1 /* 2 * reserved comment block 3 * DO NOT REMOVE OR ALTER! 4 */ 5 /* 6 * Copyright 2001-2005 The Apache Software Foundation. 7 * 8 * Licensed under the Apache License, Version 2.0 (the "License"); 9 * you may not use this file except in compliance with the License. 10 * You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, 16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 * See the License for the specific language governing permissions and 18 * limitations under the License. 19 */ 20 21 package com.sun.org.apache.xerces.internal.parsers; 22 23 import com.sun.org.apache.xerces.internal.impl.Constants; 24 import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool; 25 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager; 26 import com.sun.org.apache.xerces.internal.util.SymbolTable; 27 import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; 28 29 /** 30 * This configuration allows Xerces to behave in a security-conscious manner; that is, 31 * it permits applications to instruct Xerces to limit certain 32 * operations that could be exploited by malicious document authors to cause a denail-of-service 33 * attack when the document is parsed. 34 * 35 * In addition to the features and properties recognized by the base 36 * parser configuration, this class recognizes these additional 37 * features and properties: 38 * <ul> 39 * <li>Properties 40 * <ul> 41 * <li>http://apache.org/xml/properties/security-manager</li> 42 * </ul> 43 * </ul> 44 * 45 * @author Neil Graham, IBM 46 * 47 * @version $Id: SecurityConfiguration.java,v 1.6 2010-11-01 04:40:09 joehw Exp $ 48 */ 49 public class SecurityConfiguration extends XIncludeAwareParserConfiguration 50 { 51 52 // 53 // Constants 54 // 55 56 protected static final String SECURITY_MANAGER_PROPERTY = 57 Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; 58 59 // 60 // Constructors 61 // 62 63 /** Default constructor. */ 64 public SecurityConfiguration () { 65 this(null, null, null); 66 } // <init>() 67 68 /** 69 * Constructs a parser configuration using the specified symbol table. 70 * 71 * @param symbolTable The symbol table to use. 72 */ 73 public SecurityConfiguration (SymbolTable symbolTable) { 74 this(symbolTable, null, null); 75 } // <init>(SymbolTable) 76 77 /** 78 * Constructs a parser configuration using the specified symbol table and 79 * grammar pool. 80 * <p> 81 * <strong>REVISIT:</strong> 82 * Grammar pool will be updated when the new validation engine is 83 * implemented. 84 * 85 * @param symbolTable The symbol table to use. 86 * @param grammarPool The grammar pool to use. 87 */ 88 public SecurityConfiguration (SymbolTable symbolTable, 89 XMLGrammarPool grammarPool) { 90 this(symbolTable, grammarPool, null); 91 } // <init>(SymbolTable,XMLGrammarPool) 92 93 /** 94 * Constructs a parser configuration using the specified symbol table, 95 * grammar pool, and parent settings. 96 * <p> 97 * <strong>REVISIT:</strong> 98 * Grammar pool will be updated when the new validation engine is 99 * implemented. 100 * 101 * @param symbolTable The symbol table to use. 102 * @param grammarPool The grammar pool to use. 103 * @param parentSettings The parent settings. 104 */ 105 public SecurityConfiguration (SymbolTable symbolTable, 106 XMLGrammarPool grammarPool, 107 XMLComponentManager parentSettings) { 108 super(symbolTable, grammarPool, parentSettings); 109 110 // create the SecurityManager property: 111 setProperty(SECURITY_MANAGER_PROPERTY, new XMLSecurityManager(true)); 112 } // <init>(SymbolTable,XMLGrammarPool) 113 114 } // class SecurityConfiguration