/** * * @param file File to load into Document * @return Document * @throws IOException * @throws SAXException * @throws ParserConfigurationException */ private static Document loadDocument(File file) throws IOException, SAXException, ParserConfigurationException { DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance(); docFactory.setFeature(FEATURE_DISABLE_DOCTYPE_DECL, true); docFactory.setFeature(FEATURE_LOAD_DTD, false); try { docFactory.setAttribute(ACCESS_EXTERNAL_DTD, " "); docFactory.setAttribute(ACCESS_EXTERNAL_SCHEMA, " "); } catch (IllegalArgumentException ex) { LOGGER.warning("JAXP 1.5 Support is required to validate XML"); } DocumentBuilder docBuilder = docFactory.newDocumentBuilder(); // Not using the parse(File) method on purpose, so that we can control when // to close it. Somehow parse(File) does not seem to close the file in all cases. FileInputStream inputStream = new FileInputStream(file); try { return docBuilder.parse(inputStream); } finally { inputStream.close(); } }
/** * Create a JAXP DocumentBuilderFactory that this bean definition reader will use for parsing XML documents. Can be * overridden in subclasses, adding further initialization of the factory. * * @return the JAXP DocumentBuilderFactory */ private DocumentBuilderFactory createDocumentBuilderFactory() { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setValidating(true); factory.setNamespaceAware(true); factory.setIgnoringElementContentWhitespace(true); factory.setAttribute(SCHEMA_FEATURE, true); // For Xerces implementation return factory; }
factory.setAttribute(SCHEMA_LANGUAGE_ATTRIBUTE, XSD_SCHEMA_LANGUAGE);
private static void trySetXercesSecurityManager(DocumentBuilderFactory documentBuilderFactory) { // Try built-in JVM one first, standalone if not for (String securityManagerClassName : new String[] { "com.sun.org.apache.xerces.internal.util.SecurityManager", "org.apache.xerces.util.SecurityManager" }) { try { Object mgr = Class.forName(securityManagerClassName).newInstance(); Method setLimit = mgr.getClass().getMethod("setEntityExpansionLimit", Integer.TYPE); setLimit.invoke(mgr, 4096); documentBuilderFactory.setAttribute("http://apache.org/xml/properties/security-manager", mgr); // Stop once one can be setup without error return; } catch (Throwable t) { logger.warn( "SAX Security Manager could not be setup", t); } } }
docBuilderFactory.setValidating(true); docBuilderFactory.setAttribute("http://java.sun.com/xml/jaxp/properties/schemaLanguage", "http://www.w3.org/2001/XMLSchema"); docBuilderFactory.setAttribute("http://java.sun.com/xml/jaxp/properties/schemaSource", resolveSchemaSource());
docBuilderFactory.setValidating(true); docBuilderFactory.setAttribute("http://java.sun.com/xml/jaxp/properties/schemaLanguage", "http://www.w3.org/2001/XMLSchema"); docBuilderFactory.setAttribute("http://java.sun.com/xml/jaxp/properties/schemaSource", resolveSchemaSource());
factory.setAttribute(SCHEMA_LANGUAGE_ATTRIBUTE, XSD_SCHEMA_LANGUAGE);
Method setLimit = mgr.getClass().getMethod("setEntityExpansionLimit", Integer.TYPE); setLimit.invoke(mgr, 1); dbf.setAttribute(POIXMLConstants.PROPERTY_SECURITY_MANAGER, mgr); dbf.setAttribute(POIXMLConstants.PROPERTY_ENTITY_EXPANSION_LIMIT, 1); } catch (Throwable e) { if(System.currentTimeMillis() > lastLog + TimeUnit.MINUTES.toMillis(5)) {
factory.setNamespaceAware(validation); if (validation) { factory.setAttribute(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA);
@Override protected void configureFactory(DocumentBuilderFactory dbf) { dbf.setAttribute(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA); dbf.setAttribute(JAXP_SCHEMA_SOURCE, ReflectUtil.getResource(BPMN_20_SCHEMA_LOCATION, BpmnParser.class.getClassLoader()).toString()); super.configureFactory(dbf); }
@Override protected void configureFactory(DocumentBuilderFactory dbf) { dbf.setAttribute(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA); dbf.setAttribute(JAXP_SCHEMA_SOURCE, new String[] { ReflectUtil.getResource(DMN_11_SCHEMA_LOCATION, DmnParser.class.getClassLoader()).toString(), ReflectUtil.getResource(DMN_11_ALTERNATIVE_SCHEMA_LOCATION, DmnParser.class.getClassLoader()).toString() }); super.configureFactory(dbf); }
@Override protected void configureFactory(DocumentBuilderFactory dbf) { dbf.setAttribute(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA); ClassLoader classLoader = CmmnParser.class.getClassLoader(); dbf.setAttribute(JAXP_SCHEMA_SOURCE, new String[] { ReflectUtil.getResource(CMMN_10_SCHEMA_LOCATION, classLoader).toString(), ReflectUtil.getResource(CMMN_11_SCHEMA_LOCATION, classLoader).toString() } ); super.configureFactory(dbf); }
Method setLimit = mgr.getClass().getMethod("setEntityExpansionLimit", Integer.TYPE); setLimit.invoke(mgr, MAX_ENTITY_EXPANSIONS); factory.setAttribute(XERCES_SECURITY_MANAGER_PROPERTY, mgr); factory.setAttribute("http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit", MAX_ENTITY_EXPANSIONS); } catch (IllegalArgumentException e) { // NOSONAR - also catch things like NoClassDefError here
documentBuilder.setAttribute("http://javax.xml.XMLConstants/property/accessExternalDTD", "all"); } catch (IllegalArgumentException e) {
public Document loadDocument(Resource resource) throws IOException, ParserConfigurationException, SAXException { InputStream is = null; try { is = resource.getInputStream(); DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setValidating(isValidating()); factory.setNamespaceAware(true); try { factory.setAttribute(SCHEMA_LANGUAGE_ATTRIBUTE, XSD_SCHEMA_LANGUAGE); } catch (IllegalArgumentException ex) { throw new IllegalStateException("Unable to validate using XSD: Your JAXP provider [" + factory + "] does not support XML Schema. " + "Are you running on Java 1.4 or below with Apache Crimson? " + "If so you must upgrade to Apache Xerces (or Java 5 or >) for full XSD support."); } DocumentBuilder docBuilder = factory.newDocumentBuilder(); docBuilder.setErrorHandler(new SimpleSaxErrorHandler(logger)); docBuilder.setEntityResolver(getEntityResolver()); return docBuilder.parse(is); } finally { if (is != null) { is.close(); } } } }
factory.setAttribute(SCHEMA_LANGUAGE_ATTRIBUTE, XSD_SCHEMA_LANGUAGE);
Method setLimit = mgr.getClass().getMethod("setEntityExpansionLimit", Integer.TYPE); setLimit.invoke(mgr, options.getEntityExpansionLimit()); dbf.setAttribute(XMLBeansConstants.SECURITY_MANAGER, mgr); dbf.setAttribute(XMLBeansConstants.ENTITY_EXPANSION_LIMIT, options.getEntityExpansionLimit()); } catch (Throwable e) { if(System.currentTimeMillis() > lastLog + TimeUnit.MINUTES.toMillis(5)) {
factory.setAttribute(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA);
@Override public void setFeature(String name, boolean value) throws ParserConfigurationException { if (PROTECTED_FEATURES.contains(name)) { return; // Permission denied. No Soup For You! } else { dbf.setAttribute(name, value); } }
@Override protected void configureFactory(DocumentBuilderFactory dbf) { dbf.setAttribute(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA); dbf.setAttribute( JAXP_SCHEMA_SOURCE, ReflectUtil.getResource(BPMN_20_SCHEMA_LOCATION, BpmnParser.class.getClassLoader()) .toString()); super.configureFactory(dbf); }