org.apache.xmlbeans.impl.common.SAXHelper Maven / Gradle / Ivy
/* Copyright 2017, 2018 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.xmlbeans.impl.common;
import java.io.IOException;
import java.io.StringReader;
import java.lang.reflect.Method;
import java.util.concurrent.TimeUnit;
import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
import org.apache.xmlbeans.XmlOptionsBean;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.XMLReader;
/**
* Provides handy methods for working with SAX parsers and readers
*/
public final class SAXHelper {
private static final XBLogger logger = XBLogFactory.getLogger(SAXHelper.class);
private static long lastLog;
private SAXHelper() {}
/**
* Creates a new SAX XMLReader, with sensible defaults
*/
public static XMLReader newXMLReader(XmlOptionsBean options) throws SAXException, ParserConfigurationException {
XMLReader xmlReader = saxFactory(options).newSAXParser().getXMLReader();
xmlReader.setEntityResolver(IGNORING_ENTITY_RESOLVER);
trySetSAXFeature(xmlReader, XMLConstants.FEATURE_SECURE_PROCESSING);
trySetXercesSecurityManager(xmlReader, options);
return xmlReader;
}
public static final EntityResolver IGNORING_ENTITY_RESOLVER = new EntityResolver() {
@Override
public InputSource resolveEntity(String publicId, String systemId)
throws SAXException, IOException {
return new InputSource(new StringReader(""));
}
};
static SAXParserFactory saxFactory() {
return saxFactory(new XmlOptionsBean());
}
static SAXParserFactory saxFactory(XmlOptionsBean options) {
SAXParserFactory saxFactory = SAXParserFactory.newInstance();
saxFactory.setValidating(false);
saxFactory.setNamespaceAware(true);
trySetSAXFeature(saxFactory, XMLConstants.FEATURE_SECURE_PROCESSING, true);
trySetSAXFeature(saxFactory, XMLBeansConstants.FEATURE_LOAD_DTD_GRAMMAR, options.isLoadDTDGrammar());
trySetSAXFeature(saxFactory, XMLBeansConstants.FEATURE_LOAD_EXTERNAL_DTD, options.isLoadExternalDTD());
return saxFactory;
}
private static void trySetSAXFeature(SAXParserFactory spf, String feature, boolean flag) {
try {
spf.setFeature(feature, flag);
} catch (Exception e) {
logger.log(XBLogger.WARN, "SAX Feature unsupported", feature, e);
} catch (AbstractMethodError ame) {
logger.log(XBLogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame);
}
}
private static void trySetSAXFeature(XMLReader xmlReader, String feature) {
try {
xmlReader.setFeature(feature, true);
} catch (Exception e) {
logger.log(XBLogger.WARN, "SAX Feature unsupported", feature, e);
} catch (AbstractMethodError ame) {
logger.log(XBLogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame);
}
}
private static void trySetXercesSecurityManager(XMLReader xmlReader, XmlOptionsBean options) {
// Try built-in JVM one first, standalone if not
for (String securityManagerClassName : new String[] {
//"com.sun.org.apache.xerces.internal.util.SecurityManager",
"org.apache.xerces.util.SecurityManager"
}) {
try {
Object mgr = Class.forName(securityManagerClassName).newInstance();
Method setLimit = mgr.getClass().getMethod("setEntityExpansionLimit", Integer.TYPE);
setLimit.invoke(mgr, options.getEntityExpansionLimit());
xmlReader.setProperty(XMLBeansConstants.SECURITY_MANAGER, mgr);
// Stop once one can be setup without error
return;
} catch (Throwable e) { // NOSONAR - also catch things like NoClassDefError here
// throttle the log somewhat as it can spam the log otherwise
if(System.currentTimeMillis() > lastLog + TimeUnit.MINUTES.toMillis(5)) {
logger.log(XBLogger.WARN, "SAX Security Manager could not be setup [log suppressed for 5 minutes]", e);
lastLog = System.currentTimeMillis();
}
}
}
// separate old version of Xerces not found => use the builtin way of setting the property
try {
xmlReader.setProperty(XMLBeansConstants.ENTITY_EXPANSION_LIMIT, options.getEntityExpansionLimit());
} catch (SAXException e) { // NOSONAR - also catch things like NoClassDefError here
// throttle the log somewhat as it can spam the log otherwise
if(System.currentTimeMillis() > lastLog + TimeUnit.MINUTES.toMillis(5)) {
logger.log(XBLogger.WARN, "SAX Security Manager could not be setup [log suppressed for 5 minutes]", e);
lastLog = System.currentTimeMillis();
}
}
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy