Mercurial > hg > openjdk > jdk6 > jaxws
changeset 104:dd61c8379fc0 jdk6-b44
8182054: Improve wsdl support
Summary: Also reviewed by Roman Grigoriadi <roman.grigoriadi@oracle.com>
Reviewed-by: joehw, lancea
author | aefimov |
---|---|
date | Sun, 25 Jun 2017 00:13:53 +0100 |
parents | 0a1cdee2df61 |
children | a3935742e68f |
files | drop_included/jaxws_src/src/com/sun/tools/internal/ws/wsdl/parser/DOMForest.java drop_included/jaxws_src/src/com/sun/xml/internal/ws/util/DOMUtil.java drop_included/jaxws_src/src/com/sun/xml/internal/ws/util/xml/XmlUtil.java |
diffstat | 3 files changed, 103 insertions(+), 14 deletions(-) [+] |
line wrap: on
line diff
--- a/drop_included/jaxws_src/src/com/sun/tools/internal/ws/wsdl/parser/DOMForest.java Tue May 23 13:19:25 2017 +0300 +++ b/drop_included/jaxws_src/src/com/sun/tools/internal/ws/wsdl/parser/DOMForest.java Sun Jun 25 00:13:53 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -36,6 +36,7 @@ import com.sun.tools.internal.xjc.reader.internalizer.LocatorTable; import com.sun.xml.internal.bind.marshaller.DataWriter; import com.sun.xml.internal.ws.util.JAXWSUtils; +import com.sun.xml.internal.ws.util.xml.XmlUtil; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; @@ -117,13 +118,11 @@ this.options = options; this.errorReceiver = errReceiver; this.logic = logic; + + DocumentBuilderFactory dbf = XmlUtil.newDocumentBuilderFactory(); + this.parserFactory = XmlUtil.newSAXParserFactory(); try { - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - dbf.setNamespaceAware(true); this.documentBuilder = dbf.newDocumentBuilder(); - - this.parserFactory = SAXParserFactory.newInstance(); - this.parserFactory.setNamespaceAware(true); } catch (ParserConfigurationException e) { throw new AssertionError(e); }
--- a/drop_included/jaxws_src/src/com/sun/xml/internal/ws/util/DOMUtil.java Tue May 23 13:19:25 2017 +0300 +++ b/drop_included/jaxws_src/src/com/sun/xml/internal/ws/util/DOMUtil.java Sun Jun 25 00:13:53 2017 +0100 @@ -25,6 +25,7 @@ package com.sun.xml.internal.ws.util; +import com.sun.xml.internal.ws.util.xml.XmlUtil; import org.w3c.dom.Document; import org.w3c.dom.NamedNodeMap; import org.w3c.dom.Node; @@ -63,8 +64,7 @@ synchronized (DOMUtil.class) { if (db == null) { try { - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - dbf.setNamespaceAware(true); + DocumentBuilderFactory dbf = XmlUtil.newDocumentBuilderFactory(); db = dbf.newDocumentBuilder(); } catch (ParserConfigurationException e) { throw new FactoryConfigurationError(e);
--- a/drop_included/jaxws_src/src/com/sun/xml/internal/ws/util/xml/XmlUtil.java Tue May 23 13:19:25 2017 +0300 +++ b/drop_included/jaxws_src/src/com/sun/xml/internal/ws/util/xml/XmlUtil.java Sun Jun 25 00:13:53 2017 +0100 @@ -36,14 +36,11 @@ import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.w3c.dom.Text; -import org.xml.sax.EntityResolver; -import org.xml.sax.ErrorHandler; -import org.xml.sax.SAXException; -import org.xml.sax.SAXParseException; -import org.xml.sax.XMLReader; -import org.xml.sax.InputSource; +import org.xml.sax.*; +import javax.xml.XMLConstants; import javax.xml.namespace.QName; +import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParserFactory; import javax.xml.transform.Result; @@ -61,11 +58,15 @@ import java.io.OutputStreamWriter; import java.io.Writer; import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Enumeration; import java.util.Iterator; import java.util.List; import java.util.StringTokenizer; +import java.util.logging.Level; +import java.util.logging.Logger; /** * @author WS Development Team @@ -74,6 +75,27 @@ private final static String LEXICAL_HANDLER_PROPERTY = "http://xml.org/sax/properties/lexical-handler"; + private static final String DISALLOW_DOCTYPE_DECL = "http://apache.org/xml/features/disallow-doctype-decl"; + + private static final String EXTERNAL_GE = "http://xml.org/sax/features/external-general-entities"; + + private static final String EXTERNAL_PE = "http://xml.org/sax/features/external-parameter-entities"; + + private static final String LOAD_EXTERNAL_DTD = "http://apache.org/xml/features/nonvalidating/load-external-dtd"; + + private static final Logger LOGGER = Logger.getLogger(XmlUtil.class.getName()); + + private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.ws.disableXmlSecurity"; + + private static boolean XML_SECURITY_DISABLED = AccessController.doPrivileged( + new PrivilegedAction<Boolean>() { + @Override + public Boolean run() { + return Boolean.getBoolean(DISABLE_XML_SECURITY); + } + } + ); + public static String getPrefix(String s) { int i = s.indexOf(':'); if (i == -1) @@ -317,4 +339,72 @@ throw exception; } }; + + public static DocumentBuilderFactory newDocumentBuilderFactory() { + return newDocumentBuilderFactory(false); + } + + public static DocumentBuilderFactory newDocumentBuilderFactory(boolean disableSecurity) { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + String featureToSet = XMLConstants.FEATURE_SECURE_PROCESSING; + try { + boolean securityOn = !isXMLSecurityDisabled(disableSecurity); + factory.setFeature(featureToSet, securityOn); + factory.setNamespaceAware(true); + if (securityOn) { + factory.setExpandEntityReferences(false); + featureToSet = DISALLOW_DOCTYPE_DECL; + factory.setFeature(featureToSet, true); + featureToSet = EXTERNAL_GE; + factory.setFeature(featureToSet, false); + featureToSet = EXTERNAL_PE; + factory.setFeature(featureToSet, false); + featureToSet = LOAD_EXTERNAL_DTD; + factory.setFeature(featureToSet, false); + } + } catch (ParserConfigurationException e) { + LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support "+featureToSet+" feature!", new Object[] {factory.getClass().getName()} ); + } + return factory; + } + + + private static boolean isXMLSecurityDisabled(boolean runtimeDisabled) { + return XML_SECURITY_DISABLED || runtimeDisabled; + } + + public static SAXParserFactory newSAXParserFactory() { + return newSAXParserFactory(false); + } + + public static SAXParserFactory newSAXParserFactory(boolean disableSecurity) { + SAXParserFactory factory = SAXParserFactory.newInstance(); + String featureToSet = XMLConstants.FEATURE_SECURE_PROCESSING; + boolean issueWarning = false; + try { + boolean securityOn = !isXMLSecurityDisabled(disableSecurity); + factory.setFeature(featureToSet, securityOn); + factory.setNamespaceAware(true); + if (securityOn) { + featureToSet = DISALLOW_DOCTYPE_DECL; + factory.setFeature(featureToSet, true); + featureToSet = EXTERNAL_GE; + factory.setFeature(featureToSet, false); + featureToSet = EXTERNAL_PE; + factory.setFeature(featureToSet, false); + featureToSet = LOAD_EXTERNAL_DTD; + factory.setFeature(featureToSet, false); + } + } catch (ParserConfigurationException e) { + issueWarning = true; + } catch (SAXNotRecognizedException e) { + issueWarning = true; + } catch (SAXNotSupportedException e) { + issueWarning = true; + } + if (issueWarning) { + LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support "+featureToSet+" feature!", new Object[]{factory.getClass().getName()}); + } + return factory; + } }