8015630: Remove default restriction settings of jaxp 1.5 properties in JDK8

Reviewed-by: alanb
2013-06-04 09:35:12 -07:00 · 2013-06-04 09:35:12 -07:00 · 53ba53a941
commit 53ba53a941
parent ea244da844
4 changed files with 10 additions and 111 deletions
--- a/jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java
+++ b/jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java
@ -80,59 +80,6 @@ public final class XalanConstants {
    /**
     * FEATURE_SECURE_PROCESSING (FSP) is false by default
     */
-    public static final String EXTERNAL_ACCESS_DEFAULT = getExternalAccessDefault(false);
-
-    /**
-     * Determine the default value of the external access properties
-     *
-     * jaxp 1.5 does not require implementations to restrict by default
-     *
-     * For JDK8:
-     * The default value is 'file' (including jar:file); The keyword "all" grants permission
-     * to all protocols. When {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is on,
-     * the default value is an empty string indicating no access is allowed.
-     *
-     * For JDK7:
-     * The default value is 'all' granting permission to all protocols. If by default,
-     * {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is true, it should
-     * not change the default value. However, if {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING}
-     * is set explicitly, the values of the properties shall be set to an empty string
-     * indicating no access is allowed.
-     *
-     * @param isSecureProcessing indicating if Secure Processing is set
-     * @return default value
-     */
-    public static String getExternalAccessDefault(boolean isSecureProcessing) {
-        String defaultValue = "all";
-        if (isJDKandAbove(RESTRICT_BY_DEFAULT_JDK_VERSION)) {
-            defaultValue = "file";
-            if (isSecureProcessing) {
-                defaultValue = EXTERNAL_ACCESS_DEFAULT_FSP;
-            }
-        }
-        return defaultValue;
-    }
-
-    /*
-     * Check the version of the current JDK against that specified in the
-     * parameter
-     *
-     * There is a proposal to change the java version string to:
-     * MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
-     * This method would work with both the current format and that proposed
-     *
-     * @param compareTo a JDK version to be compared to
-     * @return true if the current version is the same or above that represented
-     * by the parameter
-     */
-    public static boolean isJDKandAbove(int compareTo) {
-        String javaVersion = SecuritySupport.getSystemProperty("java.version");
-        String versions[] = javaVersion.split("\\.", 3);
-        if (Integer.parseInt(versions[0]) >= compareTo ||
-            Integer.parseInt(versions[1]) >= compareTo) {
-            return true;
-        }
-        return false;
-    }
+    public static final String EXTERNAL_ACCESS_DEFAULT = ACCESS_EXTERNAL_ALL;

 } // class Constants
--- a/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java
+++ b/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java
@ -253,7 +253,6 @@ public class TransformerFactoryImpl
        if (System.getSecurityManager() != null) {
            _isSecureMode = true;
            _isNotSecureProcessing = false;
-            defaultAccess = XalanConstants.getExternalAccessDefault(true);
        }
        _accessExternalStylesheet =  SecuritySupport.getDefaultAccessProperty(
                XalanConstants.SP_ACCESS_EXTERNAL_STYLESHEET, defaultAccess);
--- a/jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java
@ -202,7 +202,7 @@ public final class Constants {
    /**
     * FEATURE_SECURE_PROCESSING (FSP) is true by default
     */
-    public static final String EXTERNAL_ACCESS_DEFAULT = getExternalAccessDefault(true);
+    public static final String EXTERNAL_ACCESS_DEFAULT = ACCESS_EXTERNAL_ALL;

    //
    // DOM features
@ -697,58 +697,6 @@ public final class Constants {
        ? new ArrayEnumeration(fgXercesProperties) : fgEmptyEnumeration;
    } // getXercesProperties():Enumeration

-    /**
-     * Determine the default value of the external access properties
-     *
-     * jaxp 1.5 does not require implementations to restrict by default
-     *
-     * For JDK8:
-     * The default value is 'file' (including jar:file); The keyword "all" grants permission
-     * to all protocols. When {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is on,
-     * the default value is an empty string indicating no access is allowed.
-     *
-     * For JDK7:
-     * The default value is 'all' granting permission to all protocols. If by default,
-     * {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is true, it should
-     * not change the default value. However, if {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING}
-     * is set explicitly, the values of the properties shall be set to an empty string
-     * indicating no access is allowed.
-     *
-     * @param isSecureProcessing indicating if Secure Processing is set
-     * @return default value
-     */
-    public static String getExternalAccessDefault(boolean isSecureProcessing) {
-        String defaultValue = "all";
-        if (isJDKandAbove(RESTRICT_BY_DEFAULT_JDK_VERSION)) {
-            defaultValue = "file";
-            if (isSecureProcessing) {
-                defaultValue = EXTERNAL_ACCESS_DEFAULT_FSP;
-            }
-        }
-        return defaultValue;
-    }
-
-    /*
-     * Check the version of the current JDK against that specified in the
-     * parameter
-     *
-     * There is a proposal to change the java version string to:
-     * MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
-     * This method would work with both the current format and that proposed
-     *
-     * @param compareTo a JDK version to be compared to
-     * @return true if the current version is the same or above that represented
-     * by the parameter
-     */
-    public static boolean isJDKandAbove(int compareTo) {
-        String javaVersion = SecuritySupport.getSystemProperty("java.version");
-        String versions[] = javaVersion.split("\\.", 3);
-        if (Integer.parseInt(versions[0]) >= compareTo ||
-            Integer.parseInt(versions[1]) >= compareTo) {
-            return true;
-        }
-        return false;
-    }

    //
    // Classes
--- a/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java
@ -364,10 +364,15 @@ public final class XMLSchemaFactory extends SchemaFactory {
                        SAXMessageFormatter.formatMessage(null,
                        "jaxp-secureprocessing-feature", null));
            }
-            fSecurityManager = value ? new SecurityManager() : null;
+            if (value) {
+                fSecurityManager = new SecurityManager();
+                fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+                fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
+            } else {
+                fSecurityManager = null;
+            }
+
            fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
-            fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
-            fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
            return;
        } else if (name.equals(Constants.ORACLE_FEATURE_SERVICE_MECHANISM)) {
            //in secure mode, let _useServicesMechanism be determined by the constructor