--- a/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java Wed Jul 05 19:03:14 2017 +0200
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java Tue Jul 09 16:34:52 2013 -0700
@@ -36,6 +36,7 @@
import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
import com.sun.org.apache.xerces.internal.util.SecurityManager;
import com.sun.org.apache.xerces.internal.util.Status;
+import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent;
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
@@ -92,11 +93,9 @@
private static final String SECURITY_MANAGER =
Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
- /** property identifier: access external dtd. */
- public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
-
- /** Property identifier: access to external schema */
- public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+ /** Property identifier: Security property manager. */
+ private static final String XML_SECURITY_PROPERTY_MANAGER =
+ Constants.XML_SECURITY_PROPERTY_MANAGER;
private final JAXPSAXParser xmlReader;
private String schemaLanguage = null; // null means DTD
@@ -113,6 +112,8 @@
/** Initial EntityResolver */
private final EntityResolver fInitEntityResolver;
+ private XMLSecurityPropertyManager fSecurityPropertyMgr;
+
/**
* Create a SAX parser with the associated features
* @param features Hashtable of SAX features, may be null
@@ -149,6 +150,9 @@
xmlReader.setFeature0(XINCLUDE_FEATURE, true);
}
+ fSecurityPropertyMgr = new XMLSecurityPropertyManager();
+ xmlReader.setProperty0(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
+
// If the secure processing feature is on set a security manager.
if (secureProcessing) {
xmlReader.setProperty0(SECURITY_MANAGER, new SecurityManager());
@@ -162,9 +166,12 @@
Object temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING);
if (temp != null) {
boolean value = ((Boolean) temp).booleanValue();
- if (value) {
- xmlReader.setProperty0(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
- xmlReader.setProperty0(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+ if (value && Constants.IS_JDK8_OR_ABOVE) {
+ fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD,
+ XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+ fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA,
+ XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+
}
}
}
@@ -530,14 +537,21 @@
return;
}
}
- if (!fInitProperties.containsKey(name)) {
- fInitProperties.put(name, super.getProperty(name));
- }
/** Forward property to the schema validator if there is one. **/
if (fSAXParser != null && fSAXParser.fSchemaValidator != null) {
setSchemaValidatorProperty(name, value);
}
- super.setProperty(name, value);
+ /** Check to see if the property is managed by the property manager **/
+ int index = fSAXParser.fSecurityPropertyMgr.getIndex(name);
+ if (index > -1) {
+ fSAXParser.fSecurityPropertyMgr.setValue(index,
+ XMLSecurityPropertyManager.State.APIPROPERTY, (String)value);
+ } else {
+ if (!fInitProperties.containsKey(name)) {
+ fInitProperties.put(name, super.getProperty(name));
+ }
+ super.setProperty(name, value);
+ }
}
public synchronized Object getProperty(String name)
@@ -550,6 +564,11 @@
// JAXP 1.2 support
return fSAXParser.schemaLanguage;
}
+ int index = fSAXParser.fSecurityPropertyMgr.getIndex(name);
+ if (index > -1) {
+ return fSAXParser.fSecurityPropertyMgr.getValueByIndex(index);
+ }
+
return super.getProperty(name);
}