jaxws/src/jdk.xml.ws/share/classes/com/sun/tools/internal/ws/wsdl/parser/DOMForest.java
--- a/jaxws/src/jdk.xml.ws/share/classes/com/sun/tools/internal/ws/wsdl/parser/DOMForest.java Thu Jun 22 18:42:46 2017 +0000
+++ b/jaxws/src/jdk.xml.ws/share/classes/com/sun/tools/internal/ws/wsdl/parser/DOMForest.java Sat Jun 24 22:10:40 2017 +0100
@@ -112,29 +112,13 @@
this.entityResolver = entityResolver;
this.errorReceiver = errReceiver;
this.logic = logic;
- try {
- // secure xml processing can be switched off if input requires it
- boolean secureProcessingEnabled = options == null || !options.disableXmlSecurity;
- DocumentBuilderFactory dbf = XmlUtil.newDocumentBuilderFactory(!secureProcessingEnabled);
- dbf.setNamespaceAware(true);
- this.documentBuilder = dbf.newDocumentBuilder();
-
- this.parserFactory = XmlUtil.newSAXParserFactory(secureProcessingEnabled);
- this.parserFactory.setNamespaceAware(true);
+ // secure xml processing can be switched off if input requires it
+ boolean disableXmlSecurity = options == null ? false : options.disableXmlSecurity;
- if(secureProcessingEnabled){
- dbf.setExpandEntityReferences(false);
- try {
- parserFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
- parserFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
- parserFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
- } catch (SAXNotRecognizedException e){
- throw new ParserConfigurationException(e.getMessage());
- } catch (SAXNotSupportedException e) {
- throw new ParserConfigurationException(e.getMessage());
- }
- }
-
+ DocumentBuilderFactory dbf = XmlUtil.newDocumentBuilderFactory(disableXmlSecurity);
+ this.parserFactory = XmlUtil.newSAXParserFactory(disableXmlSecurity);
+ try {
+ this.documentBuilder = dbf.newDocumentBuilder();
} catch (ParserConfigurationException e) {
throw new AssertionError(e);
}