com.sun.org.apache.xerces.internal.utils.XMLSecurityManager Java Examples

The following examples show how to use com.sun.org.apache.xerces.internal.utils.XMLSecurityManager. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: XMLDocumentFragmentScannerImpl.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
void resetCommon() {
    // initialize vars
    fMarkupDepth = 0;
    fCurrentElement = null;
    fElementStack.clear();
    fHasExternalDTD = false;
    fStandaloneSet = false;
    fStandalone = false;
    fInScanContent = false;
    //skipping algorithm
    fShouldSkip = false;
    fAdd = false;
    fSkip = false;

    fEntityStore = fEntityManager.getEntityStore();
    dtdGrammarUtil = null;

    if (fSecurityManager != null) {
        fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
    } else {
        fElementAttributeLimit = 0;
    }
    fLimitAnalyzer = new XMLLimitAnalyzer();
    fEntityManager.setLimitAnalyzer(fLimitAnalyzer);
}
 
Example #2
Source File: XMLSchemaFactory.java    From jdk1.8-source-analysis with Apache License 2.0 6 votes vote down vote up
private XMLSchemaFactory(boolean useServicesMechanism) {
    fUseServicesMechanism = useServicesMechanism;
    fErrorHandlerWrapper = new ErrorHandlerWrapper(DraconianErrorHandler.getInstance());
    fDOMEntityResolverWrapper = new DOMEntityResolverWrapper();
    fXMLGrammarPoolWrapper = new XMLGrammarPoolWrapper();
    fXMLSchemaLoader.setFeature(SCHEMA_FULL_CHECKING, true);
    fXMLSchemaLoader.setProperty(XMLGRAMMAR_POOL, fXMLGrammarPoolWrapper);
    fXMLSchemaLoader.setEntityResolver(fDOMEntityResolverWrapper);
    fXMLSchemaLoader.setErrorHandler(fErrorHandlerWrapper);

    // Enable secure processing feature by default
    fSecurityManager = new XMLSecurityManager(true);
    fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);

    fSecurityPropertyMgr = new XMLSecurityPropertyManager();
    fXMLSchemaLoader.setProperty(XML_SECURITY_PROPERTY_MANAGER,
            fSecurityPropertyMgr);
}
 
Example #3
Source File: CMNodeFactory.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Sets the value of a property. This method is called by the component
 * manager any time after reset when a property changes value.
 * <p>
 * <strong>Note:</strong> Components should silently ignore properties
 * that do not affect the operation of the component.
 *
 * @param propertyId The property identifier.
 * @param value      The value of the property.
 *
 * @throws SAXNotRecognizedException The component should not throw
 *                                   this exception.
 * @throws SAXNotSupportedException The component should not throw
 *                                  this exception.
 */
public void setProperty(String propertyId, Object value)
    throws XMLConfigurationException {

    // Xerces properties
    if (propertyId.startsWith(Constants.XERCES_PROPERTY_PREFIX)) {
            final int suffixLength = propertyId.length() - Constants.XERCES_PROPERTY_PREFIX.length();

        if (suffixLength == Constants.SECURITY_MANAGER_PROPERTY.length() &&
            propertyId.endsWith(Constants.SECURITY_MANAGER_PROPERTY)) {
            fSecurityManager = (XMLSecurityManager)value;
            maxNodeLimit = (fSecurityManager != null) ?
                    fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_OCCUR_NODE_LIMIT) * MULTIPLICITY : 0 ;
            return;
        }
        if (suffixLength == Constants.ERROR_REPORTER_PROPERTY.length() &&
            propertyId.endsWith(Constants.ERROR_REPORTER_PROPERTY)) {
            fErrorReporter = (XMLErrorReporter)value;
            return;
        }
    }

}
 
Example #4
Source File: XMLScanner.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
public void reset(PropertyManager propertyManager) {
    init();
    // Xerces properties
    fSymbolTable = (SymbolTable)propertyManager.getProperty(Constants.XERCES_PROPERTY_PREFIX + Constants.SYMBOL_TABLE_PROPERTY);

    fErrorReporter = (XMLErrorReporter)propertyManager.getProperty(Constants.XERCES_PROPERTY_PREFIX + Constants.ERROR_REPORTER_PROPERTY);

    fEntityManager = (XMLEntityManager)propertyManager.getProperty(ENTITY_MANAGER);
    fEntityStore = fEntityManager.getEntityStore() ;
    fEntityScanner = (XMLEntityScanner)fEntityManager.getEntityScanner() ;
    fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(SECURITY_MANAGER);

    //fEntityManager.reset();
    // DTD preparsing defaults:
    fValidation = false;
    fNotifyCharRefs = false;

}
 
Example #5
Source File: CMNodeFactory.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Sets the value of a property. This method is called by the component
 * manager any time after reset when a property changes value.
 * <p>
 * <strong>Note:</strong> Components should silently ignore properties
 * that do not affect the operation of the component.
 *
 * @param propertyId The property identifier.
 * @param value      The value of the property.
 *
 * @throws SAXNotRecognizedException The component should not throw
 *                                   this exception.
 * @throws SAXNotSupportedException The component should not throw
 *                                  this exception.
 */
public void setProperty(String propertyId, Object value)
    throws XMLConfigurationException {

    // Xerces properties
    if (propertyId.startsWith(Constants.XERCES_PROPERTY_PREFIX)) {
            final int suffixLength = propertyId.length() - Constants.XERCES_PROPERTY_PREFIX.length();

        if (suffixLength == Constants.SECURITY_MANAGER_PROPERTY.length() &&
            propertyId.endsWith(Constants.SECURITY_MANAGER_PROPERTY)) {
            fSecurityManager = (XMLSecurityManager)value;
            maxNodeLimit = (fSecurityManager != null) ?
                    fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_OCCUR_NODE_LIMIT) * MULTIPLICITY : 0 ;
            return;
        }
        if (suffixLength == Constants.ERROR_REPORTER_PROPERTY.length() &&
            propertyId.endsWith(Constants.ERROR_REPORTER_PROPERTY)) {
            fErrorReporter = (XMLErrorReporter)value;
            return;
        }
    }

}
 
Example #6
Source File: XMLDocumentFragmentScannerImpl.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
void resetCommon() {
    // initialize vars
    fMarkupDepth = 0;
    fCurrentElement = null;
    fElementStack.clear();
    fHasExternalDTD = false;
    fStandaloneSet = false;
    fStandalone = false;
    fInScanContent = false;
    //skipping algorithm
    fShouldSkip = false;
    fAdd = false;
    fSkip = false;

    fEntityStore = fEntityManager.getEntityStore();
    dtdGrammarUtil = null;

    if (fSecurityManager != null) {
        fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
        fXMLNameLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_NAME_LIMIT);
    } else {
        fElementAttributeLimit = 0;
        fXMLNameLimit = XMLSecurityManager.Limit.MAX_NAME_LIMIT.defaultValue();
    }
    fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
}
 
Example #7
Source File: XMLSchemaFactory.java    From JDKSourceCode1.8 with MIT License 6 votes vote down vote up
public XMLSchemaFactory() {
    fErrorHandlerWrapper = new ErrorHandlerWrapper(DraconianErrorHandler.getInstance());
    fDOMEntityResolverWrapper = new DOMEntityResolverWrapper();
    fXMLGrammarPoolWrapper = new XMLGrammarPoolWrapper();
    fXMLSchemaLoader.setFeature(SCHEMA_FULL_CHECKING, true);
    fXMLSchemaLoader.setProperty(XMLGRAMMAR_POOL, fXMLGrammarPoolWrapper);
    fXMLSchemaLoader.setEntityResolver(fDOMEntityResolverWrapper);
    fXMLSchemaLoader.setErrorHandler(fErrorHandlerWrapper);

    // Enable secure processing feature by default
    fSecurityManager = new XMLSecurityManager(true);
    fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);

    fSecurityPropertyMgr = new XMLSecurityPropertyManager();
    fXMLSchemaLoader.setProperty(XML_SECURITY_PROPERTY_MANAGER,
            fSecurityPropertyMgr);
    fXmlFeatures = new JdkXmlFeatures(fSecurityManager.isSecureProcessing());
    fOverrideDefaultParser = fXmlFeatures.getFeature(
                    JdkXmlFeatures.XmlFeature.JDK_OVERRIDE_PARSER);
    fXMLSchemaLoader.setFeature(JdkXmlUtils.OVERRIDE_PARSER, fOverrideDefaultParser);
}
 
Example #8
Source File: CMNodeFactory.java    From openjdk-8-source with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Sets the value of a property. This method is called by the component
 * manager any time after reset when a property changes value.
 * <p>
 * <strong>Note:</strong> Components should silently ignore properties
 * that do not affect the operation of the component.
 *
 * @param propertyId The property identifier.
 * @param value      The value of the property.
 *
 * @throws SAXNotRecognizedException The component should not throw
 *                                   this exception.
 * @throws SAXNotSupportedException The component should not throw
 *                                  this exception.
 */
public void setProperty(String propertyId, Object value)
    throws XMLConfigurationException {

    // Xerces properties
    if (propertyId.startsWith(Constants.XERCES_PROPERTY_PREFIX)) {
            final int suffixLength = propertyId.length() - Constants.XERCES_PROPERTY_PREFIX.length();

        if (suffixLength == Constants.SECURITY_MANAGER_PROPERTY.length() &&
            propertyId.endsWith(Constants.SECURITY_MANAGER_PROPERTY)) {
            fSecurityManager = (XMLSecurityManager)value;
            maxNodeLimit = (fSecurityManager != null) ?
                    fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_OCCUR_NODE_LIMIT) * MULTIPLICITY : 0 ;
            return;
        }
        if (suffixLength == Constants.ERROR_REPORTER_PROPERTY.length() &&
            propertyId.endsWith(Constants.ERROR_REPORTER_PROPERTY)) {
            fErrorReporter = (XMLErrorReporter)value;
            return;
        }
    }

}
 
Example #9
Source File: XMLScanner.java    From jdk8u60 with GNU General Public License v2.0 6 votes vote down vote up
public void reset(PropertyManager propertyManager) {
    init();
    // Xerces properties
    fSymbolTable = (SymbolTable)propertyManager.getProperty(Constants.XERCES_PROPERTY_PREFIX + Constants.SYMBOL_TABLE_PROPERTY);

    fErrorReporter = (XMLErrorReporter)propertyManager.getProperty(Constants.XERCES_PROPERTY_PREFIX + Constants.ERROR_REPORTER_PROPERTY);

    fEntityManager = (XMLEntityManager)propertyManager.getProperty(ENTITY_MANAGER);
    fEntityStore = fEntityManager.getEntityStore() ;
    fEntityScanner = (XMLEntityScanner)fEntityManager.getEntityScanner() ;
    fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(SECURITY_MANAGER);

    //fEntityManager.reset();
    // DTD preparsing defaults:
    fValidation = false;
    fNotifyCharRefs = false;

}
 
Example #10
Source File: XMLScanner.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
public void reset(PropertyManager propertyManager) {
    init();
    // Xerces properties
    fSymbolTable = (SymbolTable)propertyManager.getProperty(Constants.XERCES_PROPERTY_PREFIX + Constants.SYMBOL_TABLE_PROPERTY);

    fErrorReporter = (XMLErrorReporter)propertyManager.getProperty(Constants.XERCES_PROPERTY_PREFIX + Constants.ERROR_REPORTER_PROPERTY);

    fEntityManager = (XMLEntityManager)propertyManager.getProperty(ENTITY_MANAGER);
    fEntityStore = fEntityManager.getEntityStore() ;
    fEntityScanner = (XMLEntityScanner)fEntityManager.getEntityScanner() ;
    fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(SECURITY_MANAGER);

    //fEntityManager.reset();
    // DTD preparsing defaults:
    fValidation = false;
    fNotifyCharRefs = false;

}
 
Example #11
Source File: XMLSchemaFactory.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
private XMLSchemaFactory(boolean useServicesMechanism) {
    fUseServicesMechanism = useServicesMechanism;
    fErrorHandlerWrapper = new ErrorHandlerWrapper(DraconianErrorHandler.getInstance());
    fDOMEntityResolverWrapper = new DOMEntityResolverWrapper();
    fXMLGrammarPoolWrapper = new XMLGrammarPoolWrapper();
    fXMLSchemaLoader.setFeature(SCHEMA_FULL_CHECKING, true);
    fXMLSchemaLoader.setProperty(XMLGRAMMAR_POOL, fXMLGrammarPoolWrapper);
    fXMLSchemaLoader.setEntityResolver(fDOMEntityResolverWrapper);
    fXMLSchemaLoader.setErrorHandler(fErrorHandlerWrapper);

    // Enable secure processing feature by default
    fSecurityManager = new XMLSecurityManager(true);
    fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);

    fSecurityPropertyMgr = new XMLSecurityPropertyManager();
    fXMLSchemaLoader.setProperty(XML_SECURITY_PROPERTY_MANAGER,
            fSecurityPropertyMgr);
}
 
Example #12
Source File: CMNodeFactory.java    From jdk1.8-source-analysis with Apache License 2.0 6 votes vote down vote up
/**
 * Sets the value of a property. This method is called by the component
 * manager any time after reset when a property changes value.
 * <p>
 * <strong>Note:</strong> Components should silently ignore properties
 * that do not affect the operation of the component.
 *
 * @param propertyId The property identifier.
 * @param value      The value of the property.
 *
 * @throws SAXNotRecognizedException The component should not throw
 *                                   this exception.
 * @throws SAXNotSupportedException The component should not throw
 *                                  this exception.
 */
public void setProperty(String propertyId, Object value)
    throws XMLConfigurationException {

    // Xerces properties
    if (propertyId.startsWith(Constants.XERCES_PROPERTY_PREFIX)) {
            final int suffixLength = propertyId.length() - Constants.XERCES_PROPERTY_PREFIX.length();

        if (suffixLength == Constants.SECURITY_MANAGER_PROPERTY.length() &&
            propertyId.endsWith(Constants.SECURITY_MANAGER_PROPERTY)) {
            fSecurityManager = (XMLSecurityManager)value;
            maxNodeLimit = (fSecurityManager != null) ?
                    fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_OCCUR_NODE_LIMIT) * MULTIPLICITY : 0 ;
            return;
        }
        if (suffixLength == Constants.ERROR_REPORTER_PROPERTY.length() &&
            propertyId.endsWith(Constants.ERROR_REPORTER_PROPERTY)) {
            fErrorReporter = (XMLErrorReporter)value;
            return;
        }
    }

}
 
Example #13
Source File: XMLDocumentFragmentScannerImpl.java    From jdk1.8-source-analysis with Apache License 2.0 6 votes vote down vote up
void resetCommon() {
    // initialize vars
    fMarkupDepth = 0;
    fCurrentElement = null;
    fElementStack.clear();
    fHasExternalDTD = false;
    fStandaloneSet = false;
    fStandalone = false;
    fInScanContent = false;
    //skipping algorithm
    fShouldSkip = false;
    fAdd = false;
    fSkip = false;

    fEntityStore = fEntityManager.getEntityStore();
    dtdGrammarUtil = null;

    if (fSecurityManager != null) {
        fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
        fXMLNameLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_NAME_LIMIT);
    } else {
        fElementAttributeLimit = 0;
        fXMLNameLimit = XMLSecurityManager.Limit.MAX_NAME_LIMIT.defaultValue();
    }
    fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
}
 
Example #14
Source File: StreamValidatorHelper.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
private XMLParserConfiguration initialize() {
    XML11Configuration config = new XML11Configuration();
    if (fComponentManager.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING)) {
        config.setProperty(SECURITY_MANAGER, new XMLSecurityManager());
    }
    config.setProperty(ENTITY_RESOLVER, fComponentManager.getProperty(ENTITY_RESOLVER));
    config.setProperty(ERROR_HANDLER, fComponentManager.getProperty(ERROR_HANDLER));
    XMLErrorReporter errorReporter = (XMLErrorReporter) fComponentManager.getProperty(ERROR_REPORTER);
    config.setProperty(ERROR_REPORTER, errorReporter);
    // add message formatters
    if (errorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) {
        XMLMessageFormatter xmft = new XMLMessageFormatter();
        errorReporter.putMessageFormatter(XMLMessageFormatter.XML_DOMAIN, xmft);
        errorReporter.putMessageFormatter(XMLMessageFormatter.XMLNS_DOMAIN, xmft);
    }
    config.setProperty(SYMBOL_TABLE, fComponentManager.getProperty(SYMBOL_TABLE));
    config.setProperty(VALIDATION_MANAGER, fComponentManager.getProperty(VALIDATION_MANAGER));
    config.setDocumentHandler(fSchemaValidator);
    config.setDTDHandler(null);
    config.setDTDContentModelHandler(null);
    config.setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER,
            fComponentManager.getProperty(Constants.XML_SECURITY_PROPERTY_MANAGER));
    config.setProperty(Constants.SECURITY_MANAGER,
            fComponentManager.getProperty(Constants.SECURITY_MANAGER));
    fConfiguration = new SoftReference(config);
    return config;
}
 
Example #15
Source File: XMLSchemaValidatorComponentManager.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Sets the state of a property.
 *
 * @param propertyId The unique identifier (URI) of the property.
 * @param value The requested state of the property.
 *
 * @exception XMLConfigurationException If the requested property is not known.
 */
public void setProperty(String propertyId, Object value) throws XMLConfigurationException {
    if ( ENTITY_MANAGER.equals(propertyId) || ERROR_REPORTER.equals(propertyId) ||
         NAMESPACE_CONTEXT.equals(propertyId) || SCHEMA_VALIDATOR.equals(propertyId) ||
         SYMBOL_TABLE.equals(propertyId) || VALIDATION_MANAGER.equals(propertyId) ||
         XMLGRAMMAR_POOL.equals(propertyId)) {
        throw new XMLConfigurationException(Status.NOT_SUPPORTED, propertyId);
    }
    fConfigUpdated = true;
    fEntityManager.setProperty(propertyId, value);
    fErrorReporter.setProperty(propertyId, value);
    fSchemaValidator.setProperty(propertyId, value);
    if (ENTITY_RESOLVER.equals(propertyId) || ERROR_HANDLER.equals(propertyId) ||
            SECURITY_MANAGER.equals(propertyId)) {
        fComponents.put(propertyId, value);
        return;
    }
    else if (LOCALE.equals(propertyId)) {
        setLocale((Locale) value);
        fComponents.put(propertyId, value);
        return;
    }
    //check if the property is managed by security manager
    if (fInitSecurityManager == null ||
            !fInitSecurityManager.setLimit(propertyId, XMLSecurityManager.State.APIPROPERTY, value)) {
        //check if the property is managed by security property manager
        if (fSecurityPropertyMgr == null ||
                !fSecurityPropertyMgr.setValue(propertyId, XMLSecurityPropertyManager.State.APIPROPERTY, value)) {
            //fall back to the existing property manager
            if (!fInitProperties.containsKey(propertyId)) {
                fInitProperties.put(propertyId, super.getProperty(propertyId));
            }
            super.setProperty(propertyId, value);
        }
    }
}
 
Example #16
Source File: XMLScanner.java    From JDKSourceCode1.8 with MIT License 5 votes vote down vote up
/**
 * Sets the value of a property during parsing.
 *
 * @param propertyId
 * @param value
 */
public void setProperty(String propertyId, Object value)
throws XMLConfigurationException {

    // Xerces properties
    if (propertyId.startsWith(Constants.XERCES_PROPERTY_PREFIX)) {
        String property =
                propertyId.substring(Constants.XERCES_PROPERTY_PREFIX.length());
        if (property.equals(Constants.SYMBOL_TABLE_PROPERTY)) {
            fSymbolTable = (SymbolTable)value;
        } else if (property.equals(Constants.ERROR_REPORTER_PROPERTY)) {
            fErrorReporter = (XMLErrorReporter)value;
        } else if (property.equals(Constants.ENTITY_MANAGER_PROPERTY)) {
            fEntityManager = (XMLEntityManager)value;
        }
    }

    if (propertyId.equals(SECURITY_MANAGER)) {
        fSecurityManager = (XMLSecurityManager)value;
    }
            /*else if(propertyId.equals(Constants.STAX_PROPERTIES)){
        fStaxProperties = (HashMap)value;
        //TODO::discuss with neeraj what are his thoughts on passing properties.
        //For now use this
    }*/

}
 
Example #17
Source File: XMLScanner.java    From JDKSourceCode1.8 with MIT License 5 votes vote down vote up
/**
 *
 *
 * @param componentManager The component manager.
 *
 * @throws SAXException Throws exception if required features and
 *                      properties cannot be found.
 */
public void reset(XMLComponentManager componentManager)
throws XMLConfigurationException {

            fParserSettings = componentManager.getFeature(PARSER_SETTINGS, true);

            if (!fParserSettings) {
                    // parser settings have not been changed
                    init();
                    return;
            }


    // Xerces properties
    fSymbolTable = (SymbolTable)componentManager.getProperty(SYMBOL_TABLE);
    fErrorReporter = (XMLErrorReporter)componentManager.getProperty(ERROR_REPORTER);
    fEntityManager = (XMLEntityManager)componentManager.getProperty(ENTITY_MANAGER);
    fSecurityManager = (XMLSecurityManager)componentManager.getProperty(SECURITY_MANAGER);

    //this step is extra because we have separated the storage of entity
    fEntityStore = fEntityManager.getEntityStore() ;

    // sax features
    fValidation = componentManager.getFeature(VALIDATION, false);
    fNamespaces = componentManager.getFeature(NAMESPACES, true);
    fNotifyCharRefs = componentManager.getFeature(NOTIFY_CHAR_REFS, false);

    init();
}
 
Example #18
Source File: StreamValidatorHelper.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
private XMLParserConfiguration initialize() {
    XML11Configuration config = new XML11Configuration();
    if (fComponentManager.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING)) {
        config.setProperty(SECURITY_MANAGER, new XMLSecurityManager());
    }
    config.setProperty(ENTITY_RESOLVER, fComponentManager.getProperty(ENTITY_RESOLVER));
    config.setProperty(ERROR_HANDLER, fComponentManager.getProperty(ERROR_HANDLER));
    XMLErrorReporter errorReporter = (XMLErrorReporter) fComponentManager.getProperty(ERROR_REPORTER);
    config.setProperty(ERROR_REPORTER, errorReporter);
    // add message formatters
    if (errorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) {
        XMLMessageFormatter xmft = new XMLMessageFormatter();
        errorReporter.putMessageFormatter(XMLMessageFormatter.XML_DOMAIN, xmft);
        errorReporter.putMessageFormatter(XMLMessageFormatter.XMLNS_DOMAIN, xmft);
    }
    config.setProperty(SYMBOL_TABLE, fComponentManager.getProperty(SYMBOL_TABLE));
    config.setProperty(VALIDATION_MANAGER, fComponentManager.getProperty(VALIDATION_MANAGER));
    config.setDocumentHandler(fSchemaValidator);
    config.setDTDHandler(null);
    config.setDTDContentModelHandler(null);
    config.setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER,
            fComponentManager.getProperty(Constants.XML_SECURITY_PROPERTY_MANAGER));
    config.setProperty(Constants.SECURITY_MANAGER,
            fComponentManager.getProperty(Constants.SECURITY_MANAGER));
    fConfiguration = new SoftReference(config);
    return config;
}
 
Example #19
Source File: StreamValidatorHelper.java    From JDKSourceCode1.8 with MIT License 5 votes vote down vote up
private XMLParserConfiguration initialize() {
    XML11Configuration config = new XML11Configuration();
    if (fComponentManager.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING)) {
        config.setProperty(SECURITY_MANAGER, new XMLSecurityManager());
    }
    config.setProperty(ENTITY_RESOLVER, fComponentManager.getProperty(ENTITY_RESOLVER));
    config.setProperty(ERROR_HANDLER, fComponentManager.getProperty(ERROR_HANDLER));
    XMLErrorReporter errorReporter = (XMLErrorReporter) fComponentManager.getProperty(ERROR_REPORTER);
    config.setProperty(ERROR_REPORTER, errorReporter);
    // add message formatters
    if (errorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) {
        XMLMessageFormatter xmft = new XMLMessageFormatter();
        errorReporter.putMessageFormatter(XMLMessageFormatter.XML_DOMAIN, xmft);
        errorReporter.putMessageFormatter(XMLMessageFormatter.XMLNS_DOMAIN, xmft);
    }
    config.setProperty(SYMBOL_TABLE, fComponentManager.getProperty(SYMBOL_TABLE));
    config.setProperty(VALIDATION_MANAGER, fComponentManager.getProperty(VALIDATION_MANAGER));
    config.setDocumentHandler(fSchemaValidator);
    config.setDTDHandler(null);
    config.setDTDContentModelHandler(null);
    config.setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER,
            fComponentManager.getProperty(Constants.XML_SECURITY_PROPERTY_MANAGER));
    config.setProperty(Constants.SECURITY_MANAGER,
            fComponentManager.getProperty(Constants.SECURITY_MANAGER));
    fConfiguration = new SoftReference(config);
    return config;
}
 
Example #20
Source File: XMLSchemaValidatorComponentManager.java    From JDKSourceCode1.8 with MIT License 5 votes vote down vote up
/**
 * Sets the state of a property.
 *
 * @param propertyId The unique identifier (URI) of the property.
 * @param value The requested state of the property.
 *
 * @exception XMLConfigurationException If the requested property is not known.
 */
public void setProperty(String propertyId, Object value) throws XMLConfigurationException {
    if ( ENTITY_MANAGER.equals(propertyId) || ERROR_REPORTER.equals(propertyId) ||
         NAMESPACE_CONTEXT.equals(propertyId) || SCHEMA_VALIDATOR.equals(propertyId) ||
         SYMBOL_TABLE.equals(propertyId) || VALIDATION_MANAGER.equals(propertyId) ||
         XMLGRAMMAR_POOL.equals(propertyId)) {
        throw new XMLConfigurationException(Status.NOT_SUPPORTED, propertyId);
    }
    fConfigUpdated = true;
    fEntityManager.setProperty(propertyId, value);
    fErrorReporter.setProperty(propertyId, value);
    fSchemaValidator.setProperty(propertyId, value);
    if (ENTITY_RESOLVER.equals(propertyId) || ERROR_HANDLER.equals(propertyId) ||
            SECURITY_MANAGER.equals(propertyId)) {
        fComponents.put(propertyId, value);
        return;
    }
    else if (LOCALE.equals(propertyId)) {
        setLocale((Locale) value);
        fComponents.put(propertyId, value);
        return;
    }
    //check if the property is managed by security manager
    if (fInitSecurityManager == null ||
            !fInitSecurityManager.setLimit(propertyId, XMLSecurityManager.State.APIPROPERTY, value)) {
        //check if the property is managed by security property manager
        if (fSecurityPropertyMgr == null ||
                !fSecurityPropertyMgr.setValue(propertyId, XMLSecurityPropertyManager.State.APIPROPERTY, value)) {
            //fall back to the existing property manager
            if (!fInitProperties.containsKey(propertyId)) {
                fInitProperties.put(propertyId, super.getProperty(propertyId));
            }
            super.setProperty(propertyId, value);
        }
    }
}
 
Example #21
Source File: XMLSchemaValidatorComponentManager.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Sets the state of a property.
 *
 * @param propertyId The unique identifier (URI) of the property.
 * @param value The requested state of the property.
 *
 * @exception XMLConfigurationException If the requested property is not known.
 */
public void setProperty(String propertyId, Object value) throws XMLConfigurationException {
    if ( ENTITY_MANAGER.equals(propertyId) || ERROR_REPORTER.equals(propertyId) ||
         NAMESPACE_CONTEXT.equals(propertyId) || SCHEMA_VALIDATOR.equals(propertyId) ||
         SYMBOL_TABLE.equals(propertyId) || VALIDATION_MANAGER.equals(propertyId) ||
         XMLGRAMMAR_POOL.equals(propertyId)) {
        throw new XMLConfigurationException(Status.NOT_SUPPORTED, propertyId);
    }
    fConfigUpdated = true;
    fEntityManager.setProperty(propertyId, value);
    fErrorReporter.setProperty(propertyId, value);
    fSchemaValidator.setProperty(propertyId, value);
    if (ENTITY_RESOLVER.equals(propertyId) || ERROR_HANDLER.equals(propertyId) ||
            SECURITY_MANAGER.equals(propertyId)) {
        fComponents.put(propertyId, value);
        return;
    }
    else if (LOCALE.equals(propertyId)) {
        setLocale((Locale) value);
        fComponents.put(propertyId, value);
        return;
    }
    //check if the property is managed by security manager
    if (fInitSecurityManager == null ||
            !fInitSecurityManager.setLimit(propertyId, XMLSecurityManager.State.APIPROPERTY, value)) {
        //check if the property is managed by security property manager
        if (fSecurityPropertyMgr == null ||
                !fSecurityPropertyMgr.setValue(propertyId, XMLSecurityPropertyManager.State.APIPROPERTY, value)) {
            //fall back to the existing property manager
            if (!fInitProperties.containsKey(propertyId)) {
                fInitProperties.put(propertyId, super.getProperty(propertyId));
            }
            super.setProperty(propertyId, value);
        }
    }
}
 
Example #22
Source File: XMLScanner.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
/**
 * Sets the value of a property during parsing.
 *
 * @param propertyId
 * @param value
 */
public void setProperty(String propertyId, Object value)
throws XMLConfigurationException {

    // Xerces properties
    if (propertyId.startsWith(Constants.XERCES_PROPERTY_PREFIX)) {
        String property =
                propertyId.substring(Constants.XERCES_PROPERTY_PREFIX.length());
        if (property.equals(Constants.SYMBOL_TABLE_PROPERTY)) {
            fSymbolTable = (SymbolTable)value;
        } else if (property.equals(Constants.ERROR_REPORTER_PROPERTY)) {
            fErrorReporter = (XMLErrorReporter)value;
        } else if (property.equals(Constants.ENTITY_MANAGER_PROPERTY)) {
            fEntityManager = (XMLEntityManager)value;
        }
    }

    if (propertyId.equals(SECURITY_MANAGER)) {
        fSecurityManager = (XMLSecurityManager)value;
    }
            /*else if(propertyId.equals(Constants.STAX_PROPERTIES)){
        fStaxProperties = (HashMap)value;
        //TODO::discuss with neeraj what are his thoughts on passing properties.
        //For now use this
    }*/

}
 
Example #23
Source File: XMLScanner.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Sets the value of a property during parsing.
 *
 * @param propertyId
 * @param value
 */
public void setProperty(String propertyId, Object value)
throws XMLConfigurationException {

    // Xerces properties
    if (propertyId.startsWith(Constants.XERCES_PROPERTY_PREFIX)) {
        String property =
                propertyId.substring(Constants.XERCES_PROPERTY_PREFIX.length());
        if (property.equals(Constants.SYMBOL_TABLE_PROPERTY)) {
            fSymbolTable = (SymbolTable)value;
        } else if (property.equals(Constants.ERROR_REPORTER_PROPERTY)) {
            fErrorReporter = (XMLErrorReporter)value;
        } else if (property.equals(Constants.ENTITY_MANAGER_PROPERTY)) {
            fEntityManager = (XMLEntityManager)value;
        }
    }

    if (propertyId.equals(SECURITY_MANAGER)) {
        fSecurityManager = (XMLSecurityManager)value;
    }
            /*else if(propertyId.equals(Constants.STAX_PROPERTIES)){
        fStaxProperties = (HashMap)value;
        //TODO::discuss with neeraj what are his thoughts on passing properties.
        //For now use this
    }*/

}
 
Example #24
Source File: XMLScanner.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 *
 *
 * @param componentManager The component manager.
 *
 * @throws SAXException Throws exception if required features and
 *                      properties cannot be found.
 */
public void reset(XMLComponentManager componentManager)
throws XMLConfigurationException {

            fParserSettings = componentManager.getFeature(PARSER_SETTINGS, true);

            if (!fParserSettings) {
                    // parser settings have not been changed
                    init();
                    return;
            }


    // Xerces properties
    fSymbolTable = (SymbolTable)componentManager.getProperty(SYMBOL_TABLE);
    fErrorReporter = (XMLErrorReporter)componentManager.getProperty(ERROR_REPORTER);
    fEntityManager = (XMLEntityManager)componentManager.getProperty(ENTITY_MANAGER);
    fSecurityManager = (XMLSecurityManager)componentManager.getProperty(SECURITY_MANAGER);

    //this step is extra because we have separated the storage of entity
    fEntityStore = fEntityManager.getEntityStore() ;

    // sax features
    fValidation = componentManager.getFeature(VALIDATION, false);
    fNamespaces = componentManager.getFeature(NAMESPACES, true);
    fNotifyCharRefs = componentManager.getFeature(NOTIFY_CHAR_REFS, false);

    init();
}
 
Example #25
Source File: XMLSchemaFactory.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
public XMLSchemaFactory() {
    fErrorHandlerWrapper = new ErrorHandlerWrapper(DraconianErrorHandler.getInstance());
    fDOMEntityResolverWrapper = new DOMEntityResolverWrapper();
    fXMLGrammarPoolWrapper = new XMLGrammarPoolWrapper();
    fXMLSchemaLoader.setFeature(SCHEMA_FULL_CHECKING, true);
    fXMLSchemaLoader.setProperty(XMLGRAMMAR_POOL, fXMLGrammarPoolWrapper);
    fXMLSchemaLoader.setEntityResolver(fDOMEntityResolverWrapper);
    fXMLSchemaLoader.setErrorHandler(fErrorHandlerWrapper);
    fUseGrammarPoolOnly = true;

    // Enable secure processing feature by default
    fSecurityManager = new XMLSecurityManager(true);
    fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);

    fSecurityPropertyMgr = new XMLSecurityPropertyManager();
    fXMLSchemaLoader.setProperty(XML_SECURITY_PROPERTY_MANAGER,
            fSecurityPropertyMgr);

    // use catalog
    fXMLSchemaLoader.setFeature(XMLConstants.USE_CATALOG, JdkXmlUtils.USE_CATALOG_DEFAULT);
    for (Feature f : Feature.values()) {
        fXMLSchemaLoader.setProperty(f.getPropertyName(), null);
    }

    fXMLSchemaLoader.setProperty(JdkXmlUtils.CDATA_CHUNK_SIZE, JdkXmlUtils.CDATA_CHUNK_SIZE_DEFAULT);
    fXmlFeatures = new JdkXmlFeatures(fSecurityManager.isSecureProcessing());
    fOverrideDefaultParser = fXmlFeatures.getFeature(
            JdkXmlFeatures.XmlFeature.JDK_OVERRIDE_PARSER);
    fXMLSchemaLoader.setFeature(JdkXmlUtils.OVERRIDE_PARSER, fOverrideDefaultParser);
}
 
Example #26
Source File: XMLSchemaValidatorComponentManager.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Sets the state of a property.
 *
 * @param propertyId The unique identifier (URI) of the property.
 * @param value The requested state of the property.
 *
 * @exception XMLConfigurationException If the requested property is not known.
 */
public void setProperty(String propertyId, Object value) throws XMLConfigurationException {
    if ( ENTITY_MANAGER.equals(propertyId) || ERROR_REPORTER.equals(propertyId) ||
         NAMESPACE_CONTEXT.equals(propertyId) || SCHEMA_VALIDATOR.equals(propertyId) ||
         SYMBOL_TABLE.equals(propertyId) || VALIDATION_MANAGER.equals(propertyId) ||
         XMLGRAMMAR_POOL.equals(propertyId)) {
        throw new XMLConfigurationException(Status.NOT_SUPPORTED, propertyId);
    }
    fConfigUpdated = true;
    fEntityManager.setProperty(propertyId, value);
    fErrorReporter.setProperty(propertyId, value);
    fSchemaValidator.setProperty(propertyId, value);
    if (ENTITY_RESOLVER.equals(propertyId) || ERROR_HANDLER.equals(propertyId) ||
            SECURITY_MANAGER.equals(propertyId)) {
        fComponents.put(propertyId, value);
        return;
    }
    else if (LOCALE.equals(propertyId)) {
        setLocale((Locale) value);
        fComponents.put(propertyId, value);
        return;
    }
    //check if the property is managed by security manager
    if (fInitSecurityManager == null ||
            !fInitSecurityManager.setLimit(propertyId, XMLSecurityManager.State.APIPROPERTY, value)) {
        //check if the property is managed by security property manager
        if (fSecurityPropertyMgr == null ||
                !fSecurityPropertyMgr.setValue(propertyId, XMLSecurityPropertyManager.State.APIPROPERTY, value)) {
            //fall back to the existing property manager
            if (!fInitProperties.containsKey(propertyId)) {
                fInitProperties.put(propertyId, super.getProperty(propertyId));
            }
            super.setProperty(propertyId, value);
        }
    }
}
 
Example #27
Source File: XMLEntityManager.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * If this constructor is used to create the object, reset() should be invoked on this object
 */
public XMLEntityManager() {
    //for entity managers not created by parsers
    fSecurityManager = new XMLSecurityManager(true);
    fEntityStorage = new XMLEntityStorage(this) ;
    setScannerVersion(Constants.XML_VERSION_1_0);
}
 
Example #28
Source File: CMNodeFactory.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
public void reset(XMLComponentManager componentManager){
    fErrorReporter = (XMLErrorReporter)componentManager.getProperty(ERROR_REPORTER);
    try {
        fSecurityManager = (XMLSecurityManager)componentManager.getProperty(SECURITY_MANAGER);
        //we are setting the limit of number of nodes to 3times the maxOccur value..
        if(fSecurityManager != null){
            maxNodeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_OCCUR_NODE_LIMIT) * MULTIPLICITY ;
        }
    }
    catch (XMLConfigurationException e) {
        fSecurityManager = null;
    }

}
 
Example #29
Source File: PropertyManager.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Initialize this object with the properties taken from passed PropertyManager object.
 */
public PropertyManager(PropertyManager propertyManager){

    HashMap properties = propertyManager.getProperties();
    supportedProps.putAll(properties);
    fSecurityManager = (XMLSecurityManager)getProperty(SECURITY_MANAGER);
    fSecurityPropertyMgr = (XMLSecurityPropertyManager)getProperty(XML_SECURITY_PROPERTY_MANAGER);
}
 
Example #30
Source File: XMLDocumentFragmentScannerImpl.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
public void reset(PropertyManager propertyManager){

        super.reset(propertyManager);

        // other settings
        // fDocumentSystemId = null;
        fNamespaces = ((Boolean)propertyManager.getProperty(XMLInputFactory.IS_NAMESPACE_AWARE)).booleanValue();
        fNotifyBuiltInRefs = false ;

        //fElementStack2.clear();
        //fReplaceEntityReferences = true;
        //fSupportExternalEntities = true;
        Boolean bo = (Boolean)propertyManager.getProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES);
        fReplaceEntityReferences = bo.booleanValue();
        bo = (Boolean)propertyManager.getProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES);
        fSupportExternalEntities = bo.booleanValue();
        Boolean cdata = (Boolean)propertyManager.getProperty(Constants.ZEPHYR_PROPERTY_PREFIX + Constants.STAX_REPORT_CDATA_EVENT) ;
        if(cdata != null)
            fReportCdataEvent = cdata.booleanValue() ;
        Boolean coalesce = (Boolean)propertyManager.getProperty(XMLInputFactory.IS_COALESCING) ;
        if(coalesce != null)
            fIsCoalesce = coalesce.booleanValue();
        fReportCdataEvent = fIsCoalesce ? false : (fReportCdataEvent && true) ;
        //if fIsCoalesce is set to true, set the value of fReplaceEntityReferences to true,
        //if fIsCoalesce is set to false, take the value of fReplaceEntityReferences as set by application
        fReplaceEntityReferences = fIsCoalesce ? true : fReplaceEntityReferences;
        // setup Driver
        //we dont need to do this -- nb.
        //setScannerState(SCANNER_STATE_CONTENT);
        //setDriver(fContentDriver);
        //fEntityManager.test();

         // JAXP 1.5 features and properties
        XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)
                propertyManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
        fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);

        fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(Constants.SECURITY_MANAGER);
        resetCommon();
    }