8015630: Remove default restriction settings of jaxp 1.5 properties in JDK8
authorjoehw
Tue, 04 Jun 2013 09:35:12 -0700
changeset 17991 4a8c5120a8d4
parent 17990 af2995fcb150
child 17992 189f7f3d6acf
8015630: Remove default restriction settings of jaxp 1.5 properties in JDK8 Reviewed-by: alanb
jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java
jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java
--- a/jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java	Mon Jun 03 16:09:15 2013 -0700
+++ b/jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java	Tue Jun 04 09:35:12 2013 -0700
@@ -80,59 +80,6 @@
     /**
      * FEATURE_SECURE_PROCESSING (FSP) is false by default
      */
-    public static final String EXTERNAL_ACCESS_DEFAULT = getExternalAccessDefault(false);
-
-    /**
-     * Determine the default value of the external access properties
-     *
-     * jaxp 1.5 does not require implementations to restrict by default
-     *
-     * For JDK8:
-     * The default value is 'file' (including jar:file); The keyword "all" grants permission
-     * to all protocols. When {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is on,
-     * the default value is an empty string indicating no access is allowed.
-     *
-     * For JDK7:
-     * The default value is 'all' granting permission to all protocols. If by default,
-     * {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is true, it should
-     * not change the default value. However, if {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING}
-     * is set explicitly, the values of the properties shall be set to an empty string
-     * indicating no access is allowed.
-     *
-     * @param isSecureProcessing indicating if Secure Processing is set
-     * @return default value
-     */
-    public static String getExternalAccessDefault(boolean isSecureProcessing) {
-        String defaultValue = "all";
-        if (isJDKandAbove(RESTRICT_BY_DEFAULT_JDK_VERSION)) {
-            defaultValue = "file";
-            if (isSecureProcessing) {
-                defaultValue = EXTERNAL_ACCESS_DEFAULT_FSP;
-            }
-        }
-        return defaultValue;
-    }
-
-    /*
-     * Check the version of the current JDK against that specified in the
-     * parameter
-     *
-     * There is a proposal to change the java version string to:
-     * MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
-     * This method would work with both the current format and that proposed
-     *
-     * @param compareTo a JDK version to be compared to
-     * @return true if the current version is the same or above that represented
-     * by the parameter
-     */
-    public static boolean isJDKandAbove(int compareTo) {
-        String javaVersion = SecuritySupport.getSystemProperty("java.version");
-        String versions[] = javaVersion.split("\\.", 3);
-        if (Integer.parseInt(versions[0]) >= compareTo ||
-            Integer.parseInt(versions[1]) >= compareTo) {
-            return true;
-        }
-        return false;
-    }
+    public static final String EXTERNAL_ACCESS_DEFAULT = ACCESS_EXTERNAL_ALL;
 
 } // class Constants
--- a/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java	Mon Jun 03 16:09:15 2013 -0700
+++ b/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java	Tue Jun 04 09:35:12 2013 -0700
@@ -253,7 +253,6 @@
         if (System.getSecurityManager() != null) {
             _isSecureMode = true;
             _isNotSecureProcessing = false;
-            defaultAccess = XalanConstants.getExternalAccessDefault(true);
         }
         _accessExternalStylesheet =  SecuritySupport.getDefaultAccessProperty(
                 XalanConstants.SP_ACCESS_EXTERNAL_STYLESHEET, defaultAccess);
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java	Mon Jun 03 16:09:15 2013 -0700
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java	Tue Jun 04 09:35:12 2013 -0700
@@ -202,7 +202,7 @@
     /**
      * FEATURE_SECURE_PROCESSING (FSP) is true by default
      */
-    public static final String EXTERNAL_ACCESS_DEFAULT = getExternalAccessDefault(true);
+    public static final String EXTERNAL_ACCESS_DEFAULT = ACCESS_EXTERNAL_ALL;
 
     //
     // DOM features
@@ -697,58 +697,6 @@
         ? new ArrayEnumeration(fgXercesProperties) : fgEmptyEnumeration;
     } // getXercesProperties():Enumeration
 
-    /**
-     * Determine the default value of the external access properties
-     *
-     * jaxp 1.5 does not require implementations to restrict by default
-     *
-     * For JDK8:
-     * The default value is 'file' (including jar:file); The keyword "all" grants permission
-     * to all protocols. When {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is on,
-     * the default value is an empty string indicating no access is allowed.
-     *
-     * For JDK7:
-     * The default value is 'all' granting permission to all protocols. If by default,
-     * {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is true, it should
-     * not change the default value. However, if {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING}
-     * is set explicitly, the values of the properties shall be set to an empty string
-     * indicating no access is allowed.
-     *
-     * @param isSecureProcessing indicating if Secure Processing is set
-     * @return default value
-     */
-    public static String getExternalAccessDefault(boolean isSecureProcessing) {
-        String defaultValue = "all";
-        if (isJDKandAbove(RESTRICT_BY_DEFAULT_JDK_VERSION)) {
-            defaultValue = "file";
-            if (isSecureProcessing) {
-                defaultValue = EXTERNAL_ACCESS_DEFAULT_FSP;
-            }
-        }
-        return defaultValue;
-    }
-
-    /*
-     * Check the version of the current JDK against that specified in the
-     * parameter
-     *
-     * There is a proposal to change the java version string to:
-     * MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
-     * This method would work with both the current format and that proposed
-     *
-     * @param compareTo a JDK version to be compared to
-     * @return true if the current version is the same or above that represented
-     * by the parameter
-     */
-    public static boolean isJDKandAbove(int compareTo) {
-        String javaVersion = SecuritySupport.getSystemProperty("java.version");
-        String versions[] = javaVersion.split("\\.", 3);
-        if (Integer.parseInt(versions[0]) >= compareTo ||
-            Integer.parseInt(versions[1]) >= compareTo) {
-            return true;
-        }
-        return false;
-    }
 
     //
     // Classes
--- a/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java	Mon Jun 03 16:09:15 2013 -0700
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java	Tue Jun 04 09:35:12 2013 -0700
@@ -364,10 +364,15 @@
                         SAXMessageFormatter.formatMessage(null,
                         "jaxp-secureprocessing-feature", null));
             }
-            fSecurityManager = value ? new SecurityManager() : null;
+            if (value) {
+                fSecurityManager = new SecurityManager();
+                fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+            } else {
+                fSecurityManager = null;
+            }
+
             fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
-            fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
-            fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
             return;
         } else if (name.equals(Constants.ORACLE_FEATURE_SERVICE_MECHANISM)) {
             //in secure mode, let _useServicesMechanism be determined by the constructor