/hg/release/icedtea7-forest-2.4/jaxp: 9 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Wed Jul 24 13:32:59 PDT 2013
changeset 75bb397c4ae2 in /hg/release/icedtea7-forest-2.4/jaxp
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4/jaxp?cmd=changeset;node=75bb397c4ae2
author: katleman
date: Thu Jun 27 13:58:37 2013 -0700
Added tag jdk7u40-b31 for changeset 5b31380e2e0b
changeset 06851832b1bb in /hg/release/icedtea7-forest-2.4/jaxp
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4/jaxp?cmd=changeset;node=06851832b1bb
author: katleman
date: Wed Jul 03 16:36:34 2013 -0700
Added tag jdk7u40-b32 for changeset 75bb397c4ae2
changeset 5ede168e9229 in /hg/release/icedtea7-forest-2.4/jaxp
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4/jaxp?cmd=changeset;node=5ede168e9229
author: joehw
date: Tue Jul 02 16:39:11 2013 -0700
8016133: Regression: diff. behavior with user-defined SAXParser
Reviewed-by: chegar, dfuchs, alanb
changeset ce771024e07d in /hg/release/icedtea7-forest-2.4/jaxp
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4/jaxp?cmd=changeset;node=ce771024e07d
author: lana
date: Thu Jul 04 10:31:11 2013 -0700
Merge
changeset b6590dd14864 in /hg/release/icedtea7-forest-2.4/jaxp
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4/jaxp?cmd=changeset;node=b6590dd14864
author: katleman
date: Wed Jul 10 13:48:56 2013 -0700
Added tag jdk7u40-b33 for changeset ce771024e07d
changeset 4149e4abea17 in /hg/release/icedtea7-forest-2.4/jaxp
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4/jaxp?cmd=changeset;node=4149e4abea17
author: joehw
date: Wed Jul 10 15:08:19 2013 -0700
8016648: FEATURE_SECURE_PROCESSING set to true or false causes SAXParseException to be thrown
Summary: jaxp 1.5 feature update
Reviewed-by: alanb, dfuchs, lancea
changeset 0a6c9143f0b6 in /hg/release/icedtea7-forest-2.4/jaxp
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4/jaxp?cmd=changeset;node=0a6c9143f0b6
author: joehw
date: Fri Jul 12 15:01:23 2013 -0700
8020430: NullPointerException in xml sqe nightly result on 2013-07-12
Reviewed-by: chegar, lancea
changeset 23ba797b9e78 in /hg/release/icedtea7-forest-2.4/jaxp
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4/jaxp?cmd=changeset;node=23ba797b9e78
author: lana
date: Tue Jul 16 11:03:40 2013 -0700
Merge
changeset 7d8341df70fe in /hg/release/icedtea7-forest-2.4/jaxp
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4/jaxp?cmd=changeset;node=7d8341df70fe
author: andrew
date: Wed Jul 24 21:31:46 2013 +0100
Merge jdk7u40-b34
diffstat:
.hgtags | 13 +
.jcheck/conf | 2 -
src/com/sun/org/apache/xalan/internal/XalanConstants.java | 45 +-
src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java | 16 +-
src/com/sun/org/apache/xalan/internal/utils/XMLSecurityPropertyManager.java | 192 ++++++++++
src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java | 56 +-
src/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java | 25 +-
src/com/sun/org/apache/xerces/internal/impl/Constants.java | 47 +-
src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java | 38 +-
src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java | 29 +-
src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java | 28 +-
src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaLoader.java | 21 +-
src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaValidator.java | 11 +-
src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java | 34 +-
src/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java | 64 ++-
src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java | 43 +-
src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java | 4 +-
src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java | 9 +-
src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java | 49 +-
src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java | 28 +-
src/com/sun/org/apache/xerces/internal/parsers/DOMParser.java | 12 +
src/com/sun/org/apache/xerces/internal/parsers/SAXParser.java | 23 +
src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java | 24 +-
src/com/sun/org/apache/xerces/internal/utils/SecuritySupport.java | 16 +-
src/com/sun/org/apache/xerces/internal/utils/XMLSecurityPropertyManager.java | 190 +++++++++
src/com/sun/org/apache/xerces/internal/xinclude/XIncludeHandler.java | 31 +-
src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java | 14 +-
src/org/xml/sax/helpers/XMLReaderFactory.java | 7 +-
28 files changed, 769 insertions(+), 302 deletions(-)
diffs (truncated from 2059 to 500 lines):
diff -r 5b31380e2e0b -r 7d8341df70fe .hgtags
--- a/.hgtags Fri Jun 21 19:01:06 2013 -0700
+++ b/.hgtags Wed Jul 24 21:31:46 2013 +0100
@@ -50,6 +50,7 @@
feb05980f9f2964e6bc2b3a8532f9b3054c2289b jdk7-b73
ea7b88c676dd8b269bc858a4a17c14dc96c8aed1 jdk7-b74
555fb78ee4cebed082ca7ddabff46d2e5b4c9026 jdk7-b75
+fb68fd18eb9f9d94bd7f307097b98a5883018da8 icedtea7-1.12
233a4871d3364ec305efd4a58cfd676620a03a90 jdk7-b76
bfadab8c7b1bf806a49d3e1bc19ec919717f057a jdk7-b77
7a12d3789e1b07a560fc79568b991818d617ede2 jdk7-b78
@@ -63,6 +64,7 @@
81c0f115bbe5d3bcf59864465b5eca5538567c79 jdk7-b86
8b493f1aa136d86de0885fcba15262c4fa2b1412 jdk7-b87
d8ebd15910034f2ba50b2f129f959f86cca01419 jdk7-b88
+826bafcb6c4abbf24887bfc5a78868e13cddd068 icedtea7-1.13
d2818fd2b036f3b3154a9a7de41afcf4ac679c1b jdk7-b89
c5d932ee326d6f7fd4634b11c7185ea82d184df2 jdk7-b90
b89b2c3044a298d542f84a2e9d957202b7d8cdb9 jdk7-b91
@@ -111,6 +113,7 @@
d56b326ae0544fc16c3e0d0285876f3c82054db2 jdk7-b134
4aa9916693dc1078580c1865e6f2584046851e5a jdk7-b135
1759daa85d33800bd578853f9531f9de73f70fc7 jdk7-b136
+1c2f25bf36b1d43920e94fb82a0afdafd29b1735 icedtea-1.14
1d87f7460cde7f8f30af668490f82b52b879bfd8 jdk7-b137
be3758943770a0a3dd4be6a1cb4063507c4d7062 jdk7-b138
28c7c0ed2444607829ba11ad827f8d52197a2830 jdk7-b139
@@ -123,6 +126,7 @@
bcd31fa1e3c6f51b4fdd427ef905188cdac57164 jdk7-b146
067fb18071e3872698f6218724958bd0cebf30a3 jdk7u1-b01
fc268cd1dd5d2e903ccd4b0275e1f9c2461ed30c jdk7-b147
+b8d01501956a0d41f5587ff1bebbfe5a9b8fea5a icedtea-2.0-branchpoint
104ca42e1e7ca66b074a4619ce6420f15d8f454d jdk7u1-b02
64e323faadf65018c1ffc8bb9c97f7b664e87347 jdk7u1-b03
2256c20e66857f80cacda14ffdbc0979c929d7f8 jdk7u1-b04
@@ -141,6 +145,7 @@
0e61ef309edd2deb71f53f2bdaf6dcff1c80bfb8 jdk7u2-b12
d9ac427e5149d1db12c6f3e4aa4280587c06aed5 jdk7u2-b13
0efaf5c97fba2ee7864240efaa0df651a2635ae5 jdk7u2-b21
+7300d2ab9fb2068250a96ca4afc481c4beb6a42b icedtea-2.1-branchpoint
0efaf5c97fba2ee7864240efaa0df651a2635ae5 jdk7u3-b02
604dd391203960d0028fc95bc70b0ae161e09d99 jdk7u3-b03
551c076358f6691999f613db9b155c83ec9a648d jdk7u3-b04
@@ -157,6 +162,7 @@
7a37651d304de62b18b343b3ae675ab1b08fc5fe jdk7u4-b10
3fbd87d50fbf4de3987e36ec5f3e8ce1c383ce3d jdk7u4-b11
b4e5df5b18bb75db15ed97da02e5df086d2c7930 jdk7u4-b12
+c51876b27811ba0f6ea3409ba19d357b7400908a icedtea-2.2-branchpoint
7d18bccaec3781f3d4f2d71879f91e257db2f0f7 jdk7u4-b13
82c5b3166b3194e7348b2a9d146b6760c9a77128 jdk7u4-b14
36490d49683f7be9d8fbbe1f8eefa1fe9fe550fa jdk7u5-b01
@@ -191,6 +197,7 @@
94474d6f28284a1ef492984dd6d6f66f8787de80 jdk7u6-b15
0b329a8d325b6a58d89c6042dac62ce5852380ab jdk7u6-b16
5eb867cdd08ca299fe03b31760acd57aac2b5673 jdk7u6-b17
+445dd0b578fc2ed12c539eb6f9a71cbd40bed4f6 icedtea-2.3-branchpoint
1c4b9671de5c7ed5713f55509cb2ada38b36dffe jdk7u6-b18
3ba4c395d2cf973c8c603b2aedc846bd4ae54656 jdk7u6-b19
4f7b77cc3b252098f52a8f30a74f603783a2e0f1 jdk7u6-b20
@@ -258,6 +265,7 @@
1b914599a6d5560e743b9fecd390924ed0bf7d15 jdk7u12-b07
427a603569db59f61721e709fcb8a73390d468ae jdk7u12-b08
366ebbf581df0134d9039b649abc315e87f23772 jdk7u12-b09
+14adb683be4ebc49ee729f0253d012795a4a2ae4 icedtea-2.4-branchpoint
23191c790e12841f81ac1cf956e7dbc0b45914ee jdk7u14-b10
825eda7553590ce19eb4fa0686c4405d97daafdb jdk7u14-b11
560e5cf5b57fc91e2bc6dd1809badd58c6eb25bd jdk7u14-b12
@@ -314,6 +322,7 @@
331e489ecb7b19fa98c60324f7ce5d168284a8c8 jdk7u14-b19
c3c9f04cf10c2fe576b208f6a8ca3777b1d31145 jdk7u14-b19
5e1fee011646b4a3ff29b7b9cdc208e0a0577cb4 jdk7u14-b20
+7f04ed6cb0c382a16c2ffaad05c6122482e03b2e icedtea-2.4.0
d1c8bb1cbc9183fc994b5fedf26886ceda0d59f9 jdk7u14-b21
d1c6afebdfe28eb07eb2d03a6911a0f33b619165 jdk7u14-b22
0e4c549d3635122145ac88bad7b98716976ca49e jdk7u40-b23
@@ -324,3 +333,7 @@
9186b6efd2b2eafa7fee5be1b043f59f25db12a6 jdk7u40-b28
740942c76fb668a04bf89feccf069f6958651d54 jdk7u40-b29
09b080236bc1a1a68f8b411196cbfa52475c0755 jdk7u40-b30
+5be6b670d08bb0464e0e259ef77fca6adba24b05 icedtea-2.4.1
+5b31380e2e0b6f8386dcf0ca122461154f2d2704 jdk7u40-b31
+75bb397c4ae26c384e1fcb75bbf4b70479f2c5f7 jdk7u40-b32
+ce771024e07d2bb6521735a14ce68745a2376bd8 jdk7u40-b33
diff -r 5b31380e2e0b -r 7d8341df70fe .jcheck/conf
--- a/.jcheck/conf Fri Jun 21 19:01:06 2013 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,2 +0,0 @@
-project=jdk7
-bugids=dup
diff -r 5b31380e2e0b -r 7d8341df70fe src/com/sun/org/apache/xalan/internal/XalanConstants.java
--- a/src/com/sun/org/apache/xalan/internal/XalanConstants.java Fri Jun 21 19:01:06 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/XalanConstants.java Wed Jul 24 21:31:46 2013 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -73,45 +73,19 @@
* Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
*/
public static final String EXTERNAL_ACCESS_DEFAULT_FSP = "";
- /**
- * JDK version by which the default is to restrict external connection
- */
- public static final int RESTRICT_BY_DEFAULT_JDK_VERSION = 8;
+
/**
* FEATURE_SECURE_PROCESSING (FSP) is false by default
*/
- public static final String EXTERNAL_ACCESS_DEFAULT = getExternalAccessDefault(false);
+ public static final String EXTERNAL_ACCESS_DEFAULT = ACCESS_EXTERNAL_ALL;
+
+ public static final String XML_SECURITY_PROPERTY_MANAGER =
+ ORACLE_JAXP_PROPERTY_PREFIX + "xmlSecurityPropertyManager";
/**
- * Determine the default value of the external access properties
- *
- * jaxp 1.5 does not require implementations to restrict by default
- *
- * For JDK8:
- * The default value is 'file' (including jar:file); The keyword "all" grants permission
- * to all protocols. When {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is on,
- * the default value is an empty string indicating no access is allowed.
- *
- * For JDK7:
- * The default value is 'all' granting permission to all protocols. If by default,
- * {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is true, it should
- * not change the default value. However, if {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING}
- * is set explicitly, the values of the properties shall be set to an empty string
- * indicating no access is allowed.
- *
- * @param isSecureProcessing indicating if Secure Processing is set
- * @return default value
+ * Check if we're in jdk8 or above
*/
- public static String getExternalAccessDefault(boolean isSecureProcessing) {
- String defaultValue = "all";
- if (isJDKandAbove(RESTRICT_BY_DEFAULT_JDK_VERSION)) {
- defaultValue = "file";
- if (isSecureProcessing) {
- defaultValue = EXTERNAL_ACCESS_DEFAULT_FSP;
- }
- }
- return defaultValue;
- }
+ public static final boolean IS_JDK8_OR_ABOVE = isJavaVersionAtLeast(8);
/*
* Check the version of the current JDK against that specified in the
@@ -125,7 +99,7 @@
* @return true if the current version is the same or above that represented
* by the parameter
*/
- public static boolean isJDKandAbove(int compareTo) {
+ public static boolean isJavaVersionAtLeast(int compareTo) {
String javaVersion = SecuritySupport.getSystemProperty("java.version");
String versions[] = javaVersion.split("\\.", 3);
if (Integer.parseInt(versions[0]) >= compareTo ||
@@ -134,5 +108,4 @@
}
return false;
}
-
} // class Constants
diff -r 5b31380e2e0b -r 7d8341df70fe src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java
--- a/src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java Fri Jun 21 19:01:06 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java Wed Jul 24 21:31:46 2013 +0100
@@ -229,7 +229,8 @@
* @return the name of the protocol if rejected, null otherwise
*/
public static String checkAccess(String systemId, String allowedProtocols, String accessAny) throws IOException {
- if (systemId == null || allowedProtocols.equalsIgnoreCase(accessAny)) {
+ if (systemId == null || (allowedProtocols != null &&
+ allowedProtocols.equalsIgnoreCase(accessAny))) {
return null;
}
@@ -262,6 +263,9 @@
* @return true if the protocol is in the list
*/
private static boolean isProtocolAllowed(String protocol, String allowedProtocols) {
+ if (allowedProtocols == null) {
+ return false;
+ }
String temp[] = allowedProtocols.split(",");
for (String t : temp) {
t = t.trim();
@@ -273,18 +277,16 @@
}
/**
- * Read from $java.home/lib/jaxp.properties for the specified property
+ * Read JAXP system property in this order: system property,
+ * $java.home/lib/jaxp.properties if the system property is not specified
*
* @param propertyId the Id of the property
* @return the value of the property
*/
- public static String getDefaultAccessProperty(String sysPropertyId, String defaultVal) {
- String accessExternal = SecuritySupport.getSystemProperty(sysPropertyId);
+ public static String getJAXPSystemProperty(String sysPropertyId) {
+ String accessExternal = getSystemProperty(sysPropertyId);
if (accessExternal == null) {
accessExternal = readJAXPProperty(sysPropertyId);
- if (accessExternal == null) {
- accessExternal = defaultVal;
- }
}
return accessExternal;
}
diff -r 5b31380e2e0b -r 7d8341df70fe src/com/sun/org/apache/xalan/internal/utils/XMLSecurityPropertyManager.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityPropertyManager.java Wed Jul 24 21:31:46 2013 +0100
@@ -0,0 +1,192 @@
+/*
+ * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.org.apache.xalan.internal.utils;
+
+
+import com.sun.org.apache.xalan.internal.XalanConstants;
+import javax.xml.XMLConstants;
+
+/**
+ * This class manages security related properties
+ *
+ */
+public final class XMLSecurityPropertyManager {
+
+ /**
+ * States of the settings of a property, in the order: default value, value
+ * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system
+ * properties, and jaxp api properties
+ */
+ public static enum State {
+ //this order reflects the overriding order
+ DEFAULT, FSP, JAXPDOTPROPERTIES, SYSTEMPROPERTY, APIPROPERTY
+ }
+
+ /**
+ * Limits managed by the security manager
+ */
+ public static enum Property {
+ ACCESS_EXTERNAL_DTD(XMLConstants.ACCESS_EXTERNAL_DTD,
+ XalanConstants.EXTERNAL_ACCESS_DEFAULT),
+ ACCESS_EXTERNAL_STYLESHEET(XMLConstants.ACCESS_EXTERNAL_STYLESHEET,
+ XalanConstants.EXTERNAL_ACCESS_DEFAULT);
+
+ final String name;
+ final String defaultValue;
+
+ Property(String name, String value) {
+ this.name = name;
+ this.defaultValue = value;
+ }
+
+ public boolean equalsName(String propertyName) {
+ return (propertyName == null) ? false : name.equals(propertyName);
+ }
+
+ String defaultValue() {
+ return defaultValue;
+ }
+ }
+
+
+ /**
+ * Values of the properties as defined in enum Properties
+ */
+ private final String[] values;
+ /**
+ * States of the settings for each property in Properties above
+ */
+ private State[] states = {State.DEFAULT, State.DEFAULT};
+
+ /**
+ * Default constructor. Establishes default values
+ */
+ public XMLSecurityPropertyManager() {
+ values = new String[Property.values().length];
+ for (Property property : Property.values()) {
+ values[property.ordinal()] = property.defaultValue();
+ }
+ //read system properties or jaxp.properties
+ readSystemProperties();
+ }
+
+ /**
+ * Set the value for a specific property.
+ *
+ * @param property the property
+ * @param state the state of the property
+ * @param value the value of the property
+ */
+ public void setValue(Property property, State state, String value) {
+ //only update if it shall override
+ if (state.compareTo(states[property.ordinal()]) >= 0) {
+ values[property.ordinal()] = value;
+ states[property.ordinal()] = state;
+ }
+ }
+
+ /**
+ * Set the value of a property by its index
+ * @param index the index of the property
+ * @param state the state of the property
+ * @param value the value of the property
+ */
+ public void setValue(int index, State state, String value) {
+ //only update if it shall override
+ if (state.compareTo(states[index]) >= 0) {
+ values[index] = value;
+ states[index] = state;
+ }
+ }
+ /**
+ * Return the value of the specified property
+ *
+ * @param property the property
+ * @return the value of the property
+ */
+ public String getValue(Property property) {
+ return values[property.ordinal()];
+ }
+
+ /**
+ * Return the value of a property by its ordinal
+ * @param index the index of a property
+ * @return value of a property
+ */
+ public String getValueByIndex(int index) {
+ return values[index];
+ }
+
+ /**
+ * Get the index by property name
+ * @param propertyName property name
+ * @return the index of the property if found; return -1 if not
+ */
+ public int getIndex(String propertyName){
+ for (Property property : Property.values()) {
+ if (property.equalsName(propertyName)) {
+ //internally, ordinal is used as index
+ return property.ordinal();
+ }
+ }
+ return -1;
+ }
+
+ /**
+ * Read from system properties, or those in jaxp.properties
+ */
+ private void readSystemProperties() {
+ getSystemProperty(Property.ACCESS_EXTERNAL_DTD,
+ XalanConstants.SP_ACCESS_EXTERNAL_DTD);
+ getSystemProperty(Property.ACCESS_EXTERNAL_STYLESHEET,
+ XalanConstants.SP_ACCESS_EXTERNAL_STYLESHEET);
+ }
+
+ /**
+ * Read from system properties, or those in jaxp.properties
+ *
+ * @param property the property
+ * @param systemProperty the name of the system property
+ */
+ private void getSystemProperty(Property property, String systemProperty) {
+ try {
+ String value = SecuritySupport.getSystemProperty(systemProperty);
+ if (value != null) {
+ values[property.ordinal()] = value;
+ states[property.ordinal()] = State.SYSTEMPROPERTY;
+ return;
+ }
+
+ value = SecuritySupport.readJAXPProperty(systemProperty);
+ if (value != null) {
+ values[property.ordinal()] = value;
+ states[property.ordinal()] = State.JAXPDOTPROPERTIES;
+ }
+ } catch (NumberFormatException e) {
+ //invalid setting ignored
+ }
+ }
+}
diff -r 5b31380e2e0b -r 7d8341df70fe src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java
--- a/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java Fri Jun 21 19:01:06 2013 -0700
+++ b/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java Wed Jul 24 21:31:46 2013 +0100
@@ -74,6 +74,9 @@
import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
+import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager;
+import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.Property;
+import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.State;
import org.xml.sax.InputSource;
import org.xml.sax.XMLFilter;
@@ -228,11 +231,13 @@
* protocols allowed for external references set by the stylesheet processing instruction, Import and Include element.
*/
private String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
+
/**
* protocols allowed for external DTD references in source file and/or stylesheet.
*/
private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
+ private XMLSecurityPropertyManager _xmlSecurityPropertyMgr;
/**
* javax.xml.transform.sax.TransformerFactory implementation.
@@ -249,16 +254,16 @@
this.m_DTMManagerClass = XSLTCDTMManager.getDTMManagerClass(useServicesMechanism);
this._useServicesMechanism = useServicesMechanism;
- String defaultAccess = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
if (System.getSecurityManager() != null) {
_isSecureMode = true;
_isNotSecureProcessing = false;
- defaultAccess = XalanConstants.getExternalAccessDefault(true);
}
- _accessExternalStylesheet = SecuritySupport.getDefaultAccessProperty(
- XalanConstants.SP_ACCESS_EXTERNAL_STYLESHEET, defaultAccess);
- _accessExternalDTD = SecuritySupport.getDefaultAccessProperty(
- XalanConstants.SP_ACCESS_EXTERNAL_DTD, defaultAccess);
+
+ _xmlSecurityPropertyMgr = new XMLSecurityPropertyManager();
+ _accessExternalDTD = _xmlSecurityPropertyMgr.getValue(
+ Property.ACCESS_EXTERNAL_DTD);
+ _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue(
+ Property.ACCESS_EXTERNAL_STYLESHEET);
}
/**
@@ -318,11 +323,10 @@
else
return Boolean.FALSE;
}
- else if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
- return _accessExternalStylesheet;
- }
- else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
- return _accessExternalDTD;
+
+ int index = _xmlSecurityPropertyMgr.getIndex(name);
+ if (index > -1) {
+ return _xmlSecurityPropertyMgr.getValueByIndex(index);
}
// Throw an exception for all other attributes
@@ -424,12 +428,15 @@
return;
}
}
- else if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
- _accessExternalStylesheet = (String)value;
- return;
- }
- else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
- _accessExternalDTD = (String)value;
+
+ int index = _xmlSecurityPropertyMgr.getIndex(name);
+ if (index > -1) {
+ _xmlSecurityPropertyMgr.setValue(index,
+ State.APIPROPERTY, (String)value);
+ _accessExternalDTD = _xmlSecurityPropertyMgr.getValue(
+ Property.ACCESS_EXTERNAL_DTD);
+ _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue(
+ Property.ACCESS_EXTERNAL_STYLESHEET);
return;
}
@@ -476,11 +483,18 @@
}
_isNotSecureProcessing = !value;
More information about the distro-pkg-dev
mailing list