# HG changeset patch # User andrew # Date 1366292290 -3600 # Node ID 3ce1593f819e0c137d69e69598d2305e15de51ad # Parent 691f82a0de0b1d3d6d68411bcd6a72406f5d91bc 6657673: Issues with JAXP Reviewed-by: alanb, lancea, ahgross, mullan diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/bcel/internal/classfile/JavaClass.java --- a/sources/jaxp_src/src/com/sun/org/apache/bcel/internal/classfile/JavaClass.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/bcel/internal/classfile/JavaClass.java Thu Apr 18 14:38:10 2013 +0100 @@ -63,6 +63,7 @@ import com.sun.org.apache.bcel.internal.util.ClassVector; import com.sun.org.apache.bcel.internal.util.ClassQueue; import com.sun.org.apache.bcel.internal.generic.Type; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.io.*; import java.util.StringTokenizer; @@ -77,6 +78,7 @@ * class file. Those interested in programatically generating classes * should see the ClassGen class. + * @version $Id: JavaClass.java,v 1.4 2007-07-19 04:34:42 ofung Exp $ * @see com.sun.org.apache.bcel.internal.generic.ClassGen * @author M. Dahm */ @@ -451,9 +453,9 @@ String debug = null, sep = null; try { - debug = System.getProperty("JavaClass.debug"); + debug = SecuritySupport.getSystemProperty("JavaClass.debug"); // Get path separator either / or \ usually - sep = System.getProperty("file.separator"); + sep = SecuritySupport.getSystemProperty("file.separator"); } catch (SecurityException e) { // falls through diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/Class2HTML.java --- a/sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/Class2HTML.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/Class2HTML.java Thu Apr 18 14:38:10 2013 +0100 @@ -82,6 +82,7 @@ * method in the Method's frame will jump to the appropiate method in * the Code frame. * + * @version $Id: Class2HTML.java,v 1.3 2007-07-19 04:34:52 ofung Exp $ * @author M. Dahm */ public class Class2HTML implements Constants @@ -137,7 +138,7 @@ ClassParser parser=null; JavaClass java_class=null; String zip_file = null; - char sep = System.getProperty("file.separator").toCharArray()[0]; + char sep = SecuritySupport.getSystemProperty("file.separator").toCharArray()[0]; String dir = "." + sep; // Where to store HTML files try { diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/ClassPath.java --- a/sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/ClassPath.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/ClassPath.java Thu Apr 18 14:38:10 2013 +0100 @@ -66,6 +66,7 @@ * Responsible for loading (class) files from the CLASSPATH. Inspired by * sun.tools.ClassPath. * + * @version $Id: ClassPath.java,v 1.4 2007-07-19 04:34:52 ofung Exp $ * @author M. Dahm */ public class ClassPath implements Serializable { @@ -83,7 +84,7 @@ ArrayList vec = new ArrayList(); for(StringTokenizer tok=new StringTokenizer(class_path, - System.getProperty("path.separator")); + SecuritySupport.getSystemProperty("path.separator")); tok.hasMoreTokens();) { String path = tok.nextToken(); @@ -92,7 +93,7 @@ File file = new File(path); try { - if(file.exists()) { + if(SecuritySupport.getFileExists(file)) { if(file.isDirectory()) vec.add(new Dir(path)); else @@ -143,8 +144,9 @@ String name = tok.nextToken(); File file = new File(name); - if(file.exists()) + if(SecuritySupport.getFileExists(file)) { list.add(name); + } } } } @@ -159,9 +161,9 @@ String class_path, boot_path, ext_path; try { - class_path = System.getProperty("java.class.path"); - boot_path = System.getProperty("sun.boot.class.path"); - ext_path = System.getProperty("java.ext.dirs"); + class_path = SecuritySupport.getSystemProperty("java.class.path"); + boot_path = SecuritySupport.getSystemProperty("sun.boot.class.path"); + ext_path = SecuritySupport.getSystemProperty("java.ext.dirs"); } catch (SecurityException e) { return ""; @@ -176,8 +178,8 @@ getPathComponents(ext_path, dirs); for(Iterator e = dirs.iterator(); e.hasNext(); ) { - File ext_dir = new File((String)e.next()); - String[] extensions = ext_dir.list(new FilenameFilter() { + File ext_dir = new File((String)e.next()); + String[] extensions = SecuritySupport.getFileList(ext_dir, new FilenameFilter() { public boolean accept(File dir, String name) { name = name.toLowerCase(); return name.endsWith(".zip") || name.endsWith(".jar"); @@ -342,7 +344,7 @@ final File file = new File(dir + File.separatorChar + name.replace('.', File.separatorChar) + suffix); - return file.exists()? new ClassFile() { + return SecuritySupport.getFileExists(file)? new ClassFile() { public InputStream getInputStream() throws IOException { return new FileInputStream(file); } public String getPath() { try { diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/JavaWrapper.java --- a/sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/JavaWrapper.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/bcel/internal/util/JavaWrapper.java Thu Apr 18 14:38:10 2013 +0100 @@ -72,6 +72,7 @@ *
java com.sun.org.apache.bcel.internal.util.JavaWrapper -Dbcel.classloader=foo.MyLoader <real.class.name> [arguments]* * + * @version $Id: JavaWrapper.java,v 1.3 2007-07-19 04:34:52 ofung Exp $ * @author M. Dahm * @see ClassLoader */ @@ -79,7 +80,7 @@ private java.lang.ClassLoader loader; private static java.lang.ClassLoader getClassLoader() { - String s = System.getProperty("bcel.classloader"); + String s = SecuritySupport.getSystemProperty("bcel.classloader"); if((s == null) || "".equals(s)) s = "com.sun.org.apache.bcel.internal.util.ClassLoader"; diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLMessages.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLMessages.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLMessages.java Thu Apr 18 14:38:10 2013 +0100 @@ -22,68 +22,72 @@ */ package com.sun.org.apache.xalan.internal.res; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.util.ListResourceBundle; import com.sun.org.apache.xpath.internal.res.XPATHMessages; /** - * Sets things up for issuing error messages. This class is misnamed, and - * should be called XalanMessages, or some such. + * Sets things up for issuing error messages. This class is misnamed, and should + * be called XalanMessages, or some such. + * * @xsl.usage internal */ -public class XSLMessages extends XPATHMessages -{ +public class XSLMessages extends XPATHMessages { - /** The language specific resource object for Xalan messages. */ - private static ListResourceBundle XSLTBundle = null; - - /** The class name of the Xalan error message string table. */ - private static final String XSLT_ERROR_RESOURCES = - "com.sun.org.apache.xalan.internal.res.XSLTErrorResources"; + /** + * The language specific resource object for Xalan messages. + */ + private static ListResourceBundle XSLTBundle = null; + /** + * The class name of the Xalan error message string table. + */ + private static final String XSLT_ERROR_RESOURCES = + "com.sun.org.apache.xalan.internal.res.XSLTErrorResources"; - /** - * Creates a message from the specified key and replacement - * arguments, localized to the given locale. - * - * @param msgKey The key for the message text. - * @param args The arguments to be used as replacement text - * in the message created. - * - * @return The formatted message string. - */ - public static final String createMessage(String msgKey, Object args[]) //throws Exception - { - if (XSLTBundle == null) - XSLTBundle = loadResourceBundle(XSLT_ERROR_RESOURCES); - - if (XSLTBundle != null) + /** + * Creates a message from the specified key and replacement arguments, + * localized to the given locale. + * + * @param msgKey The key for the message text. + * @param args The arguments to be used as replacement text in the message + * created. + * + * @return The formatted message string. + */ + public static String createMessage(String msgKey, Object args[]) //throws Exception { - return createMsg(XSLTBundle, msgKey, args); + if (XSLTBundle == null) { + XSLTBundle = SecuritySupport.getResourceBundle(XSLT_ERROR_RESOURCES); + } + + if (XSLTBundle != null) { + return createMsg(XSLTBundle, msgKey, args); + } else { + return "Could not load any resource bundles."; + } } - else - return "Could not load any resource bundles."; - } - /** - * Creates a message from the specified key and replacement - * arguments, localized to the given locale. - * - * @param msgKey The key for the message text. - * @param args The arguments to be used as replacement text - * in the message created. - * - * @return The formatted warning string. - */ - public static final String createWarning(String msgKey, Object args[]) //throws Exception - { - if (XSLTBundle == null) - XSLTBundle = loadResourceBundle(XSLT_ERROR_RESOURCES); + /** + * Creates a message from the specified key and replacement arguments, + * localized to the given locale. + * + * @param msgKey The key for the message text. + * @param args The arguments to be used as replacement text in the message + * created. + * + * @return The formatted warning string. + */ + public static String createWarning(String msgKey, Object args[]) //throws Exception + { + if (XSLTBundle == null) { + XSLTBundle = SecuritySupport.getResourceBundle(XSLT_ERROR_RESOURCES); + } - if (XSLTBundle != null) - { - return createMsg(XSLTBundle, msgKey, args); + if (XSLTBundle != null) { + return createMsg(XSLTBundle, msgKey, args); + } else { + return "Could not load any resource bundles."; + } } - else - return "Could not load any resource bundles."; - } } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_de.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_de.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_de.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_es.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_es.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_es.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_fr.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_fr.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_fr.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_it.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_it.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_it.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_ja.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_ja.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_ja.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_ko.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_ko.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_ko.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_pt_BR.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_pt_BR.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_pt_BR.java Thu Apr 18 14:38:10 2013 +0100 @@ -1449,68 +1449,5 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); - } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_sv.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_sv.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_sv.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_zh_CN.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_zh_CN.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_zh_CN.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_zh_TW.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_zh_TW.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/res/XSLTErrorResources_zh_TW.java Thu Apr 18 14:38:10 2013 +0100 @@ -1448,68 +1448,4 @@ public static final String QUERY_HEADER = "PATTERN "; - /** - * Return a named ResourceBundle for a particular locale. This method mimics the behavior - * of ResourceBundle.getBundle(). - * - * @param className the name of the class that implements the resource bundle. - * @return the ResourceBundle - * @throws MissingResourceException - */ - public static final XSLTErrorResources loadResourceBundle(String className) - throws MissingResourceException - { - - Locale locale = Locale.getDefault(); - String suffix = getResourceSuffix(locale); - - try - { - - // first try with the given locale - return (XSLTErrorResources) ResourceBundle.getBundle(className - + suffix, locale); } - catch (MissingResourceException e) - { - try // try to fall back to en_US if we can't load - { - - // Since we can't find the localized property file, - // fall back to en_US. - return (XSLTErrorResources) ResourceBundle.getBundle(className, - new Locale("en", "US")); - } - catch (MissingResourceException e2) - { - - // Now we are really in trouble. - // very bad, definitely very bad...not going to get very far - throw new MissingResourceException( - "Could not load any resource bundles.", className, ""); - } - } - } - - /** - * Return the resource file suffic for the indicated locale - * For most locales, this will be based the language code. However - * for Chinese, we do distinguish between Taiwan and PRC - * - * @param locale the locale - * @return an String suffix which canbe appended to a resource name - */ - private static final String getResourceSuffix(Locale locale) - { - - String suffix = "_" + locale.getLanguage(); - String country = locale.getCountry(); - - if (country.equals("TW")) - suffix += "_" + country; - - return suffix; - } - - -} diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xslt/EnvironmentCheck.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xslt/EnvironmentCheck.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xslt/EnvironmentCheck.java Thu Apr 18 14:38:10 2013 +0100 @@ -22,6 +22,8 @@ */ package com.sun.org.apache.xalan.internal.xslt; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; + import java.io.File; import java.io.FileWriter; import java.io.PrintWriter; @@ -572,7 +574,7 @@ // Grab java version for later use try { - String javaVersion = System.getProperty("java.version"); + String javaVersion = SecuritySupport.getSystemProperty("java.version"); h.put("java.version", javaVersion); } @@ -591,7 +593,7 @@ { // This is present in all JVM's - String cp = System.getProperty("java.class.path"); + String cp = SecuritySupport.getSystemProperty("java.class.path"); h.put("java.class.path", cp); @@ -601,7 +603,7 @@ h.put(FOUNDCLASSES + "java.class.path", classpathJars); // Also check for JDK 1.2+ type classpaths - String othercp = System.getProperty("sun.boot.class.path"); + String othercp = SecuritySupport.getSystemProperty("sun.boot.class.path"); if (null != othercp) { @@ -615,7 +617,7 @@ //@todo NOTE: We don't actually search java.ext.dirs for // *.jar files therein! This should be updated - othercp = System.getProperty("java.ext.dirs"); + othercp = SecuritySupport.getSystemProperty("java.ext.dirs"); if (null != othercp) { @@ -1012,7 +1014,7 @@ Class clazz = ObjectFactory.findProviderClass( DOM_CLASS, ObjectFactory.findClassLoader(), true); - Method method = clazz.getMethod(DOM_LEVEL3_METHOD, null); + Method method = clazz.getMethod(DOM_LEVEL3_METHOD, (Class>[])null); // If we succeeded, we have loaded interfaces from a // level 3 DOM somewhere diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xslt/Process.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xslt/Process.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xslt/Process.java Thu Apr 18 14:38:10 2013 +0100 @@ -55,6 +55,8 @@ import com.sun.org.apache.xalan.internal.Version; import com.sun.org.apache.xalan.internal.res.XSLMessages; import com.sun.org.apache.xalan.internal.res.XSLTErrorResources; +import com.sun.org.apache.xalan.internal.utils.ConfigurationError; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; //J2SE does not support Xalan interpretive /* @@ -178,7 +180,7 @@ java.io.PrintWriter diagnosticsWriter = new PrintWriter(System.err, true); java.io.PrintWriter dumpWriter = diagnosticsWriter; ResourceBundle resbundle = - (XSLMessages.loadResourceBundle( + (SecuritySupport.getResourceBundle( com.sun.org.apache.xml.internal.utils.res.XResourceBundle.ERROR_RESOURCES)); String flavor = "s2s"; @@ -462,7 +464,7 @@ tfactory.setURIResolver(uriResolver); } - catch (ObjectFactory.ConfigurationError cnfe) + catch (ConfigurationError cnfe) { msg = XSLMessages.createMessage( XSLTErrorResources.ER_CLASS_NOT_FOUND_FOR_OPTION, diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Parser.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Parser.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Parser.java Thu Apr 18 14:38:10 2013 +0100 @@ -400,7 +400,7 @@ } } catch (TypeCheckError e) { - reportError(ERROR, new ErrorMsg(e)); + reportError(ERROR, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); } } @@ -420,7 +420,7 @@ } catch (IOException e) { if (_xsltc.debug()) e.printStackTrace(); - reportError(ERROR,new ErrorMsg(e)); + reportError(ERROR,new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); } catch (SAXException e) { Throwable ex = e.getException(); @@ -428,15 +428,15 @@ e.printStackTrace(); if (ex != null) ex.printStackTrace(); } - reportError(ERROR, new ErrorMsg(e)); + reportError(ERROR, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); } catch (CompilerException e) { if (_xsltc.debug()) e.printStackTrace(); - reportError(ERROR, new ErrorMsg(e)); + reportError(ERROR, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); } catch (Exception e) { if (_xsltc.debug()) e.printStackTrace(); - reportError(ERROR, new ErrorMsg(e)); + reportError(ERROR, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); } return null; } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/XSLTC.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/XSLTC.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/XSLTC.java Thu Apr 18 14:38:10 2013 +0100 @@ -41,10 +41,12 @@ import java.util.jar.Manifest; import com.sun.org.apache.bcel.internal.classfile.JavaClass; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg; import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Util; import com.sun.org.apache.xml.internal.dtm.DTM; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import org.xml.sax.InputSource; import org.xml.sax.XMLReader; @@ -257,7 +259,7 @@ return compile(input, _className); } catch (IOException e) { - _parser.reportError(Constants.FATAL, new ErrorMsg(e)); + _parser.reportError(Constants.FATAL, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); return false; } } @@ -276,7 +278,7 @@ return compile(input, name); } catch (IOException e) { - _parser.reportError(Constants.FATAL, new ErrorMsg(e)); + _parser.reportError(Constants.FATAL, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); return false; } } @@ -361,11 +363,11 @@ } catch (Exception e) { /*if (_debug)*/ e.printStackTrace(); - _parser.reportError(Constants.FATAL, new ErrorMsg(e)); + _parser.reportError(Constants.FATAL, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); } catch (Error e) { if (_debug) e.printStackTrace(); - _parser.reportError(Constants.FATAL, new ErrorMsg(e)); + _parser.reportError(Constants.FATAL, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e)); } finally { _reader = null; // reset this here to be sure it is not re-used @@ -573,7 +575,7 @@ */ public boolean setDestDirectory(String dstDirName) { final File dir = new File(dstDirName); - if (dir.exists() || dir.mkdirs()) { + if (SecuritySupport.getFileExists(dir) || dir.mkdirs()) { _destDir = dir; return true; } @@ -746,7 +748,7 @@ String parentDir = outFile.getParent(); if (parentDir != null) { File parentFile = new File(parentDir); - if (!parentFile.exists()) + if (!SecuritySupport.getFileExists(parentFile)) parentFile.mkdirs(); } } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages.java Thu Apr 18 14:38:10 2013 +0100 @@ -941,7 +941,13 @@ "Cannot set the feature ''{0}'' on this TransformerFactory."}, {ErrorMsg.JAXP_SECUREPROCESSING_FEATURE, - "FEATURE_SECURE_PROCESSING: Cannot set the feature to false when security manager is present."} + "FEATURE_SECURE_PROCESSING: Cannot set the feature to false when security manager is present."}, + + {ErrorMsg.DESERIALIZE_TRANSLET_ERR, "When Java security is enabled, " + + "support for deserializing TemplatesImpl is disabled." + + "This can be overridden by setting the jdk.xml.enableTemplatesImplDeserialization" + + " system property to true."} + }; /** Get the lookup table for error messages. diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMsg.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMsg.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMsg.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,6 +23,7 @@ package com.sun.org.apache.xalan.internal.xsltc.compiler.util; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.text.MessageFormat; import java.util.Locale; import java.util.ResourceBundle; @@ -46,6 +47,8 @@ Object[] _params = null; private boolean _isWarningError; + Throwable _cause; + // Compiler error messages public static final String MULTIPLE_STYLESHEET_ERR = "MULTIPLE_STYLESHEET_ERR"; public static final String TEMPLATE_REDEF_ERR = "TEMPLATE_REDEF_ERR"; @@ -157,6 +160,8 @@ public static final String INVALID_NCNAME_ERR = "INVALID_NCNAME_ERR"; public static final String INVALID_METHOD_IN_OUTPUT = "INVALID_METHOD_IN_OUTPUT"; + public static final String DESERIALIZE_TRANSLET_ERR = "DESERIALIZE_TEMPLATES_ERR"; + // All error messages are localized and are stored in resource bundles. // This array and the following 4 strings are read from that bundle. private static ResourceBundle _bundle; @@ -167,7 +172,7 @@ public final static String RUNTIME_ERROR_KEY = "RUNTIME_ERROR_KEY"; static { - _bundle = ResourceBundle.getBundle( + _bundle = SecuritySupport.getResourceBundle( "com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMessages", Locale.getDefault()); } @@ -177,10 +182,11 @@ _line = 0; } - public ErrorMsg(Throwable e) { - _code = null; + public ErrorMsg(String code, Throwable e) { + _code = code; _message = e.getMessage(); _line = 0; + _cause = e; } public ErrorMsg(String message, int line) { @@ -232,6 +238,10 @@ _params[1] = param2; } + public Throwable getCause() { + return _cause; + } + private String getFileName(SyntaxTreeNode node) { Stylesheet stylesheet = node.getStylesheet(); if (stylesheet != null) diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/Util.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/Util.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/Util.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.StringTokenizer; import com.sun.org.apache.bcel.internal.generic.Type; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import com.sun.org.apache.xalan.internal.xsltc.compiler.Constants; import com.sun.org.apache.xml.internal.utils.XML11Char; @@ -37,7 +38,7 @@ private static char filesep; static { - String temp = System.getProperty("file.separator", "/"); + String temp = SecuritySupport.getSystemProperty("file.separator", "/"); filesep = temp.charAt(0); } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/dom/NodeSortRecord.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/dom/NodeSortRecord.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/dom/NodeSortRecord.java Thu Apr 18 14:38:10 2013 +0100 @@ -32,6 +32,7 @@ import com.sun.org.apache.xalan.internal.xsltc.TransletException; import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet; import com.sun.org.apache.xml.internal.utils.StringComparable; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; /** * Base class for sort records containing application specific sort keys @@ -111,7 +112,7 @@ try { // -- W. Eliot Kimber (eliot@isogen.com) colFactClassname = - System.getProperty("com.sun.org.apache.xalan.internal.xsltc.COLLATOR_FACTORY"); + SecuritySupport.getSystemProperty("com.sun.org.apache.xalan.internal.xsltc.COLLATOR_FACTORY"); } catch (SecurityException e) { // If we can't read the propery, just use default collator diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/runtime/BasisLibrary.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/runtime/BasisLibrary.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/runtime/BasisLibrary.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,6 +23,7 @@ package com.sun.org.apache.xalan.internal.xsltc.runtime; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.text.DecimalFormat; import java.text.DecimalFormatSymbols; import java.text.FieldPosition; @@ -1518,7 +1519,7 @@ static { String resource = "com.sun.org.apache.xalan.internal.xsltc.runtime.ErrorMessages"; - m_bundle = ResourceBundle.getBundle(resource); + m_bundle = SecuritySupport.getResourceBundle(resource); } /** diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/runtime/output/WriterOutputBuffer.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/runtime/output/WriterOutputBuffer.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/runtime/output/WriterOutputBuffer.java Thu Apr 18 14:38:10 2013 +0100 @@ -23,6 +23,7 @@ package com.sun.org.apache.xalan.internal.xsltc.runtime.output; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.io.BufferedWriter; import java.io.IOException; import java.io.Writer; @@ -36,7 +37,7 @@ static { // Set a larger buffer size for Solaris - final String osName = System.getProperty("os.name"); + final String osName = SecuritySupport.getSystemProperty("os.name"); if (osName.equalsIgnoreCase("solaris")) { BUFFER_SIZE = 32 * KB; } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesImpl.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesImpl.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesImpl.java Thu Apr 18 14:38:10 2013 +0100 @@ -42,6 +42,8 @@ import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg; import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet; import com.sun.org.apache.xalan.internal.xsltc.runtime.Hashtable; +import com.sun.org.apache.xalan.internal.utils.ObjectFactory; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; /** * @author Morten Jorgensen @@ -51,6 +53,8 @@ */ public final class TemplatesImpl implements Templates, Serializable { static final long serialVersionUID = 673094361519270707L; + public final static String DESERIALIZE_TRANSLET = "jdk.xml.enableTemplatesImplDeserialization"; + /** * Name of the superclass of all translets. This is needed to * determine which, among all classes comprising a translet, @@ -181,6 +185,15 @@ private void readObject(ObjectInputStream is) throws IOException, ClassNotFoundException { + SecurityManager security = System.getSecurityManager(); + if (security != null){ + String temp = SecuritySupport.getSystemProperty(DESERIALIZE_TRANSLET); + if (temp == null || !(temp.length()==0 || temp.equalsIgnoreCase("true"))) { + ErrorMsg err = new ErrorMsg(ErrorMsg.DESERIALIZE_TRANSLET_ERR); + throw new UnsupportedOperationException(err.toString()); + } + } + is.defaultReadObject(); if (is.readBoolean()) { _uriResolver = (URIResolver) is.readObject(); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java --- a/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java Thu Apr 18 14:38:10 2013 +0100 @@ -69,6 +69,7 @@ import com.sun.org.apache.xalan.internal.xsltc.compiler.XSLTC; import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg; import com.sun.org.apache.xalan.internal.xsltc.dom.XSLTCDTMManager; +import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import org.xml.sax.InputSource; @@ -839,8 +840,14 @@ // Check that the transformation went well before returning if (bytecodes == null) { - ErrorMsg err = new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR); - TransformerConfigurationException exc = new TransformerConfigurationException(err.toString()); + Vector errs = xsltc.getErrors(); + ErrorMsg err = null; + if (errs != null) { + err = (ErrorMsg)errs.get(errs.size()-1); + } else { + err = new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR); + } + TransformerConfigurationException exc = new TransformerConfigurationException(err.toString(), err.getCause()); // Pass compiler errors to the error listener if (_errorListener != null) { @@ -1187,7 +1194,7 @@ // Find the parent directory of the translet. String transletParentDir = transletFile.getParent(); if (transletParentDir == null) - transletParentDir = System.getProperty("user.dir"); + transletParentDir = SecuritySupport.getSystemProperty("user.dir"); File transletParentFile = new File(transletParentDir); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/dom/DOMMessageFormatter.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/dom/DOMMessageFormatter.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/dom/DOMMessageFormatter.java Thu Apr 18 14:38:10 2013 +0100 @@ -20,10 +20,10 @@ package com.sun.org.apache.xerces.internal.dom; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; -import java.util.PropertyResourceBundle; /** * Used to format DOM error messages, using the system locale. @@ -31,6 +31,7 @@ * @xerces.internal * * @author Sandy Gao, IBM + * @version $Id: DOMMessageFormatter.java,v 1.6 2010-11-01 04:39:38 joehw Exp $ */ public class DOMMessageFormatter { public static final String DOM_DOMAIN = "http://www.w3.org/dom/DOMTR"; @@ -122,13 +123,13 @@ */ public static void init(){ if (locale != null) { - domResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.DOMMessages", locale); - serResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSerializerMessages", locale); - xmlResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + domResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.DOMMessages", locale); + serResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSerializerMessages", locale); + xmlResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); }else{ - domResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.DOMMessages"); - serResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSerializerMessages"); - xmlResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + domResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.DOMMessages"); + serResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSerializerMessages"); + xmlResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java Thu Apr 18 14:38:10 2013 +0100 @@ -51,6 +51,7 @@ import com.sun.org.apache.xerces.internal.xni.XNIException; import com.sun.org.apache.xerces.internal.xni.parser.*; import com.sun.org.apache.xerces.internal.impl.Constants; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import com.sun.xml.internal.stream.Entity; import com.sun.org.apache.xerces.internal.xni.Augmentations; @@ -623,7 +624,7 @@ if (reader == null) { stream = xmlInputSource.getByteStream(); if (stream == null) { - URL location = new URL(escapeNonUSAscii(expandedSystemId)); + URL location = new URL(expandedSystemId); URLConnection connect = location.openConnection(); if (!(connect instanceof HttpURLConnection)) { stream = connect.getInputStream(); @@ -1760,7 +1761,7 @@ // get the user.dir property String userDir = ""; try { - userDir = System.getProperty("user.dir"); + userDir = SecuritySupport.getSystemProperty("user.dir"); } catch (SecurityException se) { } @@ -2619,64 +2620,6 @@ } // fixURI(String):String - /** - * Escape invalid URI characters. - * - * Passed a URI that contains invalid characters (like spaces, non-ASCII Unicode characters, and the like), - * this function percent encodes the invalid characters per the URI specification (i.e., as a sequence of - * %-encoded UTF-8 octets). - * - * N.B. There are two problems. If the URI contains a '%' character, that might be an indication that - * the URI has already been escaped by the author, or it might be an invalid '%'. In the former case, - * it's important not to escape it, or we'll wind up with invalid, doubly-escaped '%'s. In the latter, - * the URI is broken if we don't encode it. Similarly, a '#' character might be the start of a fragment - * identifier or it might be an invalid '#'. - * - * Given that the former is vastly more likely than the latter in each case (most users are familiar with - * the magic status of '%' and '#' and they occur relatively infrequently in filenames, and if the user parses - * a proper Java File, we will already have %-escaped the URI), we simply assume that %'s and #'s are legit. - * - * Very rarely, we may be wrong. If so, tell the user to fix the clearly broken URI. - */ - protected static String escapeNonUSAscii(String str) { - if (str == null) { - return str; - } - - // get UTF-8 bytes for the string - StringBuffer buffer = new StringBuffer(); - byte[] bytes = null; - byte b; - try { - bytes = str.getBytes("UTF-8"); - } catch (java.io.UnsupportedEncodingException e) { - // should never happen - return str; - } - int len = bytes.length; - int ch; - - // for each byte - for (int i = 0; i < len; i++) { - b = bytes[i]; - // for non-ascii character: make it positive, then escape - if (b < 0) { - ch = b + 256; - buffer.append('%'); - buffer.append(gHexChs[ch >> 4]); - buffer.append(gHexChs[ch & 0xf]); - } - else if (b != '%' && b != '#' && gNeedEscaping[b]) { - buffer.append('%'); - buffer.append(gAfterEscaping1[b]); - buffer.append(gAfterEscaping2[b]); - } - else { - buffer.append((char)b); - } - } - return buffer.toString(); - } // // Package visible methods diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/dv/DatatypeException.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/dv/DatatypeException.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/dv/DatatypeException.java Thu Apr 18 14:38:10 2013 +0100 @@ -20,6 +20,7 @@ package com.sun.org.apache.xerces.internal.impl.dv; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.ResourceBundle; import java.util.PropertyResourceBundle; import java.util.MissingResourceException; @@ -34,6 +35,7 @@ * * @author Sandy Gao, IBM * + * @version $Id: DatatypeException.java,v 1.6 2010-11-01 04:39:43 joehw Exp $ */ public class DatatypeException extends Exception { @@ -84,7 +86,7 @@ */ public String getMessage() { ResourceBundle resourceBundle = null; - resourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSchemaMessages"); + resourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSchemaMessages"); if (resourceBundle == null) throw new MissingResourceException("Property file not found!", "com.sun.org.apache.xerces.internal.impl.msg.XMLSchemaMessages", key); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter.java Thu Apr 18 14:38:10 2013 +0100 @@ -20,12 +20,11 @@ package com.sun.org.apache.xerces.internal.impl.msg; +import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; -import java.util.PropertyResourceBundle; - -import com.sun.org.apache.xerces.internal.util.MessageFormatter; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +33,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter.java 3020 2011-02-28 23:51:33Z joehw $ + * @version $Id: XMLMessageFormatter.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter implements MessageFormatter { @@ -72,12 +71,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_de.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_de.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_de.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_de.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_de.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_de implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_es.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_es.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_es.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_es.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_es.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_es implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_fr.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_fr.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_fr.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_fr.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_fr.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_fr implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_it.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_it.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_it.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_it.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_it.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_it implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_ja.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_ja.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_ja.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_ja.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_ja.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_ja implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_ko.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_ko.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_ko.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_ko.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_ko.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_ko implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_pt_BR.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_pt_BR.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_pt_BR.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_pt_BR.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_pt_BR.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_pt_BR implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_sv.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_sv.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_sv.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_sv.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_sv.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_sv implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_zh_CN.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_zh_CN.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_zh_CN.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_zh_CN.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_zh_CN.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_zh_CN implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_zh_TW.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_zh_TW.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessageFormatter_zh_TW.java Thu Apr 18 14:38:10 2013 +0100 @@ -26,6 +26,7 @@ import java.util.PropertyResourceBundle; import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; /** * XMLMessageFormatter provides error messages for the XML 1.0 Recommendation and for @@ -34,7 +35,7 @@ * @xerces.internal * * @author Eric Ye, IBM - * @version $Id: XMLMessageFormatter_zh_TW.java 3021 2011-03-01 00:12:28Z joehw $ + * @version $Id: XMLMessageFormatter_zh_TW.java 3094 2012-03-21 05:50:01Z joehw $ * */ public class XMLMessageFormatter_zh_TW implements MessageFormatter { @@ -72,12 +73,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/xpath/regex/RegexParser.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/xpath/regex/RegexParser.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/xpath/regex/RegexParser.java Thu Apr 18 14:38:10 2013 +0100 @@ -20,6 +20,7 @@ package com.sun.org.apache.xerces.internal.impl.xpath.regex; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; @@ -95,10 +96,10 @@ public void setLocale(Locale locale) { try { if (locale != null) { - this.resources = ResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.xpath.regex.message", locale); + this.resources = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.xpath.regex.message", locale); } else { - this.resources = ResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.xpath.regex.message"); + this.resources = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.xpath.regex.message"); } } catch (MissingResourceException mre) { diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/xs/XSMessageFormatter.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/xs/XSMessageFormatter.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/impl/xs/XSMessageFormatter.java Thu Apr 18 14:38:10 2013 +0100 @@ -20,11 +20,11 @@ package com.sun.org.apache.xerces.internal.impl.xs; +import com.sun.org.apache.xerces.internal.util.MessageFormatter; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; -import java.util.PropertyResourceBundle; -import com.sun.org.apache.xerces.internal.util.MessageFormatter; /** @@ -34,6 +34,7 @@ * @xerces.internal * * @author Elena Litani, IBM + * @version $Id: XSMessageFormatter.java,v 1.6 2010-11-01 04:39:55 joehw Exp $ */ public class XSMessageFormatter implements MessageFormatter { /** @@ -66,12 +67,12 @@ if (fResourceBundle == null || locale != fLocale) { if (locale != null) { - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSchemaMessages", locale); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSchemaMessages", locale); // memorize the most-recent locale fLocale = locale; } if (fResourceBundle == null) - fResourceBundle = PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSchemaMessages"); + fResourceBundle = SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.XMLSchemaMessages"); } String msg = fResourceBundle.getString(key); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/jaxp/validation/JAXPValidationMessageFormatter.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/jaxp/validation/JAXPValidationMessageFormatter.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/jaxp/validation/JAXPValidationMessageFormatter.java Thu Apr 18 14:38:10 2013 +0100 @@ -20,15 +20,16 @@ package com.sun.org.apache.xerces.internal.jaxp.validation; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; -import java.util.PropertyResourceBundle; /** *
Used to format JAXP Validation API error messages using a specified locale.
* * @author Michael Glavassevich, IBM + * @version $Id: JAXPValidationMessageFormatter.java,v 1.5 2010-11-01 04:40:08 joehw Exp $ */ final class JAXPValidationMessageFormatter { @@ -54,11 +55,11 @@ ResourceBundle resourceBundle = null; if (locale != null) { resourceBundle = - PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.JAXPValidationMessages", locale); + SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.JAXPValidationMessages", locale); } else { resourceBundle = - PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.JAXPValidationMessages"); + SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.JAXPValidationMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/DatatypeMessageFormatter.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/DatatypeMessageFormatter.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/DatatypeMessageFormatter.java Thu Apr 18 14:38:10 2013 +0100 @@ -20,15 +20,16 @@ package com.sun.org.apache.xerces.internal.util; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.Locale; import java.util.MissingResourceException; -import java.util.PropertyResourceBundle; import java.util.ResourceBundle; /** *Used to format JAXP 1.3 Datatype API error messages using a specified locale.
* * @author Neeraj Bajaj, Sun Microsystems + * @version $Id: DatatypeMessageFormatter.java,v 1.6 2010-11-01 04:40:14 joehw Exp $ */ public class DatatypeMessageFormatter { @@ -56,11 +57,11 @@ ResourceBundle resourceBundle = null; if (locale != null) { resourceBundle = - PropertyResourceBundle.getBundle(BASE_NAME, locale); + SecuritySupport.getResourceBundle(BASE_NAME, locale); } else { resourceBundle = - PropertyResourceBundle.getBundle(BASE_NAME); + SecuritySupport.getResourceBundle(BASE_NAME); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/SAXMessageFormatter.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/SAXMessageFormatter.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/SAXMessageFormatter.java Thu Apr 18 14:38:10 2013 +0100 @@ -19,16 +19,17 @@ */ package com.sun.org.apache.xerces.internal.util; +import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import java.util.Locale; import java.util.MissingResourceException; import java.util.ResourceBundle; -import java.util.PropertyResourceBundle; /** * Used to format SAX error messages using a specified locale. * * @author Michael Glavassevich, IBM * + * @version $Id: SAXMessageFormatter.java,v 1.6 2010-11-01 04:40:14 joehw Exp $ */ public class SAXMessageFormatter { @@ -54,11 +55,11 @@ ResourceBundle resourceBundle = null; if (locale != null) { resourceBundle = - PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.SAXMessages", locale); + SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.SAXMessages", locale); } else { resourceBundle = - PropertyResourceBundle.getBundle("com.sun.org.apache.xerces.internal.impl.msg.SAXMessages"); + SecuritySupport.getResourceBundle("com.sun.org.apache.xerces.internal.impl.msg.SAXMessages"); } // format message diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/SecurityManager.java --- a/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/SecurityManager.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/com/sun/org/apache/xerces/internal/util/SecurityManager.java Thu Apr 18 14:38:10 2013 +0100 @@ -61,6 +61,8 @@ package com.sun.org.apache.xerces.internal.util; import com.sun.org.apache.xerces.internal.impl.Constants; +import java.security.AccessController; +import java.security.PrivilegedAction; /** * This class is a container for parser settings that relate to * security, or more specifically, it is intended to be used to prevent denial-of-service @@ -77,6 +79,7 @@ * * @author Neil Graham, IBM * + * @version $Id: SecurityManager.java,v 1.5 2010-11-01 04:40:14 joehw Exp $ */ public final class SecurityManager { @@ -176,41 +179,48 @@ private void readSystemProperties(){ - //TODO: also read SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT - try { - String value = System.getProperty(Constants.ENTITY_EXPANSION_LIMIT); - if(value != null && !value.equals("")){ - entityExpansionLimit = Integer.parseInt(value); - if (entityExpansionLimit < 0) - entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; - } - else - entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; - }catch(Exception ex){} + //TODO: also read SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT + try { + String value = getSystemProperty(Constants.ENTITY_EXPANSION_LIMIT); + if(value != null && !value.equals("")){ + entityExpansionLimit = Integer.parseInt(value); + if (entityExpansionLimit < 0) + entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; + } + else + entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; + }catch(Exception ex){} - try { - String value = System.getProperty(Constants.MAX_OCCUR_LIMIT); - if(value != null && !value.equals("")){ - maxOccurLimit = Integer.parseInt(value); - if (maxOccurLimit < 0) - maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; - } - else - maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; - }catch(Exception ex){} + try { + String value = getSystemProperty(Constants.MAX_OCCUR_LIMIT); + if(value != null && !value.equals("")){ + maxOccurLimit = Integer.parseInt(value); + if (maxOccurLimit < 0) + maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; + } + else + maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; + }catch(Exception ex){} - try { - String value = System.getProperty(Constants.SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT); - if(value != null && !value.equals("")){ - fElementAttributeLimit = Integer.parseInt(value); - if ( fElementAttributeLimit < 0) - fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; - } - else - fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; + try { + String value = getSystemProperty(Constants.SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT); + if(value != null && !value.equals("")){ + fElementAttributeLimit = Integer.parseInt(value); + if ( fElementAttributeLimit < 0) + fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; + } + else + fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; }catch(Exception ex){} } + private String getSystemProperty(final String propName) { + return AccessController.doPrivileged(new PrivilegedActionnull
, first try using the
* context class loader followed by the current (i.e. bootstrap) class
* loader.
+ *
+ * Use bootstrap classLoader if cl = null and useBSClsLoader is true
*/
static private Class getProviderClass(String className, ClassLoader cl,
- boolean doFallback) throws ClassNotFoundException
+ boolean doFallback, boolean useBSClsLoader) throws ClassNotFoundException
{
try {
if (cl == null) {
- cl = ss.getContextClassLoader();
- if (cl == null) {
- throw new ClassNotFoundException();
- }
- else {
- return cl.loadClass(className);
+ if (useBSClsLoader) {
+ return Class.forName(className, true, FactoryFinder.class.getClassLoader());
+ } else {
+ cl = ss.getContextClassLoader();
+ if (cl == null) {
+ throw new ClassNotFoundException();
+ }
+ else {
+ return cl.loadClass(className);
+ }
}
}
else {
@@ -131,8 +138,8 @@
* @param className Name of the concrete class corresponding to the
* service provider
*
- * @param cl ClassLoader to use to load the class, null means to use
- * the bootstrap ClassLoader
+ * @param cl ClassLoader
used to load the factory class. If null
+ * current Thread
's context classLoader is used to load the factory class.
*
* @param doFallback True if the current ClassLoader should be tried as
* a fallback if the class is not found using cl
@@ -140,8 +147,38 @@
static Object newInstance(String className, ClassLoader cl, boolean doFallback)
throws ConfigurationError
{
+ return newInstance(className, cl, doFallback, false);
+ }
+
+ /**
+ * Create an instance of a class. Delegates to method
+ * getProviderClass()
in order to load the class.
+ *
+ * @param className Name of the concrete class corresponding to the
+ * service provider
+ *
+ * @param cl ClassLoader to use to load the class, null means to use
+ * the bootstrap ClassLoader
+ *
+ * @param doFallback True if the current ClassLoader should be tried as
+ * a fallback if the class is not found using cl
+ *
+ * @param useBSClsLoader True if cl=null actually meant bootstrap classLoader. This parameter
+ * is needed since DocumentBuilderFactory/SAXParserFactory defined null as context classLoader.
+ */
+ static Object newInstance(String className, ClassLoader cl, boolean doFallback, boolean useBSClsLoader)
+ throws ConfigurationError
+ {
+ // make sure we have access to restricted packages
+ if (System.getSecurityManager() != null) {
+ if (className != null && className.startsWith(DEFAULT_PACKAGE)) {
+ cl = null;
+ useBSClsLoader = true;
+ }
+ }
+
try {
- Class providerClass = getProviderClass(className, cl, doFallback);
+ Class providerClass = getProviderClass(className, cl, doFallback, useBSClsLoader);
Object instance = providerClass.newInstance();
if (debug) { // Extra check to avoid computing cl strings
dPrint("created new instance of " + providerClass +
@@ -244,6 +281,7 @@
// First try the Context ClassLoader
ClassLoader cl = ss.getContextClassLoader();
+ boolean useBSClsLoader = false;
if (cl != null) {
is = ss.getResourceAsStream(cl, serviceId);
@@ -251,11 +289,13 @@
if (is == null) {
cl = FactoryFinder.class.getClassLoader();
is = ss.getResourceAsStream(cl, serviceId);
+ useBSClsLoader = true;
}
} else {
// No Context ClassLoader, try the current ClassLoader
cl = FactoryFinder.class.getClassLoader();
is = ss.getResourceAsStream(cl, serviceId);
+ useBSClsLoader = true;
}
if (is == null) {
@@ -293,7 +333,7 @@
// ClassLoader because we want to avoid the case where the
// resource file was found using one ClassLoader and the
// provider class was instantiated using a different one.
- return newInstance(factoryClassName, cl, false);
+ return newInstance(factoryClassName, cl, false, useBSClsLoader);
}
// No provider found
diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/javax/xml/parsers/FactoryFinder.java
--- a/sources/jaxp_src/src/javax/xml/parsers/FactoryFinder.java Mon Mar 04 19:34:17 2013 -0500
+++ b/sources/jaxp_src/src/javax/xml/parsers/FactoryFinder.java Thu Apr 18 14:38:10 2013 +0100
@@ -44,7 +44,7 @@
* @author Santiago.PericasGeertsen@sun.com
*/
class FactoryFinder {
-
+ private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xerces.internal";
/**
* Internal debug flag.
*/
@@ -140,6 +140,13 @@
static Object newInstance(String className, ClassLoader cl, boolean doFallback)
throws ConfigurationError
{
+ // make sure we have access to restricted packages
+ if (System.getSecurityManager() != null) {
+ if (className != null && className.startsWith(DEFAULT_PACKAGE)) {
+ cl = null;
+ }
+ }
+
try {
Class providerClass = getProviderClass(className, cl, doFallback);
Object instance = providerClass.newInstance();
diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/javax/xml/stream/FactoryFinder.java
--- a/sources/jaxp_src/src/javax/xml/stream/FactoryFinder.java Mon Mar 04 19:34:17 2013 -0500
+++ b/sources/jaxp_src/src/javax/xml/stream/FactoryFinder.java Thu Apr 18 14:38:10 2013 +0100
@@ -25,14 +25,12 @@
package javax.xml.stream;
-import java.io.InputStream;
-import java.io.IOException;
+import java.io.BufferedReader;
import java.io.File;
-import java.io.FileInputStream;
-
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
import java.util.Properties;
-import java.io.BufferedReader;
-import java.io.InputStreamReader;
/**
* Implements pluggable Datatypes.
@@ -43,6 +41,8 @@ * @author Santiago.PericasGeertsen@sun.com */ class FactoryFinder { + // Check we have access to package. + private static final String DEFAULT_PACKAGE = "com.sun.xml.internal."; /** * Internal debug flag. @@ -94,18 +94,24 @@ * If the class loader supplied isnull
, first try using the
* context class loader followed by the current (i.e. bootstrap) class
* loader.
+ *
+ * Use bootstrap classLoader if cl = null and useBSClsLoader is true
*/
static private Class getProviderClass(String className, ClassLoader cl,
- boolean doFallback) throws ClassNotFoundException
+ boolean doFallback, boolean useBSClsLoader) throws ClassNotFoundException
{
try {
if (cl == null) {
- cl = ss.getContextClassLoader();
- if (cl == null) {
- throw new ClassNotFoundException();
- }
- else {
- return cl.loadClass(className);
+ if (useBSClsLoader) {
+ return Class.forName(className, true, FactoryFinder.class.getClassLoader());
+ } else {
+ cl = ss.getContextClassLoader();
+ if (cl == null) {
+ throw new ClassNotFoundException();
+ }
+ else {
+ return cl.loadClass(className);
+ }
}
}
else {
@@ -130,8 +136,8 @@
* @param className Name of the concrete class corresponding to the
* service provider
*
- * @param cl ClassLoader to use to load the class, null means to use
- * the bootstrap ClassLoader
+ * @param cl ClassLoader
used to load the factory class. If null
+ * current Thread
's context classLoader is used to load the factory class.
*
* @param doFallback True if the current ClassLoader should be tried as
* a fallback if the class is not found using cl
@@ -139,8 +145,38 @@
static Object newInstance(String className, ClassLoader cl, boolean doFallback)
throws ConfigurationError
{
+ return newInstance(className, cl, doFallback, false);
+ }
+
+ /**
+ * Create an instance of a class. Delegates to method
+ * getProviderClass()
in order to load the class.
+ *
+ * @param className Name of the concrete class corresponding to the
+ * service provider
+ *
+ * @param cl ClassLoader
used to load the factory class. If null
+ * current Thread
's context classLoader is used to load the factory class.
+ *
+ * @param doFallback True if the current ClassLoader should be tried as
+ * a fallback if the class is not found using cl
+ *
+ * @param useBSClsLoader True if cl=null actually meant bootstrap classLoader. This parameter
+ * is needed since DocumentBuilderFactory/SAXParserFactory defined null as context classLoader.
+ */
+ static Object newInstance(String className, ClassLoader cl, boolean doFallback, boolean useBSClsLoader)
+ throws ConfigurationError
+ {
+ // make sure we have access to restricted packages
+ if (System.getSecurityManager() != null) {
+ if (className != null && className.startsWith(DEFAULT_PACKAGE)) {
+ cl = null;
+ useBSClsLoader = true;
+ }
+ }
+
try {
- Class providerClass = getProviderClass(className, cl, doFallback);
+ Class providerClass = getProviderClass(className, cl, doFallback, useBSClsLoader);
Object instance = providerClass.newInstance();
if (debug) { // Extra check to avoid computing cl strings
dPrint("created new instance of " + providerClass +
@@ -233,11 +269,11 @@
if (ss.doesFileExist(f)) {
dPrint("Read properties file "+f);
cacheProps.load(ss.getFileInputStream(f));
- }
- }
}
}
}
+ }
+ }
factoryClassName = cacheProps.getProperty(factoryId);
if (factoryClassName != null) {
@@ -276,6 +312,7 @@
// First try the Context ClassLoader
ClassLoader cl = ss.getContextClassLoader();
+ boolean useBSClsLoader = false;
if (cl != null) {
is = ss.getResourceAsStream(cl, serviceId);
@@ -283,11 +320,13 @@
if (is == null) {
cl = FactoryFinder.class.getClassLoader();
is = ss.getResourceAsStream(cl, serviceId);
+ useBSClsLoader = true;
}
} else {
// No Context ClassLoader, try the current ClassLoader
cl = FactoryFinder.class.getClassLoader();
is = ss.getResourceAsStream(cl, serviceId);
+ useBSClsLoader = true;
}
if (is == null) {
@@ -325,7 +364,7 @@
// ClassLoader because we want to avoid the case where the
// resource file was found using one ClassLoader and the
// provider class was instantiated using a different one.
- return newInstance(factoryClassName, cl, false);
+ return newInstance(factoryClassName, cl, false, useBSClsLoader);
}
// No provider found
diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/javax/xml/transform/FactoryFinder.java
--- a/sources/jaxp_src/src/javax/xml/transform/FactoryFinder.java Mon Mar 04 19:34:17 2013 -0500
+++ b/sources/jaxp_src/src/javax/xml/transform/FactoryFinder.java Thu Apr 18 14:38:10 2013 +0100
@@ -44,6 +44,7 @@
* @author Santiago.PericasGeertsen@sun.com
*/
class FactoryFinder {
+ private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xalan.internal.";
/**
* Internal debug flag.
@@ -140,6 +141,13 @@
static Object newInstance(String className, ClassLoader cl, boolean doFallback)
throws ConfigurationError
{
+ // make sure we have access to restricted packages
+ if (System.getSecurityManager() != null) {
+ if (className != null && className.startsWith(DEFAULT_PACKAGE)) {
+ cl = null;
+ }
+ }
+
try {
Class providerClass = getProviderClass(className, cl, doFallback);
Object instance = providerClass.newInstance();
diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/javax/xml/validation/SchemaFactoryFinder.java
--- a/sources/jaxp_src/src/javax/xml/validation/SchemaFactoryFinder.java Mon Mar 04 19:34:17 2013 -0500
+++ b/sources/jaxp_src/src/javax/xml/validation/SchemaFactoryFinder.java Thu Apr 18 14:38:10 2013 +0100
@@ -53,6 +53,7 @@
*Take care of restrictions imposed by java security model
*/ private static SecuritySupport ss = new SecuritySupport(); + private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xerces.internal"; /** *Cache properties for performance.
*/ @@ -212,28 +213,6 @@ } } - /** - // try to read from $java.home/lib/jaxp.properties - try { - String javah = ss.getSystemProperty( "java.home" ); - String configFile = javah + File.separator + - "lib" + File.separator + "jaxp.properties"; - File f = new File( configFile ); - if( ss.doesFileExist(f)) { - sf = loadFromProperty( - propertyName,f.getAbsolutePath(), new FileInputStream(f)); - if(sf!=null) return sf; - } else { - debugPrintln("Tried to read "+ f.getAbsolutePath()+", but it doesn't exist."); - } - } catch(Throwable e) { - if( debug ) { - debugPrintln("failed to read $java.home/lib/jaxp.properties"); - e.printStackTrace(); - } - } - */ - // try META-INF/services files Iterator sitr = createServiceFileIterator(); while(sitr.hasNext()) { @@ -268,14 +247,20 @@ */ private Class createClass(String className) { Class clazz; + // make sure we have access to restricted packages + boolean internal = false; + if (System.getSecurityManager() != null) { + if (className != null && className.startsWith(DEFAULT_PACKAGE)) { + internal = true; + } + } - // use approprite ClassLoader try { - if (classLoader != null) { - clazz = classLoader.loadClass(className); - } else { - clazz = Class.forName(className); - } + if (classLoader != null && !internal) { + clazz = classLoader.loadClass(className); + } else { + clazz = Class.forName(className); + } } catch (Throwable t) { if(debug) t.printStackTrace(); return null; diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/javax/xml/xpath/XPathFactoryFinder.java --- a/sources/jaxp_src/src/javax/xml/xpath/XPathFactoryFinder.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/javax/xml/xpath/XPathFactoryFinder.java Thu Apr 18 14:38:10 2013 +0100 @@ -47,6 +47,7 @@ * @since 1.5 */ class XPathFactoryFinder { + private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xpath.internal"; private static SecuritySupport ss = new SecuritySupport() ; /** debug support code. */ @@ -245,18 +246,25 @@ */ private Class createClass(String className) { Class clazz; + // make sure we have access to restricted packages + boolean internal = false; + if (System.getSecurityManager() != null) { + if (className != null && className.startsWith(DEFAULT_PACKAGE)) { + internal = true; + } + } - // use approprite ClassLoader - try { - if (classLoader != null) { - clazz = classLoader.loadClass(className); - } else { - clazz = Class.forName(className); - } - } catch (Throwable t) { - if(debug) t.printStackTrace(); - return null; + // use approprite ClassLoader + try { + if (classLoader != null && !internal) { + clazz = classLoader.loadClass(className); + } else { + clazz = Class.forName(className); } + } catch (Throwable t) { + if(debug) t.printStackTrace(); + return null; + } return clazz; } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/org/w3c/dom/bootstrap/DOMImplementationRegistry.java --- a/sources/jaxp_src/src/org/w3c/dom/bootstrap/DOMImplementationRegistry.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/org/w3c/dom/bootstrap/DOMImplementationRegistry.java Thu Apr 18 14:38:10 2013 +0100 @@ -104,6 +104,8 @@ */ private static final String FALLBACK_CLASS = "com.sun.org.apache.xerces.internal.dom.DOMXSImplementationSourceImpl"; + private static final String DEFAULT_PACKAGE = + "com.sun.org.apache.xerces.internal.dom"; /** * Private constructor. * @param srcs Vector List of DOMImplementationSources @@ -168,10 +170,15 @@ StringTokenizer st = new StringTokenizer(p); while (st.hasMoreTokens()) { String sourceName = st.nextToken(); - // Use context class loader, falling back to Class.forName - // if and only if this fails... + // make sure we have access to restricted packages + boolean internal = false; + if (System.getSecurityManager() != null) { + if (sourceName != null && sourceName.startsWith(DEFAULT_PACKAGE)) { + internal = true; + } + } Class sourceClass = null; - if (classLoader != null) { + if (classLoader != null && !internal) { sourceClass = classLoader.loadClass(sourceName); } else { sourceClass = Class.forName(sourceName); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/org/xml/sax/helpers/NewInstance.java --- a/sources/jaxp_src/src/org/xml/sax/helpers/NewInstance.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/org/xml/sax/helpers/NewInstance.java Thu Apr 18 14:38:10 2013 +0100 @@ -54,9 +54,10 @@ * including versions of Java 2. * * @author Edwin Goei, David Brownell + * @version 2.0.1 (sax2r2) */ class NewInstance { - + private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xerces.internal"; /** * Creates a new instance of the specified class name * @@ -66,8 +67,16 @@ throws ClassNotFoundException, IllegalAccessException, InstantiationException { + // make sure we have access to restricted packages + boolean internal = false; + if (System.getSecurityManager() != null) { + if (className != null && className.startsWith(DEFAULT_PACKAGE)) { + internal = true; + } + } + Class driverClass; - if (classLoader == null) { + if (classLoader == null || internal) { driverClass = Class.forName(className); } else { driverClass = classLoader.loadClass(className); @@ -75,29 +84,4 @@ return driverClass.newInstance(); } - /** - * Figure out which ClassLoader to use. For JDK 1.2 and later use - * the context ClassLoader. - */ - static ClassLoader getClassLoader () - { - Method m = null; - - try { - m = Thread.class.getMethod("getContextClassLoader", (Class[]) null); - } catch (NoSuchMethodException e) { - // Assume that we are running JDK 1.1, use the current ClassLoader - return NewInstance.class.getClassLoader(); - } - - try { - return (ClassLoader) m.invoke(Thread.currentThread(), (Object[]) null); - } catch (IllegalAccessException e) { - // assert(false) - throw new UnknownError(e.getMessage()); - } catch (InvocationTargetException e) { - // assert(e.getTargetException() instanceof SecurityException) - throw new UnknownError(e.getMessage()); - } - } } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/org/xml/sax/helpers/ParserAdapter.java --- a/sources/jaxp_src/src/org/xml/sax/helpers/ParserAdapter.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/org/xml/sax/helpers/ParserAdapter.java Thu Apr 18 14:38:10 2013 +0100 @@ -74,13 +74,14 @@ * * @since SAX 2.0 * @author David Megginson + * @version 2.0.1 (sax2r2) * @see org.xml.sax.helpers.XMLReaderAdapter * @see org.xml.sax.XMLReader * @see org.xml.sax.Parser */ public class ParserAdapter implements XMLReader, DocumentHandler { - + private static SecuritySupport ss = new SecuritySupport(); //////////////////////////////////////////////////////////////////// // Constructors. @@ -102,7 +103,7 @@ { super(); - String driver = System.getProperty("org.xml.sax.parser"); + String driver = ss.getSystemProperty("org.xml.sax.parser"); try { setup(ParserFactory.makeParser()); diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/org/xml/sax/helpers/ParserFactory.java --- a/sources/jaxp_src/src/org/xml/sax/helpers/ParserFactory.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/org/xml/sax/helpers/ParserFactory.java Thu Apr 18 14:38:10 2013 +0100 @@ -30,12 +30,6 @@ package org.xml.sax.helpers; -import java.lang.ClassNotFoundException; -import java.lang.IllegalAccessException; -import java.lang.InstantiationException; -import java.lang.SecurityException; -import java.lang.ClassCastException; - import org.xml.sax.Parser; @@ -69,9 +63,10 @@ * interface. * @since SAX 1.0 * @author David Megginson + * @version 2.0.1 (sax2r2) */ public class ParserFactory { - + private static SecuritySupport ss = new SecuritySupport(); /** * Private null constructor. @@ -109,7 +104,7 @@ NullPointerException, ClassCastException { - String className = System.getProperty("org.xml.sax.parser"); + String className = ss.getSystemProperty("org.xml.sax.parser"); if (className == null) { throw new NullPointerException("No value for sax.parser property"); } else { @@ -146,7 +141,7 @@ ClassCastException { return (Parser) NewInstance.newInstance ( - NewInstance.getClassLoader (), className); + ss.getContextClassLoader(), className); } } diff -r 691f82a0de0b -r 3ce1593f819e sources/jaxp_src/src/org/xml/sax/helpers/XMLReaderFactory.java --- a/sources/jaxp_src/src/org/xml/sax/helpers/XMLReaderFactory.java Mon Mar 04 19:34:17 2013 -0500 +++ b/sources/jaxp_src/src/org/xml/sax/helpers/XMLReaderFactory.java Thu Apr 18 14:38:10 2013 +0100 @@ -34,8 +34,6 @@ import java.io.BufferedReader; import java.io.InputStream; import java.io.InputStreamReader; -import java.security.AccessController; -import java.security.PrivilegedAction; import org.xml.sax.XMLReader; import org.xml.sax.SAXException; @@ -85,8 +83,8 @@ } private static final String property = "org.xml.sax.driver"; + private static SecuritySupport ss = new SecuritySupport(); - private static String _clsFromJar = null; private static boolean _jarread = false; /** * Attempt to create an XMLReader from system defaults. @@ -134,43 +132,45 @@ throws SAXException { String className = null; - ClassLoader loader = NewInstance.getClassLoader (); + ClassLoader cl = ss.getContextClassLoader(); // 1. try the JVM-instance-wide system property - try { className = System.getProperty (property); } - catch (RuntimeException e) { /* normally fails for applets */ } + try { + className = ss.getSystemProperty(property); + } + catch (RuntimeException e) { /* continue searching */ } // 2. if that fails, try META-INF/services/ if (className == null) { if (!_jarread) { - final ClassLoader loader1 = loader; _jarread = true; - _clsFromJar = (String) - AccessController.doPrivileged(new PrivilegedAction() { - public Object run() { - String clsName = null; - try { - String service = "META-INF/services/" + property; - InputStream in; - BufferedReader reader; - if (loader1 == null) - in = ClassLoader.getSystemResourceAsStream (service); - else - in = loader1.getResourceAsStream (service); + String service = "META-INF/services/" + property; + InputStream in; + BufferedReader reader; + + try { + if (cl != null) { + in = ss.getResourceAsStream(cl, service); - if (in != null) { - reader = new BufferedReader ( - new InputStreamReader (in, "UTF8")); - clsName = reader.readLine (); - in.close (); - } - } catch (Exception e) { + // If no provider found then try the current ClassLoader + if (in == null) { + cl = null; + in = ss.getResourceAsStream(cl, service); } - return clsName; + } else { + // No Context ClassLoader, try the current ClassLoader + in = ss.getResourceAsStream(cl, service); } - }); + + if (in != null) { + reader = new BufferedReader ( + new InputStreamReader (in, "UTF8")); + className = reader.readLine (); + in.close (); + } + } catch (Exception e) { + } } - className = _clsFromJar; } // 3. Distro-specific fallback @@ -187,7 +187,7 @@ // do we know the XMLReader implementation class yet? if (className != null) - return loadClass (loader, className); + return loadClass (cl, className); // 4. panic -- adapt any SAX1 parser try { @@ -217,7 +217,7 @@ public static XMLReader createXMLReader (String className) throws SAXException { - return loadClass (NewInstance.getClassLoader (), className); + return loadClass (ss.getContextClassLoader(), className); } private static XMLReader loadClass (ClassLoader loader, String className)