# HG changeset patch # User joehw # Date 1381939765 -3600 # Node ID 1836b22ca25ede693fc82818291c935d30dc341b # Parent 7d227aff400a8e190d774c05c17e6e550975d44f 8022682: Supporting XOM Reviewed-by: alanb, chegar, lancea diff -r 7d227aff400a -r 1836b22ca25e src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java --- a/src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java Wed Oct 16 16:16:42 2013 +0100 +++ b/src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java Wed Oct 16 17:09:25 2013 +0100 @@ -168,6 +168,17 @@ //add internal stax property supportedProps.put( Constants.XERCES_PROPERTY_PREFIX + Constants.STAX_ENTITY_RESOLVER_PROPERTY , new StaxEntityResolverWrapper((XMLResolver)value)) ; } + + /** + * It's possible for users to set a security manager through the interface. + * If it's the old SecurityManager, convert it to the new XMLSecurityManager + */ + if (property.equals(Constants.SECURITY_MANAGER)) { + fSecurityManager = XMLSecurityManager.convert(value, fSecurityManager); + supportedProps.put(Constants.SECURITY_MANAGER, fSecurityManager); + return; + } + supportedProps.put(property, value ) ; if(equivalentProperty != null){ supportedProps.put(equivalentProperty, value ) ; diff -r 7d227aff400a -r 1836b22ca25e src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java --- a/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java Wed Oct 16 16:16:42 2013 +0100 +++ b/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java Wed Oct 16 17:09:25 2013 +0100 @@ -383,7 +383,7 @@ "ProperyNameNull", null)); } if (name.equals(SECURITY_MANAGER)) { - fSecurityManager = (XMLSecurityManager) object; + fSecurityManager = XMLSecurityManager.convert(object, fSecurityManager); fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager); return; } diff -r 7d227aff400a -r 1836b22ca25e src/com/sun/org/apache/xerces/internal/parsers/DOMParser.java --- a/src/com/sun/org/apache/xerces/internal/parsers/DOMParser.java Wed Oct 16 16:16:42 2013 +0100 +++ b/src/com/sun/org/apache/xerces/internal/parsers/DOMParser.java Wed Oct 16 17:09:25 2013 +0100 @@ -29,6 +29,7 @@ import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter; import com.sun.org.apache.xerces.internal.util.Status; import com.sun.org.apache.xerces.internal.util.SymbolTable; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.xni.XNIException; import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool; import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException; @@ -526,7 +527,30 @@ */ public void setProperty(String propertyId, Object value) throws SAXNotRecognizedException, SAXNotSupportedException { + /** + * It's possible for users to set a security manager through the interface. + * If it's the old SecurityManager, convert it to the new XMLSecurityManager + */ + if (propertyId.equals(Constants.SECURITY_MANAGER)) { + securityManager = XMLSecurityManager.convert(value, securityManager); + setProperty0(Constants.SECURITY_MANAGER, securityManager); + return; + } + if (securityManager == null) { + securityManager = new XMLSecurityManager(true); + setProperty0(Constants.SECURITY_MANAGER, securityManager); + } + + //check if the property is managed by security manager + if (!securityManager.setLimit(propertyId, XMLSecurityManager.State.APIPROPERTY, value)) { + //fall back to the default configuration to handle the property + setProperty0(propertyId, value); + } + } + + public void setProperty0(String propertyId, Object value) + throws SAXNotRecognizedException, SAXNotSupportedException { try { fConfiguration.setProperty(propertyId, value); } diff -r 7d227aff400a -r 1836b22ca25e src/com/sun/org/apache/xerces/internal/parsers/DTDConfiguration.java --- a/src/com/sun/org/apache/xerces/internal/parsers/DTDConfiguration.java Wed Oct 16 16:16:42 2013 +0100 +++ b/src/com/sun/org/apache/xerces/internal/parsers/DTDConfiguration.java Wed Oct 16 17:09:25 2013 +0100 @@ -184,6 +184,9 @@ protected static final String LOCALE = Constants.XERCES_PROPERTY_PREFIX + Constants.LOCALE_PROPERTY; + /** Property identifier: Security manager. */ + private static final String SECURITY_MANAGER = Constants.SECURITY_MANAGER; + // debugging /** Set to true and recompile to print exception stack trace. */ @@ -328,7 +331,8 @@ VALIDATION_MANAGER, JAXP_SCHEMA_SOURCE, JAXP_SCHEMA_LANGUAGE, - LOCALE + LOCALE, + SECURITY_MANAGER }; addRecognizedProperties(recognizedProperties); diff -r 7d227aff400a -r 1836b22ca25e src/com/sun/org/apache/xerces/internal/parsers/NonValidatingConfiguration.java --- a/src/com/sun/org/apache/xerces/internal/parsers/NonValidatingConfiguration.java Wed Oct 16 16:16:42 2013 +0100 +++ b/src/com/sun/org/apache/xerces/internal/parsers/NonValidatingConfiguration.java Wed Oct 16 17:09:25 2013 +0100 @@ -157,6 +157,9 @@ protected static final String LOCALE = Constants.XERCES_PROPERTY_PREFIX + Constants.LOCALE_PROPERTY; + /** Property identifier: Security manager. */ + private static final String SECURITY_MANAGER = Constants.SECURITY_MANAGER; + // debugging /** Set to true and recompile to print exception stack trace. */ @@ -310,7 +313,8 @@ XMLGRAMMAR_POOL, DATATYPE_VALIDATOR_FACTORY, VALIDATION_MANAGER, - LOCALE + LOCALE, + SECURITY_MANAGER }; addRecognizedProperties(recognizedProperties); diff -r 7d227aff400a -r 1836b22ca25e src/com/sun/org/apache/xerces/internal/parsers/SAXParser.java --- a/src/com/sun/org/apache/xerces/internal/parsers/SAXParser.java Wed Oct 16 16:16:42 2013 +0100 +++ b/src/com/sun/org/apache/xerces/internal/parsers/SAXParser.java Wed Oct 16 17:09:25 2013 +0100 @@ -74,7 +74,7 @@ XMLGRAMMAR_POOL, }; - XMLSecurityManager securityManager; + // // Constructors // diff -r 7d227aff400a -r 1836b22ca25e src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java --- a/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java Wed Oct 16 16:16:42 2013 +0100 +++ b/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java Wed Oct 16 17:09:25 2013 +0100 @@ -580,8 +580,6 @@ fVersionDetector = new XMLVersionDetector(); - fProperties.put(SECURITY_MANAGER, new XMLSecurityManager(true)); - // add message formatters if (fErrorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) { XMLMessageFormatter xmft = new XMLMessageFormatter(); diff -r 7d227aff400a -r 1836b22ca25e src/com/sun/org/apache/xerces/internal/parsers/XMLParser.java --- a/src/com/sun/org/apache/xerces/internal/parsers/XMLParser.java Wed Oct 16 16:16:42 2013 +0100 +++ b/src/com/sun/org/apache/xerces/internal/parsers/XMLParser.java Wed Oct 16 17:09:25 2013 +0100 @@ -23,6 +23,7 @@ import java.io.IOException; import com.sun.org.apache.xerces.internal.impl.Constants; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.xni.XNIException; import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource; import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration; @@ -78,6 +79,10 @@ /** The parser configuration. */ protected XMLParserConfiguration fConfiguration; + /** The XML Security Manager. */ + XMLSecurityManager securityManager; + + // // Constructors // @@ -118,6 +123,11 @@ */ public void parse(XMLInputSource inputSource) throws XNIException, IOException { + // null indicates that the parser is called directly, initialize them + if (securityManager == null) { + securityManager = new XMLSecurityManager(true); + fConfiguration.setProperty(Constants.SECURITY_MANAGER, securityManager); + } reset(); fConfiguration.parse(inputSource); diff -r 7d227aff400a -r 1836b22ca25e src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java --- a/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java Wed Oct 16 16:16:42 2013 +0100 +++ b/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java Wed Oct 16 17:09:25 2013 +0100 @@ -203,6 +203,9 @@ } public boolean isTracking(String name) { + if (entityStart == null) { + return false; + } return entityStart.equals(name); } /** diff -r 7d227aff400a -r 1836b22ca25e src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java --- a/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java Wed Oct 16 16:16:42 2013 +0100 +++ b/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java Wed Oct 16 17:09:25 2013 +0100 @@ -26,6 +26,7 @@ package com.sun.org.apache.xerces.internal.utils; import com.sun.org.apache.xerces.internal.impl.Constants; +import com.sun.org.apache.xerces.internal.util.SecurityManager; /** * This class manages standard and implementation-specific limitations. @@ -518,4 +519,37 @@ } return false; } + + + /** + * Convert a value set through setProperty to XMLSecurityManager. + * If the value is an instance of XMLSecurityManager, use it to override the default; + * If the value is an old SecurityManager, convert to the new XMLSecurityManager. + * + * @param value user specified security manager + * @param securityManager an instance of XMLSecurityManager + * @return an instance of the new security manager XMLSecurityManager + */ + static public XMLSecurityManager convert(Object value, XMLSecurityManager securityManager) { + if (value == null) { + if (securityManager == null) { + securityManager = new XMLSecurityManager(true); + } + return securityManager; + } + if (XMLSecurityManager.class.isAssignableFrom(value.getClass())) { + return (XMLSecurityManager)value; + } else { + if (securityManager == null) { + securityManager = new XMLSecurityManager(true); + } + if (SecurityManager.class.isAssignableFrom(value.getClass())) { + SecurityManager origSM = (SecurityManager)value; + securityManager.setLimit(Limit.MAX_OCCUR_NODE_LIMIT, State.APIPROPERTY, origSM.getMaxOccurNodeLimit()); + securityManager.setLimit(Limit.ENTITY_EXPANSION_LIMIT, State.APIPROPERTY, origSM.getEntityExpansionLimit()); + securityManager.setLimit(Limit.ELEMENT_ATTRIBUTE_LIMIT, State.APIPROPERTY, origSM.getElementAttrLimit()); + } + return securityManager; + } + } }