; 32 import com.sun.xml.internal.ws.server.ServerRtException; 33 import com.sun.xml.internal.ws.util.ByteArrayBuffer; 34 import org.w3c.dom.Attr; 35 import org.w3c.dom.Element; 36 import org.w3c.dom.EntityReference; 37 import org.w3c.dom.Node; 38 import org.w3c.dom.NodeList; 39 import org.w3c.dom.Text; 40 import org.xml.sax.*; 41 42 import javax.xml.XMLConstants; 43 import javax.xml.namespace.QName; 44 import javax.xml.parsers.DocumentBuilderFactory; 45 import javax.xml.parsers.ParserConfigurationException; 46 import javax.xml.parsers.SAXParserFactory; 47 import javax.xml.stream.XMLInputFactory; 48 import javax.xml.transform.Result; 49 import javax.xml.transform.Source; 50 import javax.xml.transform.Transformer; 51 import javax.xml.transform.TransformerConfigurationException; 52 import javax.xml.transform.TransformerException; 53 import javax.xml.transform.TransformerFactory; 54 import javax.xml.transform.sax.SAXTransformerFactory; 55 import javax.xml.transform.sax.TransformerHandler; 56 import javax.xml.transform.stream.StreamSource; 57 import javax.xml.validation.SchemaFactory; 58 import javax.xml.ws.WebServiceException; 59 import javax.xml.xpath.XPathFactory; 60 import javax.xml.xpath.XPathFactoryConfigurationException; 61 import java.io.IOException; 62 import java.io.InputStream; 63 import java.io.OutputStreamWriter; 64 import java.io.Writer; 65 import java.net.URL; 66 import java.security.AccessController; 67 import java.security.PrivilegedAction; 68 import java.util.ArrayList; 69 import java.util.Enumeration; 70 import java.util.Iterator; 71 import java.util.List; 72 import java.util.StringTokenizer; 73 import java.util.logging.Level; 74 import java.util.logging.Logger; 75 76 /** 77 * @author WS Development Team 78 */ 79 public class XmlUtil { 80 81 // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used 82 private static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema"; 83 84 private final static String LEXICAL_HANDLER_PROPERTY = 85 "http://xml.org/sax/properties/lexical-handler"; 86 87 private static final Logger LOGGER = Logger.getLogger(XmlUtil.class.getName()); 88 89 private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.ws.disableXmlSecurity"; 90 91 private static boolean XML_SECURITY_DISABLED = AccessController.doPrivileged( 92 new PrivilegedAction<Boolean>() { 93 @Override 94 public Boolean run() { 265 reader.parse(toInputSource(ssrc)); 266 } else { 267 newTransformer().transform(src, result); 268 } 269 return result; 270 } 271 272 private static InputSource toInputSource(StreamSource src) { 273 InputSource is = new InputSource(); 274 is.setByteStream(src.getInputStream()); 275 is.setCharacterStream(src.getReader()); 276 is.setPublicId(src.getPublicId()); 277 is.setSystemId(src.getSystemId()); 278 return is; 279 } 280 281 /* 282 * Gets an EntityResolver using XML catalog 283 */ 284 public static EntityResolver createEntityResolver(@Nullable URL catalogUrl) { 285 // set up a manager 286 CatalogManager manager = new CatalogManager(); 287 manager.setIgnoreMissingProperties(true); 288 // Using static catalog may result in to sharing of the catalog by multiple apps running in a container 289 manager.setUseStaticCatalog(false); 290 Catalog catalog = manager.getCatalog(); 291 try { 292 if (catalogUrl != null) { 293 catalog.parseCatalog(catalogUrl); 294 } 295 } catch (IOException e) { 296 throw new ServerRtException("server.rt.err",e); 297 } 298 return workaroundCatalogResolver(catalog); 299 } 300 301 /** 302 * Gets a default EntityResolver for catalog at META-INF/jaxws-catalog.xml 303 */ 304 public static EntityResolver createDefaultCatalogResolver() { 305 306 // set up a manager 307 CatalogManager manager = new CatalogManager(); 308 manager.setIgnoreMissingProperties(true); 309 // Using static catalog may result in to sharing of the catalog by multiple apps running in a container 310 manager.setUseStaticCatalog(false); 311 // parse the catalog 312 ClassLoader cl = Thread.currentThread().getContextClassLoader(); 313 Enumeration<URL> catalogEnum; 314 Catalog catalog = manager.getCatalog(); 315 try { 316 if (cl == null) { 317 catalogEnum = ClassLoader.getSystemResources("META-INF/jax-ws-catalog.xml"); 318 } else { 319 catalogEnum = cl.getResources("META-INF/jax-ws-catalog.xml"); 320 } 321 322 while(catalogEnum.hasMoreElements()) { 323 URL url = catalogEnum.nextElement(); 324 catalog.parseCatalog(url); 325 } 326 } catch (IOException e) { 327 throw new WebServiceException(e); 328 } 329 330 return workaroundCatalogResolver(catalog); 331 } 332 333 /** 334 * Default CatalogResolver implementation is broken as it depends on CatalogManager.getCatalog() which will always create a new one when 335 * useStaticCatalog is false. 336 * This returns a CatalogResolver that uses the catalog passed as parameter. 337 * @param catalog 338 * @return CatalogResolver 339 */ 340 private static CatalogResolver workaroundCatalogResolver(final Catalog catalog) { 341 // set up a manager 342 CatalogManager manager = new CatalogManager() { 343 @Override 344 public Catalog getCatalog() { 345 return catalog; 346 } 347 }; 348 manager.setIgnoreMissingProperties(true); 349 // Using static catalog may result in to sharing of the catalog by multiple apps running in a container 350 manager.setUseStaticCatalog(false); 351 352 return new CatalogResolver(manager); 353 } 354 355 /** 356 * {@link ErrorHandler} that always treat the error as fatal. 357 */ 358 public static final ErrorHandler DRACONIAN_ERROR_HANDLER = new ErrorHandler() { 359 @Override 360 public void warning(SAXParseException exception) { 361 } 362 363 @Override 364 public void error(SAXParseException exception) throws SAXException { 365 throw exception; 366 } 367 368 @Override 369 public void fatalError(SAXParseException exception) throws SAXException { 370 throw exception; 371 } 372 }; 373 | 1 /* 2 * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package com.sun.xml.internal.ws.util.xml; 27 28 import com.sun.istack.internal.Nullable; 29 import com.sun.xml.internal.ws.server.ServerRtException; 30 import com.sun.xml.internal.ws.util.ByteArrayBuffer; 31 import java.io.IOException; 32 import java.io.InputStream; 33 import java.io.OutputStreamWriter; 34 import java.io.Writer; 35 import java.lang.reflect.Method; 36 import java.net.URL; 37 import java.security.AccessController; 38 import java.security.PrivilegedAction; 39 import java.util.ArrayList; 40 import java.util.Collections; 41 import java.util.Enumeration; 42 import java.util.Iterator; 43 import java.util.List; 44 import java.util.StringTokenizer; 45 import java.util.logging.Level; 46 import java.util.logging.Logger; 47 import java.util.stream.Collectors; 48 import javax.xml.XMLConstants; 49 import javax.xml.catalog.CatalogFeatures; 50 import javax.xml.catalog.CatalogFeatures.Feature; 51 import javax.xml.catalog.CatalogManager; 52 import javax.xml.namespace.QName; 53 import javax.xml.parsers.DocumentBuilderFactory; 54 import javax.xml.parsers.ParserConfigurationException; 55 import javax.xml.parsers.SAXParserFactory; 56 import javax.xml.stream.XMLInputFactory; 57 import javax.xml.transform.Result; 58 import javax.xml.transform.Source; 59 import javax.xml.transform.Transformer; 60 import javax.xml.transform.TransformerConfigurationException; 61 import javax.xml.transform.TransformerException; 62 import javax.xml.transform.TransformerFactory; 63 import javax.xml.transform.sax.SAXTransformerFactory; 64 import javax.xml.transform.sax.TransformerHandler; 65 import javax.xml.transform.stream.StreamSource; 66 import javax.xml.validation.SchemaFactory; 67 import javax.xml.ws.WebServiceException; 68 import javax.xml.xpath.XPathFactory; 69 import javax.xml.xpath.XPathFactoryConfigurationException; 70 import org.w3c.dom.Attr; 71 import org.w3c.dom.Element; 72 import org.w3c.dom.EntityReference; 73 import org.w3c.dom.Node; 74 import org.w3c.dom.NodeList; 75 import org.w3c.dom.Text; 76 import org.xml.sax.EntityResolver; 77 import org.xml.sax.ErrorHandler; 78 import org.xml.sax.InputSource; 79 import org.xml.sax.SAXException; 80 import org.xml.sax.SAXParseException; 81 import org.xml.sax.XMLReader; 82 83 /** 84 * @author WS Development Team 85 */ 86 public class XmlUtil { 87 88 // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used 89 private static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema"; 90 91 private final static String LEXICAL_HANDLER_PROPERTY = 92 "http://xml.org/sax/properties/lexical-handler"; 93 94 private static final Logger LOGGER = Logger.getLogger(XmlUtil.class.getName()); 95 96 private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.ws.disableXmlSecurity"; 97 98 private static boolean XML_SECURITY_DISABLED = AccessController.doPrivileged( 99 new PrivilegedAction<Boolean>() { 100 @Override 101 public Boolean run() { 272 reader.parse(toInputSource(ssrc)); 273 } else { 274 newTransformer().transform(src, result); 275 } 276 return result; 277 } 278 279 private static InputSource toInputSource(StreamSource src) { 280 InputSource is = new InputSource(); 281 is.setByteStream(src.getInputStream()); 282 is.setCharacterStream(src.getReader()); 283 is.setPublicId(src.getPublicId()); 284 is.setSystemId(src.getSystemId()); 285 return is; 286 } 287 288 /* 289 * Gets an EntityResolver using XML catalog 290 */ 291 public static EntityResolver createEntityResolver(@Nullable URL catalogUrl) { 292 ArrayList<URL> urlsArray = new ArrayList<URL>(); 293 EntityResolver er; 294 if (catalogUrl != null) { 295 urlsArray.add(catalogUrl); 296 } 297 try { 298 er = createCatalogResolver(urlsArray); 299 } catch (Exception e) { 300 throw new ServerRtException("server.rt.err",e); 301 } 302 return er; 303 } 304 305 /** 306 * Gets a default EntityResolver for catalog at META-INF/jaxws-catalog.xml 307 */ 308 public static EntityResolver createDefaultCatalogResolver() { 309 EntityResolver er; 310 try { 311 /** 312 * Gets a URLs for catalog defined at META-INF/jaxws-catalog.xml 313 */ 314 ClassLoader cl = Thread.currentThread().getContextClassLoader(); 315 Enumeration<URL> catalogEnum; 316 if (cl == null) { 317 catalogEnum = ClassLoader.getSystemResources("META-INF/jax-ws-catalog.xml"); 318 } else { 319 catalogEnum = cl.getResources("META-INF/jax-ws-catalog.xml"); 320 } 321 er = createCatalogResolver(Collections.list(catalogEnum)); 322 } catch (Exception e) { 323 throw new WebServiceException(e); 324 } 325 326 return er; 327 } 328 329 /** 330 * Instantiate catalog resolver using new catalog API (javax.xml.catalog.*) 331 * added in JDK9. Usage of new API removes dependency on internal API 332 * (com.sun.org.apache.xml.internal) for modular runtime. 333 */ 334 private static EntityResolver createCatalogResolver(ArrayList<URL> urls) throws Exception { 335 // Prepare array of catalog paths 336 String[] paths = urls.stream() 337 .map(u -> u.toExternalForm()) 338 .toArray(c -> new String[c]); 339 340 //Create CatalogResolver with new JDK9+ API 341 return (EntityResolver) CatalogManager.catalogResolver(catalogFeatures, paths); 342 } 343 344 // Cache CatalogFeatures instance for future usages. 345 // Resolve feature is set to "continue" value for backward compatibility. 346 private static CatalogFeatures catalogFeatures = CatalogFeatures.builder() 347 .with(Feature.RESOLVE, "continue") 348 .build(); 349 350 /** 351 * {@link ErrorHandler} that always treat the error as fatal. 352 */ 353 public static final ErrorHandler DRACONIAN_ERROR_HANDLER = new ErrorHandler() { 354 @Override 355 public void warning(SAXParseException exception) { 356 } 357 358 @Override 359 public void error(SAXParseException exception) throws SAXException { 360 throw exception; 361 } 362 363 @Override 364 public void fatalError(SAXParseException exception) throws SAXException { 365 throw exception; 366 } 367 }; 368 |