95
96 /** Property identifier: Security property manager. */
97 private static final String XML_SECURITY_PROPERTY_MANAGER =
98 Constants.XML_SECURITY_PROPERTY_MANAGER;
99
100 private final JAXPSAXParser xmlReader;
101 private String schemaLanguage = null; // null means DTD
102 private final Schema grammar;
103
104 private final XMLComponent fSchemaValidator;
105 private final XMLComponentManager fSchemaValidatorComponentManager;
106 private final ValidationManager fSchemaValidationManager;
107 private final UnparsedEntityHandler fUnparsedEntityHandler;
108
109 /** Initial ErrorHandler */
110 private final ErrorHandler fInitErrorHandler;
111
112 /** Initial EntityResolver */
113 private final EntityResolver fInitEntityResolver;
114
115 private XMLSecurityPropertyManager fSecurityPropertyMgr;
116
117 /**
118 * Create a SAX parser with the associated features
119 * @param features Hashtable of SAX features, may be null
120 */
121 SAXParserImpl(SAXParserFactoryImpl spf, Hashtable features)
122 throws SAXException {
123 this(spf, features, false);
124 }
125
126 /**
127 * Create a SAX parser with the associated features
128 * @param features Hashtable of SAX features, may be null
129 */
130 SAXParserImpl(SAXParserFactoryImpl spf, Hashtable features, boolean secureProcessing)
131 throws SAXException
132 {
133 // Instantiate a SAXParser directly and not through SAX so that we use the right ClassLoader
134 xmlReader = new JAXPSAXParser(this);
135
136 // JAXP "namespaceAware" == SAX Namespaces feature
137 // Note: there is a compatibility problem here with default values:
138 // JAXP default is false while SAX 2 default is true!
139 xmlReader.setFeature0(NAMESPACES_FEATURE, spf.isNamespaceAware());
140
141 // SAX "namespaces" and "namespace-prefixes" features should not
142 // both be false. We make them opposite for backward compatibility
143 // since JAXP 1.0 apps may want to receive xmlns* attributes.
144 xmlReader.setFeature0(NAMESPACE_PREFIXES_FEATURE, !spf.isNamespaceAware());
145
146 // Avoid setting the XInclude processing feature if the value is false.
147 // This will keep the configuration from throwing an exception if it
148 // does not support XInclude.
149 if (spf.isXIncludeAware()) {
150 xmlReader.setFeature0(XINCLUDE_FEATURE, true);
151 }
152
153 fSecurityPropertyMgr = new XMLSecurityPropertyManager();
154 xmlReader.setProperty0(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
155
156 // If the secure processing feature is on set a security manager.
157 if (secureProcessing) {
158 xmlReader.setProperty0(SECURITY_MANAGER, new SecurityManager());
159 /**
160 * By default, secure processing is set, no external access is allowed.
161 * However, we need to check if it is actively set on the factory since we
162 * allow the use of the System Property or jaxp.properties to override
163 * the default value
164 */
165 if (features != null) {
166 Object temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING);
167 if (temp != null) {
168 boolean value = ((Boolean) temp).booleanValue();
169 if (value && Constants.IS_JDK8_OR_ABOVE) {
170 fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD,
171 XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
172 fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA,
173 XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
380 }
381
382 public AttributePSVI getAttributePSVI(int index) {
383 return ((PSVIProvider)xmlReader).getAttributePSVI(index);
384 }
385
386 public AttributePSVI getAttributePSVIByName(String uri, String localname) {
387 return ((PSVIProvider)xmlReader).getAttributePSVIByName(uri, localname);
388 }
389
390 /**
391 * Extension of SAXParser. This class tracks changes to
392 * features and properties to allow the parser to be reset to
393 * its initial state.
394 */
395 public static class JAXPSAXParser extends com.sun.org.apache.xerces.internal.parsers.SAXParser {
396
397 private final HashMap fInitFeatures = new HashMap();
398 private final HashMap fInitProperties = new HashMap();
399 private final SAXParserImpl fSAXParser;
400
401 public JAXPSAXParser() {
402 this(null);
403 }
404
405 JAXPSAXParser(SAXParserImpl saxParser) {
406 super();
407 fSAXParser = saxParser;
408 }
409
410 /**
411 * Override SAXParser's setFeature method to track the initial state
412 * of features. This keeps us from affecting the performance of the
413 * SAXParser when it is created with XMLReaderFactory.
414 */
415 public synchronized void setFeature(String name, boolean value)
416 throws SAXNotRecognizedException, SAXNotSupportedException {
417 if (name == null) {
418 // TODO: Add localized error message.
419 throw new NullPointerException();
420 }
421 if (name.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) {
422 try {
423 setProperty(SECURITY_MANAGER, value ? new SecurityManager() : null);
424 }
425 catch (SAXNotRecognizedException exc) {
426 // If the property is not supported
427 // re-throw the exception if the value is true.
428 if (value) {
525 if ( val != null && W3C_XML_SCHEMA.equals(val) ) {
526 if (!fInitProperties.containsKey(JAXP_SCHEMA_SOURCE)) {
527 fInitProperties.put(JAXP_SCHEMA_SOURCE, super.getProperty(JAXP_SCHEMA_SOURCE));
528 }
529 super.setProperty(name, value);
530 }
531 else {
532 throw new SAXNotSupportedException(
533 SAXMessageFormatter.formatMessage(fConfiguration.getLocale(),
534 "jaxp-order-not-supported",
535 new Object[] {JAXP_SCHEMA_LANGUAGE, JAXP_SCHEMA_SOURCE}));
536 }
537 return;
538 }
539 }
540 /** Forward property to the schema validator if there is one. **/
541 if (fSAXParser != null && fSAXParser.fSchemaValidator != null) {
542 setSchemaValidatorProperty(name, value);
543 }
544 /** Check to see if the property is managed by the property manager **/
545 int index = fSAXParser.fSecurityPropertyMgr.getIndex(name);
546 if (index > -1) {
547 fSAXParser.fSecurityPropertyMgr.setValue(index,
548 XMLSecurityPropertyManager.State.APIPROPERTY, (String)value);
549 } else {
550 if (!fInitProperties.containsKey(name)) {
551 fInitProperties.put(name, super.getProperty(name));
552 }
553 super.setProperty(name, value);
554 }
555 }
556
557 public synchronized Object getProperty(String name)
558 throws SAXNotRecognizedException, SAXNotSupportedException {
559 if (name == null) {
560 // TODO: Add localized error message.
561 throw new NullPointerException();
562 }
563 if (fSAXParser != null && JAXP_SCHEMA_LANGUAGE.equals(name)) {
564 // JAXP 1.2 support
565 return fSAXParser.schemaLanguage;
566 }
567 int index = fSAXParser.fSecurityPropertyMgr.getIndex(name);
568 if (index > -1) {
569 return fSAXParser.fSecurityPropertyMgr.getValueByIndex(index);
570 }
571
572 return super.getProperty(name);
573 }
574
575 synchronized void restoreInitState()
576 throws SAXNotRecognizedException, SAXNotSupportedException {
577 Iterator iter;
578 if (!fInitFeatures.isEmpty()) {
579 iter = fInitFeatures.entrySet().iterator();
580 while (iter.hasNext()) {
581 Map.Entry entry = (Map.Entry) iter.next();
582 String name = (String) entry.getKey();
583 boolean value = ((Boolean) entry.getValue()).booleanValue();
584 super.setFeature(name, value);
585 }
586 fInitFeatures.clear();
587 }
588 if (!fInitProperties.isEmpty()) {
589 iter = fInitProperties.entrySet().iterator();
|
95
96 /** Property identifier: Security property manager. */
97 private static final String XML_SECURITY_PROPERTY_MANAGER =
98 Constants.XML_SECURITY_PROPERTY_MANAGER;
99
100 private final JAXPSAXParser xmlReader;
101 private String schemaLanguage = null; // null means DTD
102 private final Schema grammar;
103
104 private final XMLComponent fSchemaValidator;
105 private final XMLComponentManager fSchemaValidatorComponentManager;
106 private final ValidationManager fSchemaValidationManager;
107 private final UnparsedEntityHandler fUnparsedEntityHandler;
108
109 /** Initial ErrorHandler */
110 private final ErrorHandler fInitErrorHandler;
111
112 /** Initial EntityResolver */
113 private final EntityResolver fInitEntityResolver;
114
115 private final XMLSecurityPropertyManager fSecurityPropertyMgr;
116
117 /**
118 * Create a SAX parser with the associated features
119 * @param features Hashtable of SAX features, may be null
120 */
121 SAXParserImpl(SAXParserFactoryImpl spf, Hashtable features)
122 throws SAXException {
123 this(spf, features, false);
124 }
125
126 /**
127 * Create a SAX parser with the associated features
128 * @param features Hashtable of SAX features, may be null
129 */
130 SAXParserImpl(SAXParserFactoryImpl spf, Hashtable features, boolean secureProcessing)
131 throws SAXException
132 {
133 fSecurityPropertyMgr = new XMLSecurityPropertyManager();
134
135 // Instantiate a SAXParser directly and not through SAX so that we use the right ClassLoader
136 xmlReader = new JAXPSAXParser(this, fSecurityPropertyMgr);
137
138 // JAXP "namespaceAware" == SAX Namespaces feature
139 // Note: there is a compatibility problem here with default values:
140 // JAXP default is false while SAX 2 default is true!
141 xmlReader.setFeature0(NAMESPACES_FEATURE, spf.isNamespaceAware());
142
143 // SAX "namespaces" and "namespace-prefixes" features should not
144 // both be false. We make them opposite for backward compatibility
145 // since JAXP 1.0 apps may want to receive xmlns* attributes.
146 xmlReader.setFeature0(NAMESPACE_PREFIXES_FEATURE, !spf.isNamespaceAware());
147
148 // Avoid setting the XInclude processing feature if the value is false.
149 // This will keep the configuration from throwing an exception if it
150 // does not support XInclude.
151 if (spf.isXIncludeAware()) {
152 xmlReader.setFeature0(XINCLUDE_FEATURE, true);
153 }
154
155 xmlReader.setProperty0(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
156
157 // If the secure processing feature is on set a security manager.
158 if (secureProcessing) {
159 xmlReader.setProperty0(SECURITY_MANAGER, new SecurityManager());
160 /**
161 * By default, secure processing is set, no external access is allowed.
162 * However, we need to check if it is actively set on the factory since we
163 * allow the use of the System Property or jaxp.properties to override
164 * the default value
165 */
166 if (features != null) {
167 Object temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING);
168 if (temp != null) {
169 boolean value = ((Boolean) temp).booleanValue();
170 if (value && Constants.IS_JDK8_OR_ABOVE) {
171 fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD,
172 XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
173 fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA,
174 XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
381 }
382
383 public AttributePSVI getAttributePSVI(int index) {
384 return ((PSVIProvider)xmlReader).getAttributePSVI(index);
385 }
386
387 public AttributePSVI getAttributePSVIByName(String uri, String localname) {
388 return ((PSVIProvider)xmlReader).getAttributePSVIByName(uri, localname);
389 }
390
391 /**
392 * Extension of SAXParser. This class tracks changes to
393 * features and properties to allow the parser to be reset to
394 * its initial state.
395 */
396 public static class JAXPSAXParser extends com.sun.org.apache.xerces.internal.parsers.SAXParser {
397
398 private final HashMap fInitFeatures = new HashMap();
399 private final HashMap fInitProperties = new HashMap();
400 private final SAXParserImpl fSAXParser;
401 private XMLSecurityPropertyManager fSecurityPropertyMgr;
402
403
404 public JAXPSAXParser() {
405 this(null, null);
406 }
407
408 JAXPSAXParser(SAXParserImpl saxParser, XMLSecurityPropertyManager spm) {
409 super();
410 fSAXParser = saxParser;
411 fSecurityPropertyMgr = spm;
412
413 /**
414 * This class may be used directly. So initialize the security manager if
415 * it is null.
416 */
417 if (fSecurityPropertyMgr == null) {
418 fSecurityPropertyMgr = new XMLSecurityPropertyManager();
419 try {
420 super.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
421 } catch (SAXException e) {
422 throw new UnsupportedOperationException(
423 SAXMessageFormatter.formatMessage(fConfiguration.getLocale(),
424 "property-not-recognized", new Object [] {SECURITY_MANAGER}), e);
425 }
426 }
427 }
428
429 /**
430 * Override SAXParser's setFeature method to track the initial state
431 * of features. This keeps us from affecting the performance of the
432 * SAXParser when it is created with XMLReaderFactory.
433 */
434 public synchronized void setFeature(String name, boolean value)
435 throws SAXNotRecognizedException, SAXNotSupportedException {
436 if (name == null) {
437 // TODO: Add localized error message.
438 throw new NullPointerException();
439 }
440 if (name.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) {
441 try {
442 setProperty(SECURITY_MANAGER, value ? new SecurityManager() : null);
443 }
444 catch (SAXNotRecognizedException exc) {
445 // If the property is not supported
446 // re-throw the exception if the value is true.
447 if (value) {
544 if ( val != null && W3C_XML_SCHEMA.equals(val) ) {
545 if (!fInitProperties.containsKey(JAXP_SCHEMA_SOURCE)) {
546 fInitProperties.put(JAXP_SCHEMA_SOURCE, super.getProperty(JAXP_SCHEMA_SOURCE));
547 }
548 super.setProperty(name, value);
549 }
550 else {
551 throw new SAXNotSupportedException(
552 SAXMessageFormatter.formatMessage(fConfiguration.getLocale(),
553 "jaxp-order-not-supported",
554 new Object[] {JAXP_SCHEMA_LANGUAGE, JAXP_SCHEMA_SOURCE}));
555 }
556 return;
557 }
558 }
559 /** Forward property to the schema validator if there is one. **/
560 if (fSAXParser != null && fSAXParser.fSchemaValidator != null) {
561 setSchemaValidatorProperty(name, value);
562 }
563 /** Check to see if the property is managed by the property manager **/
564 int index = (fSecurityPropertyMgr != null) ? fSecurityPropertyMgr.getIndex(name) : -1;
565 if (index > -1) {
566 fSecurityPropertyMgr.setValue(index,
567 XMLSecurityPropertyManager.State.APIPROPERTY, (String)value);
568 } else {
569 if (!fInitProperties.containsKey(name)) {
570 fInitProperties.put(name, super.getProperty(name));
571 }
572 super.setProperty(name, value);
573 }
574 }
575
576 public synchronized Object getProperty(String name)
577 throws SAXNotRecognizedException, SAXNotSupportedException {
578 if (name == null) {
579 // TODO: Add localized error message.
580 throw new NullPointerException();
581 }
582 if (fSAXParser != null && JAXP_SCHEMA_LANGUAGE.equals(name)) {
583 // JAXP 1.2 support
584 return fSAXParser.schemaLanguage;
585 }
586 int index = (fSecurityPropertyMgr != null) ? fSecurityPropertyMgr.getIndex(name) : -1;
587 if (index > -1) {
588 return fSecurityPropertyMgr.getValueByIndex(index);
589 }
590
591 return super.getProperty(name);
592 }
593
594 synchronized void restoreInitState()
595 throws SAXNotRecognizedException, SAXNotSupportedException {
596 Iterator iter;
597 if (!fInitFeatures.isEmpty()) {
598 iter = fInitFeatures.entrySet().iterator();
599 while (iter.hasNext()) {
600 Map.Entry entry = (Map.Entry) iter.next();
601 String name = (String) entry.getKey();
602 boolean value = ((Boolean) entry.getValue()).booleanValue();
603 super.setFeature(name, value);
604 }
605 fInitFeatures.clear();
606 }
607 if (!fInitProperties.isEmpty()) {
608 iter = fInitProperties.entrySet().iterator();
|