1 /*
2 * reserved comment block
3 * DO NOT REMOVE OR ALTER!
4 */
5 /*
6 * Copyright 2001-2005 The Apache Software Foundation.
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21 package com.sun.org.apache.xerces.internal.parsers;
22
23 import com.sun.org.apache.xerces.internal.impl.Constants;
24 import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
25 import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
26 import com.sun.org.apache.xerces.internal.util.SymbolTable;
27 import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
28
29 /**
30 * This configuration allows Xerces to behave in a security-conscious manner; that is,
31 * it permits applications to instruct Xerces to limit certain
32 * operations that could be exploited by malicious document authors to cause a denail-of-service
33 * attack when the document is parsed.
34 *
35 * In addition to the features and properties recognized by the base
36 * parser configuration, this class recognizes these additional
37 * features and properties:
38 * <ul>
39 * <li>Properties
40 * <ul>
41 * <li>http://apache.org/xml/properties/security-manager</li>
42 * </ul>
43 * </ul>
44 *
45 * @author Neil Graham, IBM
46 *
47 * @version $Id: SecurityConfiguration.java,v 1.6 2010-11-01 04:40:09 joehw Exp $
48 */
49 public class SecurityConfiguration extends XIncludeAwareParserConfiguration
50 {
51
52 //
53 // Constants
54 //
55
56 protected static final String SECURITY_MANAGER_PROPERTY =
57 Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
58
59 //
60 // Constructors
61 //
62
63 /** Default constructor. */
64 public SecurityConfiguration () {
65 this(null, null, null);
66 } // <init>()
67
68 /**
69 * Constructs a parser configuration using the specified symbol table.
70 *
71 * @param symbolTable The symbol table to use.
72 */
73 public SecurityConfiguration (SymbolTable symbolTable) {
74 this(symbolTable, null, null);
75 } // <init>(SymbolTable)
76
77 /**
78 * Constructs a parser configuration using the specified symbol table and
79 * grammar pool.
80 * <p>
81 * <strong>REVISIT:</strong>
82 * Grammar pool will be updated when the new validation engine is
83 * implemented.
84 *
85 * @param symbolTable The symbol table to use.
86 * @param grammarPool The grammar pool to use.
87 */
88 public SecurityConfiguration (SymbolTable symbolTable,
89 XMLGrammarPool grammarPool) {
90 this(symbolTable, grammarPool, null);
91 } // <init>(SymbolTable,XMLGrammarPool)
92
93 /**
94 * Constructs a parser configuration using the specified symbol table,
95 * grammar pool, and parent settings.
96 * <p>
97 * <strong>REVISIT:</strong>
98 * Grammar pool will be updated when the new validation engine is
99 * implemented.
100 *
101 * @param symbolTable The symbol table to use.
102 * @param grammarPool The grammar pool to use.
103 * @param parentSettings The parent settings.
104 */
105 public SecurityConfiguration (SymbolTable symbolTable,
106 XMLGrammarPool grammarPool,
107 XMLComponentManager parentSettings) {
108 super(symbolTable, grammarPool, parentSettings);
109
110 // create the SecurityManager property:
111 setProperty(SECURITY_MANAGER_PROPERTY, new XMLSecurityManager(true));
112 } // <init>(SymbolTable,XMLGrammarPool)
113
114 } // class SecurityConfiguration