Mercurial Mercurial > jdk-sandbox / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java
changeset 17534 21dc0b2762da
parent 14864 ede328b35431
child 17991 4a8c5120a8d4 
--- a/jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java	Mon May 06 18:50:16 2013 +0200
+++ b/jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java	Wed May 08 23:38:03 2013 -0700
@@ -25,9 +25,7 @@
 
 package com.sun.org.apache.xalan.internal;
 
-import com.sun.org.apache.xerces.internal.impl.*;
-import java.util.Enumeration;
-import java.util.NoSuchElementException;
+import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
 
 /**
  * Commonly used constants.
@@ -42,19 +40,99 @@
     // Constants
     //
     // Oracle Feature:
-        /**
-         * <p>Use Service Mechanism</p>
-         *
-         * <ul>
-         *   <li>
-         *     <code>true</code> instructs the implementation to use service mechanism to find implementation.
-         *     This is the default behavior.
+    /**
+     * <p>Use Service Mechanism</p>
+     *
+     * <ul>
+     *   <li>
+         * {@code true} instruct an object to use service mechanism to
+         * find a service implementation. This is the default behavior.
          *   </li>
          *   <li>
-         *     <code>false</code> instructs the implementation to skip service mechanism and use the default implementation.
-         *   </li>
-         * </ul>
-         */
+         * {@code false} instruct an object to skip service mechanism and
+         * use the default implementation for that service.
+     *   </li>
+     * </ul>
+    */
+
     public static final String ORACLE_FEATURE_SERVICE_MECHANISM = "http://www.oracle.com/feature/use-service-mechanism";
 
+    /** Oracle JAXP property prefix ("http://www.oracle.com/xml/jaxp/properties/"). */
+    public static final String ORACLE_JAXP_PROPERTY_PREFIX =
+        "http://www.oracle.com/xml/jaxp/properties/";
+
+    //System Properties corresponding to ACCESS_EXTERNAL_* properties
+    public static final String SP_ACCESS_EXTERNAL_STYLESHEET = "javax.xml.accessExternalStylesheet";
+    public static final String SP_ACCESS_EXTERNAL_DTD = "javax.xml.accessExternalDTD";
+
+
+    //all access keyword
+    public static final String ACCESS_EXTERNAL_ALL = "all";
+
+    /**
+     * Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
+     */
+    public static final String EXTERNAL_ACCESS_DEFAULT_FSP = "";
+    /**
+     * JDK version by which the default is to restrict external connection
+     */
+    public static final int RESTRICT_BY_DEFAULT_JDK_VERSION = 8;
+    /**
+     * FEATURE_SECURE_PROCESSING (FSP) is false by default
+     */
+    public static final String EXTERNAL_ACCESS_DEFAULT = getExternalAccessDefault(false);
+
+    /**
+     * Determine the default value of the external access properties
+     *
+     * jaxp 1.5 does not require implementations to restrict by default
+     *
+     * For JDK8:
+     * The default value is 'file' (including jar:file); The keyword "all" grants permission
+     * to all protocols. When {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is on,
+     * the default value is an empty string indicating no access is allowed.
+     *
+     * For JDK7:
+     * The default value is 'all' granting permission to all protocols. If by default,
+     * {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is true, it should
+     * not change the default value. However, if {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING}
+     * is set explicitly, the values of the properties shall be set to an empty string
+     * indicating no access is allowed.
+     *
+     * @param isSecureProcessing indicating if Secure Processing is set
+     * @return default value
+     */
+    public static String getExternalAccessDefault(boolean isSecureProcessing) {
+        String defaultValue = "all";
+        if (isJDKandAbove(RESTRICT_BY_DEFAULT_JDK_VERSION)) {
+            defaultValue = "file";
+            if (isSecureProcessing) {
+                defaultValue = EXTERNAL_ACCESS_DEFAULT_FSP;
+            }
+        }
+        return defaultValue;
+    }
+
+    /*
+     * Check the version of the current JDK against that specified in the
+     * parameter
+     *
+     * There is a proposal to change the java version string to:
+     * MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
+     * This method would work with both the current format and that proposed
+     *
+     * @param compareTo a JDK version to be compared to
+     * @return true if the current version is the same or above that represented
+     * by the parameter
+     */
+    public static boolean isJDKandAbove(int compareTo) {
+        String javaVersion = SecuritySupport.getSystemProperty("java.version");
+        String versions[] = javaVersion.split("\\.", 3);
+        if (Integer.parseInt(versions[0]) >= compareTo ||
+            Integer.parseInt(versions[1]) >= compareTo) {
+            return true;
+        }
+        return false;
+    }
+
 } // class Constants
jdk-sandbox