stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8011653: Upgrade JDK8 to JAXP 1.5

Browse Source 
Reviewed-by: alanb, dfuchs
This commit is contained in:
Joe Wang 2013-05-08 23:38:03 -07:00
parent c76e4b0e46
commit f0330c4199
93 changed files with 1767 additions and 225 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java
View File

@ -25,9 +25,7 @@
package com.sun.org.apache.xalan.internal;
import com.sun.org.apache.xerces.internal.impl.*;
import java.util.Enumeration;
import java.util.NoSuchElementException;
import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
/**
* Commonly used constants.
@ -42,19 +40,99 @@ public final class XalanConstants {
// Constants
//
// Oracle Feature:
/**
* <p>Use Service Mechanism</p>
*
* <ul>
* <li>
* <code>true</code> instructs the implementation to use service mechanism to find implementation.
* This is the default behavior.
/**
* <p>Use Service Mechanism</p>
*
* <ul>
* <li>
* {@code true} instruct an object to use service mechanism to
* find a service implementation. This is the default behavior.
* </li>
* <li>
* <code>false</code> instructs the implementation to skip service mechanism and use the default implementation.
* </li>
* </ul>
*/
* {@code false} instruct an object to skip service mechanism and
* use the default implementation for that service.
* </li>
* </ul>
*/
public static final String ORACLE_FEATURE_SERVICE_MECHANISM = "http://www.oracle.com/feature/use-service-mechanism";
/** Oracle JAXP property prefix ("http://www.oracle.com/xml/jaxp/properties/"). */
public static final String ORACLE_JAXP_PROPERTY_PREFIX =
"http://www.oracle.com/xml/jaxp/properties/";
//System Properties corresponding to ACCESS_EXTERNAL_* properties
public static final String SP_ACCESS_EXTERNAL_STYLESHEET = "javax.xml.accessExternalStylesheet";
public static final String SP_ACCESS_EXTERNAL_DTD = "javax.xml.accessExternalDTD";
//all access keyword
public static final String ACCESS_EXTERNAL_ALL = "all";
/**
* Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
*/
public static final String EXTERNAL_ACCESS_DEFAULT_FSP = "";
/**
* JDK version by which the default is to restrict external connection
*/
public static final int RESTRICT_BY_DEFAULT_JDK_VERSION = 8;
/**
* FEATURE_SECURE_PROCESSING (FSP) is false by default
*/
public static final String EXTERNAL_ACCESS_DEFAULT = getExternalAccessDefault(false);
/**
* Determine the default value of the external access properties
*
* jaxp 1.5 does not require implementations to restrict by default
*
* For JDK8:
* The default value is 'file' (including jar:file); The keyword "all" grants permission
* to all protocols. When {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is on,
* the default value is an empty string indicating no access is allowed.
*
* For JDK7:
* The default value is 'all' granting permission to all protocols. If by default,
* {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is true, it should
* not change the default value. However, if {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING}
* is set explicitly, the values of the properties shall be set to an empty string
* indicating no access is allowed.
*
* @param isSecureProcessing indicating if Secure Processing is set
* @return default value
*/
public static String getExternalAccessDefault(boolean isSecureProcessing) {
String defaultValue = "all";
if (isJDKandAbove(RESTRICT_BY_DEFAULT_JDK_VERSION)) {
defaultValue = "file";
if (isSecureProcessing) {
defaultValue = EXTERNAL_ACCESS_DEFAULT_FSP;
}
}
return defaultValue;
}
/*
* Check the version of the current JDK against that specified in the
* parameter
*
* There is a proposal to change the java version string to:
* MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
* This method would work with both the current format and that proposed
*
* @param compareTo a JDK version to be compared to
* @return true if the current version is the same or above that represented
* by the parameter
*/
public static boolean isJDKandAbove(int compareTo) {
String javaVersion = SecuritySupport.getSystemProperty("java.version");
String versions[] = javaVersion.split("\\.", 3);
if (Integer.parseInt(versions[0]) >= compareTo ||
Integer.parseInt(versions[1]) >= compareTo) {
return true;
}
return false;
}
} // class Constants

141
jaxp/src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java
View File

@ -26,7 +26,9 @@ package com.sun.org.apache.xalan.internal.utils;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
@ -36,6 +38,7 @@ import java.util.ListResourceBundle;
import java.util.Locale;
import java.util.MissingResourceException;
import java.util.ResourceBundle;
import java.util.Properties;
/**
* This class is duplicated for each subpackage so keep it in sync. It is
@ -200,7 +203,141 @@ public final class SecuritySupport {
})).longValue();
}
private SecuritySupport() {
/**
* Strip off path from an URI
*
* @param uri an URI with full path
* @return the file name only
*/
public static String sanitizePath(String uri) {
if (uri == null) {
return "";
}
int i = uri.lastIndexOf("/");
if (i > 0) {
return uri.substring(i+1, uri.length());
}
return "";
}
/**
* Check the protocol used in the systemId against allowed protocols
*
* @param systemId the Id of the URI
* @param allowedProtocols a list of allowed protocols separated by comma
* @param accessAny keyword to indicate allowing any protocol
* @return the name of the protocol if rejected, null otherwise
*/
public static String checkAccess(String systemId, String allowedProtocols, String accessAny) throws IOException {
if (systemId == null || allowedProtocols.equalsIgnoreCase(accessAny)) {
return null;
}
String protocol;
if (systemId.indexOf(":")==-1) {
protocol = "file";
} else {
URL url = new URL(systemId);
protocol = url.getProtocol();
if (protocol.equalsIgnoreCase("jar")) {
String path = url.getPath();
protocol = path.substring(0, path.indexOf(":"));
}
}
if (isProtocolAllowed(protocol, allowedProtocols)) {
//access allowed
return null;
} else {
return protocol;
}
}
/**
* Check if the protocol is in the allowed list of protocols. The check
* is case-insensitive while ignoring whitespaces.
*
* @param protocol a protocol
* @param allowedProtocols a list of allowed protocols
* @return true if the protocol is in the list
*/
private static boolean isProtocolAllowed(String protocol, String allowedProtocols) {
String temp[] = allowedProtocols.split(",");
for (String t : temp) {
t = t.trim();
if (t.equalsIgnoreCase(protocol)) {
return true;
}
}
return false;
}
/**
* Read from $java.home/lib/jaxp.properties for the specified property
*
* @param propertyId the Id of the property
* @return the value of the property
*/
public static String getDefaultAccessProperty(String sysPropertyId, String defaultVal) {
String accessExternal = SecuritySupport.getSystemProperty(sysPropertyId);
if (accessExternal == null) {
accessExternal = readJAXPProperty(sysPropertyId);
if (accessExternal == null) {
accessExternal = defaultVal;
}
}
return accessExternal;
}
/**
* Read from $java.home/lib/jaxp.properties for the specified property
* The program
*
* @param propertyId the Id of the property
* @return the value of the property
*/
static String readJAXPProperty(String propertyId) {
String value = null;
InputStream is = null;
try {
if (firstTime) {
synchronized (cacheProps) {
if (firstTime) {
String configFile = getSystemProperty("java.home") + File.separator +
"lib" + File.separator + "jaxp.properties";
File f = new File(configFile);
if (getFileExists(f)) {
is = getFileInputStream(f);
cacheProps.load(is);
}
firstTime = false;
}
}
}
value = cacheProps.getProperty(propertyId);
}
catch (Exception ex) {}
finally {
if (is != null) {
try {
is.close();
} catch (IOException ex) {}
}
}
return value;
}
/**
* Cache for properties in java.home/lib/jaxp.properties
*/
static final Properties cacheProps = new Properties();
/**
* Flag indicating if the program has tried reading java.home/lib/jaxp.properties
*/
static volatile boolean firstTime = true;
private SecuritySupport () {}
}

26
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Import.java
View File

@ -23,18 +23,19 @@
package com.sun.org.apache.xalan.internal.xsltc.compiler;
import java.io.File;
import java.net.URL;
import java.net.MalformedURLException;
import java.util.Enumeration;
import com.sun.org.apache.xml.internal.utils.SystemIDResolver;
import com.sun.org.apache.xalan.internal.XalanConstants;
import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ClassGenerator;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.MethodGenerator;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.TypeCheckError;
import com.sun.org.apache.xml.internal.utils.SystemIDResolver;
import java.io.File;
import java.net.URL;
import java.net.MalformedURLException;
import java.util.Enumeration;
import javax.xml.XMLConstants;
import org.xml.sax.InputSource;
import org.xml.sax.XMLReader;
@ -84,6 +85,17 @@ final class Import extends TopLevelElement {
// No SourceLoader or not resolved by SourceLoader
if (input == null) {
docToLoad = SystemIDResolver.getAbsoluteURI(docToLoad, currLoadedDoc);
String accessError = SecuritySupport.checkAccess(docToLoad,
xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET),
XalanConstants.ACCESS_EXTERNAL_ALL);
if (accessError != null) {
final ErrorMsg msg = new ErrorMsg(ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
SecuritySupport.sanitizePath(docToLoad), accessError,
this);
parser.reportError(Constants.FATAL, msg);
return;
}
input = new InputSource(docToLoad);
}

28
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Include.java
View File

@ -23,19 +23,20 @@
package com.sun.org.apache.xalan.internal.xsltc.compiler;
import java.io.File;
import java.io.FileNotFoundException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Enumeration;
import com.sun.org.apache.xml.internal.utils.SystemIDResolver;
import com.sun.org.apache.xalan.internal.XalanConstants;
import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ClassGenerator;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.MethodGenerator;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.TypeCheckError;
import com.sun.org.apache.xml.internal.utils.SystemIDResolver;
import java.io.File;
import java.io.FileNotFoundException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Enumeration;
import javax.xml.XMLConstants;
import org.xml.sax.InputSource;
import org.xml.sax.XMLReader;
@ -85,6 +86,17 @@ final class Include extends TopLevelElement {
// No SourceLoader or not resolved by SourceLoader
if (input == null) {
docToLoad = SystemIDResolver.getAbsoluteURI(docToLoad, currLoadedDoc);
String accessError = SecuritySupport.checkAccess(docToLoad,
xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET),
XalanConstants.ACCESS_EXTERNAL_ALL);
if (accessError != null) {
final ErrorMsg msg = new ErrorMsg(ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
SecuritySupport.sanitizePath(docToLoad), accessError,
this);
parser.reportError(Constants.FATAL, msg);
return;
}
input = new InputSource(docToLoad);
}

42
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Parser.java
View File

@ -23,6 +23,16 @@
package com.sun.org.apache.xalan.internal.xsltc.compiler;
import com.sun.java_cup.internal.runtime.Symbol;
import com.sun.org.apache.xalan.internal.XalanConstants;
import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.MethodType;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.TypeCheckError;
import com.sun.org.apache.xml.internal.serializer.utils.SystemIDResolver;
import java.io.File;
import java.io.IOException;
import java.io.StringReader;
@ -33,27 +43,18 @@ import java.util.Properties;
import java.util.Stack;
import java.util.StringTokenizer;
import java.util.Vector;
import com.sun.java_cup.internal.runtime.Symbol;
import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.MethodType;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.TypeCheckError;
import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
import org.xml.sax.Attributes;
import org.xml.sax.helpers.AttributesImpl;
import org.xml.sax.ContentHandler;
import org.xml.sax.InputSource;
import org.xml.sax.Locator;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
import org.xml.sax.XMLReader;
import org.xml.sax.helpers.AttributesImpl;
/**
* @author Jacek Ambroziak
@ -475,6 +476,8 @@ public class Parser implements Constants, ContentHandler {
factory.setNamespaceAware(true);
}
final SAXParser parser = factory.newSAXParser();
parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
_xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
final XMLReader reader = parser.getXMLReader();
return(parse(reader, input));
}
@ -547,6 +550,25 @@ public class Parser implements Constants, ContentHandler {
return(element);
}
else {
try {
String path = _target;
if (path.indexOf(":")==-1) {
path = "file:" + path;
}
path = SystemIDResolver.getAbsoluteURI(path);
String accessError = SecuritySupport.checkAccess(path,
_xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET),
XalanConstants.ACCESS_EXTERNAL_ALL);
if (accessError != null) {
ErrorMsg msg = new ErrorMsg(ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
SecuritySupport.sanitizePath(_target), accessError,
root);
throw new CompilerException(msg.toString());
}
} catch (IOException ex) {
throw new CompilerException(ex);
}
return(loadExternalStylesheet(_target));
}
}

37
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/XSLTC.java
View File

@ -39,8 +39,10 @@ import java.util.Vector;
import java.util.jar.JarEntry;
import java.util.jar.JarOutputStream;
import java.util.jar.Manifest;
import javax.xml.XMLConstants;
import com.sun.org.apache.bcel.internal.classfile.JavaClass;
import com.sun.org.apache.xalan.internal.XalanConstants;
import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Util;
@ -135,6 +137,16 @@ public final class XSLTC {
private boolean _useServicesMechanism = true;
/**
* protocols allowed for external references set by the stylesheet processing instruction, Import and Include element.
*/
private String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
/**
* protocols allowed for external DTD references in source file and/or stylesheet.
*/
private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
/**
* XSLTC compiler constructor
*/
@ -169,6 +181,31 @@ public final class XSLTC {
_useServicesMechanism = flag;
}
/**
* Return allowed protocols for accessing external stylesheet.
*/
public String getProperty(String name) {
if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
return _accessExternalStylesheet;
}
else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
return _accessExternalDTD;
}
return null;
}
/**
* Set allowed protocols for accessing external stylesheet.
*/
public void setProperty(String name, String value) {
if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
_accessExternalStylesheet = (String)value;
}
else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
_accessExternalDTD = (String)value;
}
}
/**
* Only for user by the internal TrAX implementation.
*/

6
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages.java
View File

@ -445,6 +445,12 @@ public class ErrorMessages extends ListResourceBundle {
{ErrorMsg.MISSING_XSLT_TARGET_ERR,
"Could not find stylesheet target ''{0}''."},
/*
* Note to translators: access to the stylesheet target is denied
*/
{ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
"Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
/*
* Note to translators: This message represents an internal error in
* condition in XSLTC. The substitution text is the class name in XSLTC

6
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_ca.java
View File

@ -443,6 +443,12 @@ public class ErrorMessages_ca extends ListResourceBundle {
{ErrorMsg.MISSING_XSLT_TARGET_ERR,
"No s''ha trobat la destinaci\u00f3 ''{0}'' del full d''estils."},
/*
* Note to translators: access to the stylesheet target is denied
*/
{ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
"Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
/*
* Note to translators: This message represents an internal error in
* condition in XSLTC. The substitution text is the class name in XSLTC

6
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_cs.java
View File

@ -443,6 +443,12 @@ public class ErrorMessages_cs extends ListResourceBundle {
{ErrorMsg.MISSING_XSLT_TARGET_ERR,
"Nelze naj\u00edt c\u00edlovou p\u0159edlohu se stylem ''{0}''."},
/*
* Note to translators: access to the stylesheet target is denied
*/
{ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
"Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
/*
* Note to translators: This message represents an internal error in
* condition in XSLTC. The substitution text is the class name in XSLTC

6
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_de.java
View File

@ -443,6 +443,12 @@ public class ErrorMessages_de extends ListResourceBundle {
{ErrorMsg.MISSING_XSLT_TARGET_ERR,
"Stylesheet-Ziel \"{0}\" konnte nicht gefunden werden."},
/*
* Note to translators: access to the stylesheet target is denied
*/
{ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
"Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
/*
* Note to translators: This message represents an internal error in
* condition in XSLTC. The substitution text is the class name in XSLTC

6
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_es.java
View File

@ -443,6 +443,12 @@ public class ErrorMessages_es extends ListResourceBundle {
{ErrorMsg.MISSING_XSLT_TARGET_ERR,
"No se ha encontrado el destino de hoja de estilo ''{0}''."},
/*
* Note to translators: access to the stylesheet target is denied
*/
{ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
"Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
/*
* Note to translators: This message represents an internal error in
* condition in XSLTC. The substitution text is the class name in XSLTC

6
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_fr.java
View File

@ -443,6 +443,12 @@ public class ErrorMessages_fr extends ListResourceBundle {
{ErrorMsg.MISSING_XSLT_TARGET_ERR,
"Cible de feuille de style ''{0}'' introuvable."},
/*
* Note to translators: access to the stylesheet target is denied
*/
{ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
"Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
/*
* Note to translators: This message represents an internal error in
* condition in XSLTC. The substitution text is the class name in XSLTC

6
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_it.java
View File

@ -443,6 +443,12 @@ public class ErrorMessages_it extends ListResourceBundle {
{ErrorMsg.MISSING_XSLT_TARGET_ERR,
"Impossibile trovare la destinazione ''{0}'' del foglio di stile."},
/*
* Note to translators: access to the stylesheet target is denied
*/
{ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
"Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
/*
* Note to translators: This message represents an internal error in
* condition in XSLTC. The substitution text is the class name in XSLTC

6
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_ja.java
View File

@ -443,6 +443,12 @@ public class ErrorMessages_ja extends ListResourceBundle {
{ErrorMsg.MISSING_XSLT_TARGET_ERR,
"\u30B9\u30BF\u30A4\u30EB\u30B7\u30FC\u30C8\u30FB\u30BF\u30FC\u30B2\u30C3\u30C8''{0}''\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093\u3067\u3057\u305F\u3002"},
/*
* Note to translators: access to the stylesheet target is denied
*/
{ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
"Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
/*
* Note to translators: This message represents an internal error in
* condition in XSLTC. The substitution text is the class name in XSLTC

6
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_ko.java
View File

@ -443,6 +443,12 @@ public class ErrorMessages_ko extends ListResourceBundle {
{ErrorMsg.MISSING_XSLT_TARGET_ERR,
"\uC2A4\uD0C0\uC77C\uC2DC\uD2B8 \uB300\uC0C1 ''{0}''\uC744(\uB97C) \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."},
/*
* Note to translators: access to the stylesheet target is denied
*/
{ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
"Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
/*
* Note to translators: This message represents an internal error in
* condition in XSLTC. The substitution text is the class name in XSLTC

6
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_pt_BR.java
View File

@ -443,6 +443,12 @@ public class ErrorMessages_pt_BR extends ListResourceBundle {
{ErrorMsg.MISSING_XSLT_TARGET_ERR,
"N\u00E3o foi poss\u00EDvel localizar o alvo da folha de estilos ''{0}''."},
/*
* Note to translators: access to the stylesheet target is denied
*/
{ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
"Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
/*
* Note to translators: This message represents an internal error in
* condition in XSLTC. The substitution text is the class name in XSLTC

6
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_sk.java
View File

@ -443,6 +443,12 @@ public class ErrorMessages_sk extends ListResourceBundle {
{ErrorMsg.MISSING_XSLT_TARGET_ERR,
"Nebolo mo\u017en\u00e9 n\u00e1js\u0165 cie\u013e \u0161t\u00fdlu dokumentu ''{0}''."},
/*
* Note to translators: access to the stylesheet target is denied
*/
{ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
"Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
/*
* Note to translators: This message represents an internal error in
* condition in XSLTC. The substitution text is the class name in XSLTC

6
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_sv.java
View File

@ -443,6 +443,12 @@ public class ErrorMessages_sv extends ListResourceBundle {
{ErrorMsg.MISSING_XSLT_TARGET_ERR,
"Hittade inte formatmallen ''{0}''."},
/*
* Note to translators: access to the stylesheet target is denied
*/
{ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
"Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
/*
* Note to translators: This message represents an internal error in
* condition in XSLTC. The substitution text is the class name in XSLTC

6
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_zh_CN.java
View File

@ -443,6 +443,12 @@ public class ErrorMessages_zh_CN extends ListResourceBundle {
{ErrorMsg.MISSING_XSLT_TARGET_ERR,
"\u627E\u4E0D\u5230\u6837\u5F0F\u8868\u76EE\u6807 ''{0}''\u3002"},
/*
* Note to translators: access to the stylesheet target is denied
*/
{ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
"Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
/*
* Note to translators: This message represents an internal error in
* condition in XSLTC. The substitution text is the class name in XSLTC

6
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages_zh_TW.java
View File

@ -443,6 +443,12 @@ public class ErrorMessages_zh_TW extends ListResourceBundle {
{ErrorMsg.MISSING_XSLT_TARGET_ERR,
"\u627E\u4E0D\u5230\u6A23\u5F0F\u8868\u76EE\u6A19 ''{0}''\u3002"},
/*
* Note to translators: access to the stylesheet target is denied
*/
{ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
"Could not read stylesheet target ''{0}'', because ''{1}'' access is not allowed."},
/*
* Note to translators: This message represents an internal error in
* condition in XSLTC. The substitution text is the class name in XSLTC

1
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMsg.java
View File

@ -95,6 +95,7 @@ public final class ErrorMsg {
public static final String UNSUPPORTED_EXT_ERR = "UNSUPPORTED_EXT_ERR";
public static final String MISSING_XSLT_URI_ERR = "MISSING_XSLT_URI_ERR";
public static final String MISSING_XSLT_TARGET_ERR = "MISSING_XSLT_TARGET_ERR";
public static final String ACCESSING_XSLT_TARGET_ERR = "ACCESSING_XSLT_TARGET_ERR";
public static final String NOT_IMPLEMENTED_ERR = "NOT_IMPLEMENTED_ERR";
public static final String NOT_STYLESHEET_ERR = "NOT_STYLESHEET_ERR";
public static final String ELEMENT_PARSE_ERR = "ELEMENT_PARSE_ERR";

10
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/dom/LoadDocument.java
View File

@ -23,6 +23,7 @@
package com.sun.org.apache.xalan.internal.xsltc.dom;
import com.sun.org.apache.xalan.internal.XalanConstants;
import java.io.FileNotFoundException;
import javax.xml.transform.stream.StreamSource;
@ -31,8 +32,10 @@ import com.sun.org.apache.xalan.internal.xsltc.DOM;
import com.sun.org.apache.xalan.internal.xsltc.DOMCache;
import com.sun.org.apache.xalan.internal.xsltc.DOMEnhancedForDTM;
import com.sun.org.apache.xalan.internal.xsltc.TransletException;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
import com.sun.org.apache.xml.internal.dtm.DTM;
import com.sun.org.apache.xml.internal.dtm.DTMAxisIterator;
import com.sun.org.apache.xml.internal.dtm.DTMManager;
@ -199,6 +202,13 @@ public final class LoadDocument {
throw new TransletException(e);
}
} else {
String accessError = SecuritySupport.checkAccess(uri, translet.getAllowedProtocols(), XalanConstants.ACCESS_EXTERNAL_ALL);
if (accessError != null) {
ErrorMsg msg = new ErrorMsg(ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
SecuritySupport.sanitizePath(uri), accessError);
throw new Exception(msg.toString());
}
// Parse the input document and construct DOM object
// Trust the DTMManager to pick the right parser and
// set up the DOM correctly.

20
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/runtime/AbstractTranslet.java
View File

@ -23,6 +23,7 @@
package com.sun.org.apache.xalan.internal.xsltc.runtime;
import com.sun.org.apache.xalan.internal.XalanConstants;
import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
import java.io.File;
import java.io.FileOutputStream;
@ -110,6 +111,11 @@ public abstract class AbstractTranslet implements Translet {
private boolean _useServicesMechanism;
/**
* protocols allowed for external references set by the stylesheet processing instruction, Document() function, Import and Include element.
*/
private String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
/************************************************************************
* Debugging
************************************************************************/
@ -758,6 +764,20 @@ public abstract class AbstractTranslet implements Translet {
_useServicesMechanism = flag;
}
/**
* Return allowed protocols for accessing external stylesheet.
*/
public String getAllowedProtocols() {
return _accessExternalStylesheet;
}
/**
* Set allowed protocols for accessing external stylesheet.
*/
public void setAllowedProtocols(String protocols) {
_accessExternalStylesheet = protocols;
}
/************************************************************************
* DOMImplementation caching for basis library
************************************************************************/

6
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesHandlerImpl.java
View File

@ -99,6 +99,12 @@ public class TemplatesHandlerImpl
if (tfactory.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING))
xsltc.setSecureProcessing(true);
xsltc.setProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET,
(String)tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET));
xsltc.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
(String)tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_DTD));
if ("true".equals(tfactory.getAttribute(TransformerFactoryImpl.ENABLE_INLINING)))
xsltc.setTemplateInlining(true);
else

8
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesImpl.java
View File

@ -23,6 +23,7 @@
package com.sun.org.apache.xalan.internal.xsltc.trax;
import com.sun.org.apache.xalan.internal.XalanConstants;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
@ -124,6 +125,11 @@ public final class TemplatesImpl implements Templates, Serializable {
private boolean _useServicesMechanism;
/**
* protocols allowed for external references set by the stylesheet processing instruction, Import and Include element.
*/
private String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
static final class TransletClassLoader extends ClassLoader {
TransletClassLoader(ClassLoader parent) {
super(parent);
@ -171,6 +177,7 @@ public final class TemplatesImpl implements Templates, Serializable {
_indentNumber = indentNumber;
_tfactory = tfactory;
_useServicesMechanism = tfactory.useServicesMechnism();
_accessExternalStylesheet = (String) tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET);
}
/**
* Need for de-serialization, see readObject().
@ -381,6 +388,7 @@ public final class TemplatesImpl implements Templates, Serializable {
translet.postInitialization();
translet.setTemplates(this);
translet.setServicesMechnism(_useServicesMechanism);
translet.setAllowedProtocols(_accessExternalStylesheet);
if (_auxClasses != null) {
translet.setAuxiliaryClasses(_auxClasses);
}

51
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java
View File

@ -224,6 +224,16 @@ public class TransformerFactoryImpl
*/
private boolean _useServicesMechanism;
/**
* protocols allowed for external references set by the stylesheet processing instruction, Import and Include element.
*/
private String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
/**
* protocols allowed for external DTD references in source file and/or stylesheet.
*/
private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
/**
* javax.xml.transform.sax.TransformerFactory implementation.
*/
@ -238,10 +248,17 @@ public class TransformerFactoryImpl
private TransformerFactoryImpl(boolean useServicesMechanism) {
this.m_DTMManagerClass = XSLTCDTMManager.getDTMManagerClass(useServicesMechanism);
this._useServicesMechanism = useServicesMechanism;
String defaultAccess = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
if (System.getSecurityManager() != null) {
_isSecureMode = true;
_isNotSecureProcessing = false;
defaultAccess = XalanConstants.getExternalAccessDefault(true);
}
_accessExternalStylesheet = SecuritySupport.getDefaultAccessProperty(
XalanConstants.SP_ACCESS_EXTERNAL_STYLESHEET, defaultAccess);
_accessExternalDTD = SecuritySupport.getDefaultAccessProperty(
XalanConstants.SP_ACCESS_EXTERNAL_DTD, defaultAccess);
}
/**
@ -301,6 +318,12 @@ public class TransformerFactoryImpl
else
return Boolean.FALSE;
}
else if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
return _accessExternalStylesheet;
}
else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
return _accessExternalDTD;
}
// Throw an exception for all other attributes
ErrorMsg err = new ErrorMsg(ErrorMsg.JAXP_INVALID_ATTR_ERR, name);
@ -401,6 +424,14 @@ public class TransformerFactoryImpl
return;
}
}
else if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) {
_accessExternalStylesheet = (String)value;
return;
}
else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
_accessExternalDTD = (String)value;
return;
}
// Throw an exception for all other attributes
final ErrorMsg err
@ -444,7 +475,12 @@ public class TransformerFactoryImpl
throw new TransformerConfigurationException(err.toString());
}
_isNotSecureProcessing = !value;
// all done processing feature
// set restriction, allowing no access to external stylesheet
if (value) {
_accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP;
_accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT_FSP;
}
return;
}
else if (name.equals(XalanConstants.ORACLE_FEATURE_SERVICE_MECHANISM)) {
@ -799,6 +835,8 @@ public class TransformerFactoryImpl
xsltc.setTemplateInlining(false);
if (!_isNotSecureProcessing) xsltc.setSecureProcessing(true);
xsltc.setProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, _accessExternalStylesheet);
xsltc.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, _accessExternalDTD);
xsltc.init();
// Set a document loader (for xsl:include/import) if defined
@ -880,15 +918,20 @@ public class TransformerFactoryImpl
// Check that the transformation went well before returning
if (bytecodes == null) {
Vector errs = xsltc.getErrors();
ErrorMsg err = null;
if (errs != null) {
err = (ErrorMsg)errs.get(errs.size()-1);
err = (ErrorMsg)errs.elementAt(errs.size()-1);
} else {
err = new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR);
}
TransformerConfigurationException exc = new TransformerConfigurationException(err.toString(), err.getCause());
Throwable cause = err.getCause();
TransformerConfigurationException exc;
if (cause != null) {
exc = new TransformerConfigurationException(cause.getMessage(), cause);
} else {
exc = new TransformerConfigurationException(err.toString());
}
// Pass compiler errors to the error listener
if (_errorListener != null) {

13
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerImpl.java
View File

@ -23,6 +23,7 @@
package com.sun.org.apache.xalan.internal.xsltc.trax;
import com.sun.org.apache.xalan.internal.XalanConstants;
import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
import java.io.File;
import java.io.FileOutputStream;
@ -61,6 +62,7 @@ import javax.xml.transform.stax.StAXResult;
import javax.xml.transform.stax.StAXSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
import javax.xml.XMLConstants;
import com.sun.org.apache.xml.internal.utils.SystemIDResolver;
@ -207,6 +209,14 @@ public final class TransformerImpl extends Transformer
* Note the default value (false) is the safe option..
*/
private boolean _useServicesMechanism;
/**
* protocols allowed for external references set by the stylesheet processing instruction, Import and Include element.
*/
private String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
/**
* protocols allowed for external DTD references in source file and/or stylesheet.
*/
private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
/**
* A hashtable to store parameters for the identity transform. These
@ -260,7 +270,10 @@ public final class TransformerImpl extends Transformer
_indentNumber = indentNumber;
_tfactory = tfactory;
_useServicesMechanism = _tfactory.useServicesMechnism();
_accessExternalStylesheet = (String)_tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET);
_accessExternalDTD = (String)_tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_DTD);
_readerManager = XMLReaderManager.getInstance(_useServicesMechanism);
_readerManager.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, _accessExternalDTD);
//_isIncremental = tfactory._incremental;
}

2
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/Util.java
View File

@ -105,6 +105,8 @@ public final class Util {
if (reader == null) {
try {
reader= XMLReaderFactory.createXMLReader();
reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
} catch (Exception e ) {
try {

46
jaxp/src/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java
View File

@ -20,18 +20,6 @@
package com.sun.org.apache.xerces.internal.dom;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Locale;
import java.util.Vector;
import com.sun.org.apache.xerces.internal.util.PropertyState;
import com.sun.org.apache.xerces.internal.util.Status;
import org.w3c.dom.DOMConfiguration;
import org.w3c.dom.DOMErrorHandler;
import org.w3c.dom.DOMStringList;
import com.sun.org.apache.xerces.internal.impl.Constants;
import com.sun.org.apache.xerces.internal.impl.XMLEntityManager;
import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter;
@ -42,7 +30,10 @@ import com.sun.org.apache.xerces.internal.util.DOMEntityResolverWrapper;
import com.sun.org.apache.xerces.internal.util.DOMErrorHandlerWrapper;
import com.sun.org.apache.xerces.internal.util.MessageFormatter;
import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings;
import com.sun.org.apache.xerces.internal.util.PropertyState;
import com.sun.org.apache.xerces.internal.util.SymbolTable;
import com.sun.org.apache.xerces.internal.utils.ObjectFactory;
import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler;
import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
@ -55,12 +46,19 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLEntityResolver;
import com.sun.org.apache.xerces.internal.xni.parser.XMLErrorHandler;
import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
import com.sun.org.apache.xerces.internal.utils.ObjectFactory;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Locale;
import java.util.Vector;
import javax.xml.XMLConstants;
import org.w3c.dom.DOMConfiguration;
import org.w3c.dom.DOMErrorHandler;
import org.w3c.dom.DOMException;
import org.w3c.dom.DOMStringList;
import org.w3c.dom.ls.LSResourceResolver;
/**
* Xerces implementation of DOMConfiguration that maintains a table of recognized parameters.
*
@ -158,6 +156,14 @@ public class DOMConfigurationImpl extends ParserConfigurationSettings
protected static final String SCHEMA_DV_FACTORY =
Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY;
/** Property identifier: access to external dtd */
protected static final String ACCESS_EXTERNAL_DTD =
XMLConstants.ACCESS_EXTERNAL_DTD;
/** Property identifier: access to external schema */
protected static final String ACCESS_EXTERNAL_SCHEMA =
XMLConstants.ACCESS_EXTERNAL_SCHEMA;
//
// Data
//
@ -276,7 +282,9 @@ public class DOMConfigurationImpl extends ParserConfigurationSettings
JAXP_SCHEMA_SOURCE,
JAXP_SCHEMA_LANGUAGE,
DTD_VALIDATOR_FACTORY_PROPERTY,
SCHEMA_DV_FACTORY
SCHEMA_DV_FACTORY,
ACCESS_EXTERNAL_DTD,
ACCESS_EXTERNAL_SCHEMA
};
addRecognizedProperties(recognizedProperties);
@ -310,6 +318,14 @@ public class DOMConfigurationImpl extends ParserConfigurationSettings
fValidationManager = createValidationManager();
setProperty(VALIDATION_MANAGER, fValidationManager);
//For DOM, the secure feature is set to true by default
String accessExternal = SecuritySupport.getDefaultAccessProperty(
Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
setProperty(ACCESS_EXTERNAL_DTD, accessExternal);
accessExternal = SecuritySupport.getDefaultAccessProperty(
Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
setProperty(ACCESS_EXTERNAL_SCHEMA, accessExternal);
// add message formatters
if (fErrorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) {

97
jaxp/src/com/sun/org/apache/xerces/internal/impl/Constants.java
View File

@ -20,6 +20,7 @@
package com.sun.org.apache.xerces.internal.impl;
import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
import java.util.Enumeration;
import java.util.NoSuchElementException;
@ -138,6 +139,21 @@ public final class Constants {
public static final String FEATURE_SECURE_PROCESSING = "http://javax.xml.XMLConstants/feature/secure-processing";
// Oracle Feature:
/**
* <p>Use Service Mechanism</p>
*
* <ul>
* <li>
* {@code true} instruct an object to use service mechanism to
* find a service implementation. This is the default behavior.
* </li>
* <li>
* {@code false} instruct an object to skip service mechanism and
* use the default implementation for that service.
* </li>
* </ul>
*/
public static final String ORACLE_FEATURE_SERVICE_MECHANISM = "http://www.oracle.com/feature/use-service-mechanism";
/** Document XML version property ("document-xml-version"). */
@ -160,6 +176,34 @@ public final class Constants {
public static final String SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT = "elementAttributeLimit" ;
/** JAXP Standard property prefix ("http://javax.xml.XMLConstants/property/"). */
public static final String JAXPAPI_PROPERTY_PREFIX =
"http://javax.xml.XMLConstants/property/";
/** Oracle JAXP property prefix ("http://www.oracle.com/xml/jaxp/properties/"). */
public static final String ORACLE_JAXP_PROPERTY_PREFIX =
"http://www.oracle.com/xml/jaxp/properties/";
//System Properties corresponding to ACCESS_EXTERNAL_* properties
public static final String SP_ACCESS_EXTERNAL_DTD = "javax.xml.accessExternalDTD";
public static final String SP_ACCESS_EXTERNAL_SCHEMA = "javax.xml.accessExternalSchema";
//all access keyword
public static final String ACCESS_EXTERNAL_ALL = "all";
/**
* Default value when FEATURE_SECURE_PROCESSING (FSP) is set to true
*/
public static final String EXTERNAL_ACCESS_DEFAULT_FSP = "";
/**
* JDK version by which the default is to restrict external connection
*/
public static final int RESTRICT_BY_DEFAULT_JDK_VERSION = 8;
/**
* FEATURE_SECURE_PROCESSING (FSP) is true by default
*/
public static final String EXTERNAL_ACCESS_DEFAULT = getExternalAccessDefault(true);
//
// DOM features
//
@ -653,6 +697,59 @@ public final class Constants {
? new ArrayEnumeration(fgXercesProperties) : fgEmptyEnumeration;
} // getXercesProperties():Enumeration
/**
* Determine the default value of the external access properties
*
* jaxp 1.5 does not require implementations to restrict by default
*
* For JDK8:
* The default value is 'file' (including jar:file); The keyword "all" grants permission
* to all protocols. When {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is on,
* the default value is an empty string indicating no access is allowed.
*
* For JDK7:
* The default value is 'all' granting permission to all protocols. If by default,
* {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING} is true, it should
* not change the default value. However, if {@link javax.xml.XMLConstants#FEATURE_SECURE_PROCESSING}
* is set explicitly, the values of the properties shall be set to an empty string
* indicating no access is allowed.
*
* @param isSecureProcessing indicating if Secure Processing is set
* @return default value
*/
public static String getExternalAccessDefault(boolean isSecureProcessing) {
String defaultValue = "all";
if (isJDKandAbove(RESTRICT_BY_DEFAULT_JDK_VERSION)) {
defaultValue = "file";
if (isSecureProcessing) {
defaultValue = EXTERNAL_ACCESS_DEFAULT_FSP;
}
}
return defaultValue;
}
/*
* Check the version of the current JDK against that specified in the
* parameter
*
* There is a proposal to change the java version string to:
* MAJOR.MINOR.FU.CPU.PSU-BUILDNUMBER_BUGIDNUMBER_OPTIONAL
* This method would work with both the current format and that proposed
*
* @param compareTo a JDK version to be compared to
* @return true if the current version is the same or above that represented
* by the parameter
*/
public static boolean isJDKandAbove(int compareTo) {
String javaVersion = SecuritySupport.getSystemProperty("java.version");
String versions[] = javaVersion.split("\\.", 3);
if (Integer.parseInt(versions[0]) >= compareTo ||
Integer.parseInt(versions[1]) >= compareTo) {
return true;
}
return false;
}
//
// Classes
//

20
jaxp/src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java
View File

@ -25,13 +25,14 @@
package com.sun.org.apache.xerces.internal.impl;
import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
import com.sun.xml.internal.stream.StaxEntityResolverWrapper;
import java.util.HashMap;
import javax.xml.XMLConstants;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLResolver;
import com.sun.xml.internal.stream.StaxEntityResolverWrapper;
/**
* This class manages different properties related to Stax specification and its implementation.
* This class constructor also takes itself (PropertyManager object) as parameter and initializes the
@ -51,6 +52,12 @@ public class PropertyManager {
private static final String STRING_INTERNING = "http://xml.org/sax/features/string-interning";
/** Property identifier: access to external dtd */
protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
/** Property identifier: access to external schema */
protected static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
HashMap supportedProps = new HashMap();
public static final int CONTEXT_READER = 1;
@ -117,6 +124,15 @@ public class PropertyManager {
supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_DUPLICATE_ATTDEF_FEATURE, new Boolean(false));
supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_DUPLICATE_ENTITYDEF_FEATURE, new Boolean(false));
supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_UNDECLARED_ELEMDEF_FEATURE, new Boolean(false));
//For DOM/SAX, the secure feature is set to true by default
String accessExternal = SecuritySupport.getDefaultAccessProperty(
Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
supportedProps.put(ACCESS_EXTERNAL_DTD, accessExternal);
accessExternal = SecuritySupport.getDefaultAccessProperty(
Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
supportedProps.put(ACCESS_EXTERNAL_SCHEMA, accessExternal);
}
private void initWriterProps(){

65
jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java
View File

@ -52,7 +52,10 @@ import com.sun.org.apache.xerces.internal.impl.Constants;
import com.sun.org.apache.xerces.internal.impl.XMLEntityHandler;
import com.sun.org.apache.xerces.internal.util.SecurityManager;
import com.sun.org.apache.xerces.internal.util.NamespaceSupport;
import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
import com.sun.xml.internal.stream.Entity;
import javax.xml.XMLConstants;
import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.events.XMLEvent;
@ -159,6 +162,18 @@ public class XMLDocumentFragmentScannerImpl
protected static final String ENTITY_RESOLVER =
Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_RESOLVER_PROPERTY;
/** Feature identifier: standard uri conformant */
protected static final String STANDARD_URI_CONFORMANT =
Constants.XERCES_FEATURE_PREFIX +Constants.STANDARD_URI_CONFORMANT_FEATURE;
/** property identifier: access external dtd. */
protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
/** access external dtd: file protocol
* For DOM/SAX, the secure feature is set to true by default
*/
final static String EXTERNAL_ACCESS_DEFAULT = Constants.EXTERNAL_ACCESS_DEFAULT;
// recognized features and properties
/** Recognized features. */
@ -184,6 +199,7 @@ public class XMLDocumentFragmentScannerImpl
SYMBOL_TABLE,
ERROR_REPORTER,
ENTITY_MANAGER,
ACCESS_EXTERNAL_DTD
};
/** Property defaults. */
@ -191,6 +207,7 @@ public class XMLDocumentFragmentScannerImpl
null,
null,
null,
EXTERNAL_ACCESS_DEFAULT
};
private static final char [] cdata = {'[','C','D','A','T','A','['};
@ -297,6 +314,17 @@ public class XMLDocumentFragmentScannerImpl
protected String fDeclaredEncoding = null;
/** Xerces Feature: Disallow doctype declaration. */
protected boolean fDisallowDoctype = false;
/**
* comma-delimited list of protocols that are allowed for the purpose
* of accessing external dtd or entity references
*/
protected String fAccessExternalDTD = EXTERNAL_ACCESS_DEFAULT;
/**
* standard uri conformant (strict uri).
* http://apache.org/xml/features/standard-uri-conformant
*/
protected boolean fStrictURI;
// drivers
@ -413,17 +441,6 @@ public class XMLDocumentFragmentScannerImpl
*
* @return True if there is more to scan, false otherwise.
*/
/* public boolean scanDocument(boolean complete)
throws IOException, XNIException {
// keep dispatching "events"
fEntityManager.setEntityHandler(this);
return true;
} // scanDocument(boolean):boolean
*/
public boolean scanDocument(boolean complete)
throws IOException, XNIException {
@ -579,6 +596,9 @@ public class XMLDocumentFragmentScannerImpl
//xxx: external entities are supported in Xerces
// it would be good to define feature for this case
fSupportExternalEntities = true;
fSupportExternalEntities = true;
fSupportExternalEntities = true;
fSupportExternalEntities = true;
fReplaceEntityReferences = true;
fIsCoalesce = false;
@ -589,6 +609,9 @@ public class XMLDocumentFragmentScannerImpl
dtdGrammarUtil = null;
// JAXP 1.5 features and properties
fAccessExternalDTD = (String) componentManager.getProperty(ACCESS_EXTERNAL_DTD, EXTERNAL_ACCESS_DEFAULT);
fStrictURI = componentManager.getFeature(STANDARD_URI_CONFORMANT, false);
//fEntityManager.test();
} // reset(XMLComponentManager)
@ -639,6 +662,9 @@ public class XMLDocumentFragmentScannerImpl
dtdGrammarUtil = null;
// Oracle jdk feature
fAccessExternalDTD = (String) propertyManager.getProperty(ACCESS_EXTERNAL_DTD);
} // reset(XMLComponentManager)
/**
@ -735,6 +761,14 @@ public class XMLDocumentFragmentScannerImpl
return;
}
//JAXP 1.5 properties
if (propertyId.startsWith(Constants.JAXPAPI_PROPERTY_PREFIX)) {
if (propertyId.equals(ACCESS_EXTERNAL_DTD))
{
fAccessExternalDTD = (String)value;
}
}
} // setProperty(String,Object)
/**
@ -1846,7 +1880,8 @@ public class XMLDocumentFragmentScannerImpl
//1. if the entity is external and support to external entities is not required
// 2. or entities should not be replaced
//3. or if it is built in entity reference.
if((fEntityStore.isExternalEntity(name) && !fSupportExternalEntities) || (!fEntityStore.isExternalEntity(name) && !fReplaceEntityReferences) || foundBuiltInRefs){
boolean isEE = fEntityStore.isExternalEntity(name);
if((isEE && !fSupportExternalEntities) || (!isEE && !fReplaceEntityReferences) || foundBuiltInRefs){
fScannerState = SCANNER_STATE_REFERENCE;
return ;
}
@ -1996,6 +2031,12 @@ public class XMLDocumentFragmentScannerImpl
} // getDriverName():String
String checkAccess(String systemId, String allowedProtocols) throws IOException {
String baseSystemId = fEntityScanner.getBaseSystemId();
String expandedSystemId = fEntityManager.expandSystemId(systemId, baseSystemId,fStrictURI);
return SecuritySupport.checkAccess(expandedSystemId, allowedProtocols, Constants.ACCESS_EXTERNAL_ALL);
}
//
// Classes
//

69
jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentScannerImpl.java
View File

@ -21,6 +21,22 @@
package com.sun.org.apache.xerces.internal.impl;
import com.sun.org.apache.xerces.internal.impl.dtd.XMLDTDDescription;
import com.sun.org.apache.xerces.internal.impl.validation.ValidationManager;
import com.sun.org.apache.xerces.internal.util.NamespaceSupport;
import com.sun.org.apache.xerces.internal.util.XMLChar;
import com.sun.org.apache.xerces.internal.util.XMLResourceIdentifierImpl;
import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
import com.sun.org.apache.xerces.internal.xni.Augmentations;
import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
import com.sun.org.apache.xerces.internal.xni.XMLString;
import com.sun.org.apache.xerces.internal.xni.XNIException;
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
import com.sun.org.apache.xerces.internal.xni.parser.XMLDTDScanner;
import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
import com.sun.xml.internal.stream.Entity;
import com.sun.xml.internal.stream.StaxXMLInputSource;
import com.sun.xml.internal.stream.dtd.DTDGrammarUtil;
@ -29,23 +45,6 @@ import java.io.IOException;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.events.XMLEvent;
import com.sun.org.apache.xerces.internal.impl.validation.ValidationManager;
import com.sun.org.apache.xerces.internal.util.NamespaceSupport;
import com.sun.org.apache.xerces.internal.util.XMLChar;
import com.sun.org.apache.xerces.internal.util.XMLResourceIdentifierImpl;
import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
import com.sun.org.apache.xerces.internal.xni.XMLString;
import com.sun.org.apache.xerces.internal.xni.XNIException;
import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
import com.sun.org.apache.xerces.internal.xni.parser.XMLDTDScanner;
import com.sun.org.apache.xerces.internal.xni.Augmentations;
import com.sun.org.apache.xerces.internal.impl.dtd.XMLDTDDescription;
import com.sun.org.apache.xerces.internal.xni.parser.XMLDocumentScanner;
/**
* This class is responsible for scanning XML document structure
@ -148,7 +147,7 @@ public class XMLDocumentScannerImpl
/** Property defaults. */
private static final Object[] PROPERTY_DEFAULTS = {
null,
null,
null
};
@ -920,7 +919,6 @@ public class XMLDocumentScannerImpl
reportFatalError("DoctypeNotAllowed", null);
}
if (fSeenDoctypeDecl) {
reportFatalError("AlreadySeenDoctype", null);
}
@ -952,15 +950,18 @@ public class XMLDocumentScannerImpl
if (fDoctypeSystemId != null) {
if (((fValidation || fLoadExternalDTD)
&& (fValidationManager == null || !fValidationManager.isCachedDTD()))) {
if (fSupportDTD)
setScannerState(SCANNER_STATE_DTD_EXTERNAL);
else
setScannerState(SCANNER_STATE_PROLOG);
setDriver(fContentDriver);
if(fDTDDriver == null)
fDTDDriver = new DTDDriver();
return fDTDDriver.next();
if (fSupportDTD) {
setScannerState(SCANNER_STATE_DTD_EXTERNAL);
} else {
setScannerState(SCANNER_STATE_PROLOG);
}
setDriver(fContentDriver);
if(fDTDDriver == null) {
fDTDDriver = new DTDDriver();
}
return fDTDDriver.next();
}
}
else if (fExternalSubsetSource != null) {
@ -1149,9 +1150,21 @@ public class XMLDocumentScannerImpl
resourceIdentifier.setValues(fDoctypePublicId, fDoctypeSystemId, null, null);
XMLInputSource xmlInputSource = null ;
StaxXMLInputSource staxInputSource = fEntityManager.resolveEntityAsPerStax(resourceIdentifier);
// Check access permission. If the source is resolved by a resolver, the check is skipped.
if (!staxInputSource.hasResolver()) {
String accessError = checkAccess(fDoctypeSystemId, fAccessExternalDTD);
if (accessError != null) {
reportFatalError("AccessExternalDTD", new Object[]{ SecuritySupport.sanitizePath(fDoctypeSystemId), accessError });
}
}
xmlInputSource = staxInputSource.getXMLInputSource();
fDTDScanner.setInputSource(xmlInputSource);
setScannerState(SCANNER_STATE_DTD_EXTERNAL_DECLS);
if (fEntityScanner.fCurrentEntity != null) {
setScannerState(SCANNER_STATE_DTD_EXTERNAL_DECLS);
} else {
setScannerState(SCANNER_STATE_PROLOG);
}
again = true;
break;
}

144
jaxp/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2006, 2013 Oracle and/or its affiliates. All rights reserved.
*/
/*
@ -20,51 +20,37 @@
package com.sun.org.apache.xerces.internal.impl ;
import com.sun.org.apache.xerces.internal.impl.Constants;
import com.sun.org.apache.xerces.internal.impl.io.ASCIIReader;
import com.sun.org.apache.xerces.internal.impl.io.UCSReader;
import com.sun.org.apache.xerces.internal.impl.io.UTF8Reader;
import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
import com.sun.org.apache.xerces.internal.impl.XMLEntityHandler;
import com.sun.org.apache.xerces.internal.impl.validation.ValidationManager;
import com.sun.org.apache.xerces.internal.util.*;
import com.sun.org.apache.xerces.internal.util.SecurityManager;
import com.sun.org.apache.xerces.internal.util.URI;
import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
import com.sun.org.apache.xerces.internal.xni.Augmentations;
import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
import com.sun.org.apache.xerces.internal.xni.XNIException;
import com.sun.org.apache.xerces.internal.xni.parser.*;
import com.sun.xml.internal.stream.Entity;
import com.sun.xml.internal.stream.StaxEntityResolverWrapper;
import com.sun.xml.internal.stream.StaxXMLInputSource;
import com.sun.xml.internal.stream.XMLEntityStorage;
import java.io.*;
import java.io.BufferedReader;
import java.util.*;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.io.StringReader;
import java.lang.reflect.Method;
import java.net.HttpURLConnection;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLConnection;
import java.net.URISyntaxException;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Stack;
import com.sun.org.apache.xerces.internal.impl.io.*;
import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
import com.sun.org.apache.xerces.internal.util.*;
import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
import com.sun.org.apache.xerces.internal.xni.XNIException;
import com.sun.org.apache.xerces.internal.xni.parser.*;
import com.sun.org.apache.xerces.internal.impl.Constants;
import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
import com.sun.xml.internal.stream.Entity;
import com.sun.org.apache.xerces.internal.xni.Augmentations;
import com.sun.org.apache.xerces.internal.impl.io.UTF8Reader;
import com.sun.org.apache.xerces.internal.impl.io.ASCIIReader;
import com.sun.org.apache.xerces.internal.impl.io.UCSReader;
import com.sun.org.apache.xerces.internal.impl.XMLEntityHandler;
import com.sun.org.apache.xerces.internal.util.HTTPInputSource;
import com.sun.org.apache.xerces.internal.xinclude.XIncludeHandler;
import com.sun.org.apache.xerces.internal.impl.validation.ValidationManager;
import com.sun.org.apache.xerces.internal.util.SecurityManager;
import com.sun.org.apache.xerces.internal.util.URI;
import javax.xml.XMLConstants;
/**
@ -140,6 +126,10 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
protected static final String WARN_ON_DUPLICATE_ENTITYDEF =
Constants.XERCES_FEATURE_PREFIX +Constants.WARN_ON_DUPLICATE_ENTITYDEF_FEATURE;
/** Feature identifier: load external DTD. */
protected static final String LOAD_EXTERNAL_DTD =
Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE;
// property identifiers
/** Property identifier: symbol table. */
@ -173,8 +163,16 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
protected static final String SECURITY_MANAGER =
Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
protected static final String PARSER_SETTINGS =
protected static final String PARSER_SETTINGS =
Constants.XERCES_FEATURE_PREFIX + Constants.PARSER_SETTINGS;
/** property identifier: access external dtd. */
protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
/** access external dtd: file protocol */
static final String EXTERNAL_ACCESS_DEFAULT = Constants.EXTERNAL_ACCESS_DEFAULT;
// recognized features and properties
/** Recognized features. */
@ -205,7 +203,7 @@ protected static final String PARSER_SETTINGS =
VALIDATION_MANAGER,
BUFFER_SIZE,
SECURITY_MANAGER,
ACCESS_EXTERNAL_DTD
};
/** Property defaults. */
@ -215,7 +213,8 @@ protected static final String PARSER_SETTINGS =
null,
null,
new Integer(DEFAULT_BUFFER_SIZE),
null
null,
EXTERNAL_ACCESS_DEFAULT
};
private static final String XMLEntity = "[xml]".intern();
@ -274,6 +273,8 @@ protected static final String PARSER_SETTINGS =
*/
protected boolean fAllowJavaEncodings = true ;
/** Load external DTD. */
protected boolean fLoadExternalDTD = true;
// properties
@ -302,7 +303,8 @@ protected static final String PARSER_SETTINGS =
/** Property Manager. This is used from Stax */
protected PropertyManager fPropertyManager ;
/** used to restrict external access */
protected String fAccessExternalDTD = EXTERNAL_ACCESS_DEFAULT;
// settings
/**
@ -366,6 +368,9 @@ protected static final String PARSER_SETTINGS =
/** Current entity. */
protected Entity.ScannedEntity fCurrentEntity = null;
/** identify if the InputSource is created by a resolver */
boolean fISCreatedByResolver = false;
// shared context
protected XMLEntityStorage fEntityStorage ;
@ -965,18 +970,25 @@ protected static final String PARSER_SETTINGS =
System.out.println("BEFORE Calling resolveEntity") ;
}
fISCreatedByResolver = false;
//either of Stax or Xerces would be null
if(fStaxEntityResolver != null){
staxInputSource = fStaxEntityResolver.resolveEntity(ri);
if(staxInputSource != null) {
fISCreatedByResolver = true;
}
}
if(fEntityResolver != null){
xmlInputSource = fEntityResolver.resolveEntity(ri);
if(xmlInputSource != null) {
fISCreatedByResolver = true;
}
}
if(xmlInputSource != null){
//wrap this XMLInputSource to StaxInputSource
staxInputSource = new StaxXMLInputSource(xmlInputSource);
staxInputSource = new StaxXMLInputSource(xmlInputSource, fISCreatedByResolver);
}
// do default resolution
@ -1108,7 +1120,13 @@ protected static final String PARSER_SETTINGS =
// should we skip external entities?
boolean external = entity.isExternal();
Entity.ExternalEntity externalEntity = null;
String extLitSysId = null, extBaseSysId = null, expandedSystemId = null;
if (external) {
externalEntity = (Entity.ExternalEntity)entity;
extLitSysId = (externalEntity.entityLocation != null ? externalEntity.entityLocation.getLiteralSystemId() : null);
extBaseSysId = (externalEntity.entityLocation != null ? externalEntity.entityLocation.getBaseSystemId() : null);
expandedSystemId = expandSystemId(extLitSysId, extBaseSysId);
boolean unparsed = entity.isUnparsed();
boolean parameter = entityName.startsWith("%");
boolean general = !parameter;
@ -1118,13 +1136,6 @@ protected static final String PARSER_SETTINGS =
if (fEntityHandler != null) {
fResourceIdentifier.clear();
final String encoding = null;
Entity.ExternalEntity externalEntity = (Entity.ExternalEntity)entity;
//REVISIT: since we're storing expandedSystemId in the
// externalEntity, how could this have got here if it wasn't already
// expanded??? - neilg
String extLitSysId = (externalEntity.entityLocation != null ? externalEntity.entityLocation.getLiteralSystemId() : null);
String extBaseSysId = (externalEntity.entityLocation != null ? externalEntity.entityLocation.getBaseSystemId() : null);
String expandedSystemId = expandSystemId(extLitSysId, extBaseSysId);
fResourceIdentifier.setValues(
(externalEntity.entityLocation != null ? externalEntity.entityLocation.getPublicId() : null),
extLitSysId, extBaseSysId, expandedSystemId);
@ -1162,11 +1173,6 @@ protected static final String PARSER_SETTINGS =
fResourceIdentifier.clear();
final String encoding = null;
if (external) {
Entity.ExternalEntity externalEntity = (Entity.ExternalEntity)entity;
// REVISIT: for the same reason above...
String extLitSysId = (externalEntity.entityLocation != null ? externalEntity.entityLocation.getLiteralSystemId() : null);
String extBaseSysId = (externalEntity.entityLocation != null ? externalEntity.entityLocation.getBaseSystemId() : null);
String expandedSystemId = expandSystemId(extLitSysId, extBaseSysId);
fResourceIdentifier.setValues(
(externalEntity.entityLocation != null ? externalEntity.entityLocation.getPublicId() : null),
extLitSysId, extBaseSysId, expandedSystemId);
@ -1188,7 +1194,6 @@ protected static final String PARSER_SETTINGS =
XMLInputSource xmlInputSource = null ;
if (external) {
Entity.ExternalEntity externalEntity = (Entity.ExternalEntity)entity;
staxInputSource = resolveEntityAsPerStax(externalEntity.entityLocation);
/** xxx: Waiting from the EG
* //simply return if there was entity resolver registered and application
@ -1196,6 +1201,18 @@ protected static final String PARSER_SETTINGS =
* if(staxInputSource.hasXMLStreamOrXMLEventReader()) return ;
*/
xmlInputSource = staxInputSource.getXMLInputSource() ;
if (!fISCreatedByResolver) {
//let the not-LoadExternalDTD or not-SupportDTD process to handle the situation
if (fLoadExternalDTD) {
String accessError = SecuritySupport.checkAccess(expandedSystemId, fAccessExternalDTD, Constants.ACCESS_EXTERNAL_ALL);
if (accessError != null) {
fErrorReporter.reportError(this.getEntityScanner(),XMLMessageFormatter.XML_DOMAIN,
"AccessExternalEntity",
new Object[] { SecuritySupport.sanitizePath(expandedSystemId), accessError },
XMLErrorReporter.SEVERITY_FATAL_ERROR);
}
}
}
}
// wrap internal entity
else {
@ -1400,6 +1417,12 @@ protected static final String PARSER_SETTINGS =
fStaxEntityResolver = null;
}
// Zephyr feature ignore-external-dtd is the opposite of Xerces' load-external-dtd
fLoadExternalDTD = !((Boolean)propertyManager.getProperty(Constants.ZEPHYR_PROPERTY_PREFIX + Constants.IGNORE_EXTERNAL_DTD)).booleanValue();
// JAXP 1.5 feature
fAccessExternalDTD = (String) propertyManager.getProperty(ACCESS_EXTERNAL_DTD);
// initialize state
//fStandalone = false;
fEntities.clear();
@ -1409,8 +1432,6 @@ protected static final String PARSER_SETTINGS =
fExternalGeneralEntities = true;
fExternalParameterEntities = true;
fAllowJavaEncodings = true ;
//test();
}
/**
@ -1453,6 +1474,7 @@ protected static final String PARSER_SETTINGS =
fAllowJavaEncodings = componentManager.getFeature(ALLOW_JAVA_ENCODINGS, false);
fWarnDuplicateEntityDef = componentManager.getFeature(WARN_ON_DUPLICATE_ENTITYDEF, false);
fStrictURI = componentManager.getFeature(STANDARD_URI_CONFORMANT, false);
fLoadExternalDTD = componentManager.getFeature(LOAD_EXTERNAL_DTD, true);
// xerces properties
fSymbolTable = (SymbolTable)componentManager.getProperty(SYMBOL_TABLE);
@ -1462,6 +1484,9 @@ protected static final String PARSER_SETTINGS =
fValidationManager = (ValidationManager)componentManager.getProperty(VALIDATION_MANAGER, null);
fSecurityManager = (SecurityManager)componentManager.getProperty(SECURITY_MANAGER, null);
// JAXP 1.5 feature
fAccessExternalDTD = (String) componentManager.getProperty(ACCESS_EXTERNAL_DTD, EXTERNAL_ACCESS_DEFAULT);
//reset general state
reset();
@ -1554,6 +1579,11 @@ protected static final String PARSER_SETTINGS =
featureId.endsWith(Constants.ALLOW_JAVA_ENCODINGS_FEATURE)) {
fAllowJavaEncodings = state;
}
if (suffixLength == Constants.LOAD_EXTERNAL_DTD_FEATURE.length() &&
featureId.endsWith(Constants.LOAD_EXTERNAL_DTD_FEATURE)) {
fLoadExternalDTD = state;
return;
}
}
} // setFeature(String,boolean)
@ -1610,7 +1640,15 @@ protected static final String PARSER_SETTINGS =
}
}
//JAXP 1.5 properties
if (propertyId.startsWith(Constants.JAXPAPI_PROPERTY_PREFIX)) {
if (propertyId.equals(ACCESS_EXTERNAL_DTD))
{
fAccessExternalDTD = (String)value;
}
}
}
/**
* Returns a list of property identifiers that are recognized by
* this component. This method may return null if no properties

2
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties
View File

@ -11,7 +11,7 @@ FallbackChild = Elements from namespace ''http://www.w3.org/2001/XInclude'', oth
HrefMissing = The 'href' attribute of an 'include' element is missing.
RecursiveInclude = Recursive include detected. Document ''{0}'' was already processed.
InvalidParseValue = Invalid value for ''parse'' attribute on ''include'' element: ''{0}''.
XMLParseError = Error attempting to parse XML file (href=''{0}'').
XMLParseError = Error attempting to parse XML file (href=''{0}''). Reason: {1}
XMLResourceError = Include operation failed, reverting to fallback. Resource error reading file as XML (href=''{0}''). Reason: {1}
TextResourceError = Include operation failed, reverting to fallback. Resource error reading file as text (href=''{0}''). Reason: {1}
NO_XPointerSchema = Schema for \"{0}\" is not supported by default. Define your own schema for {0}.See http://apache.org/xml/properties/xpointer-schema

2
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_de.properties
View File

@ -39,7 +39,7 @@ FallbackChild = Andere Elemente aus Namespace "http://www.w3.org/2001/XInclude"
HrefMissing = "href"-Attribut eines "include"-Elements fehlt.
RecursiveInclude = Rekursives "include" ermittelt. Dokument "{0}" wurde bereits verarbeitet.
InvalidParseValue = Ung\u00FCltiger Wert f\u00FCr "parse"-Attribut bei "include"-Element: "{0}".
XMLParseError = Fehler beim Versuch, XML-Datei zu parsen (href="{0}").
XMLParseError = Fehler beim Versuch, XML-Datei zu parsen (href="{0}"). Grund: {1}
XMLResourceError = Include-Vorgang nicht erfolgreich. Zur\u00FCck zu Fallback. Ressourcenfehler beim Lesen der Datei als XML (href="{0}"). Grund: {1}
TextResourceError = Include-Vorgang nicht erfolgreich. Zur\u00FCck zu Fallback. Ressourcenfehler beim Lesen der Datei als Text (href="{0}"). Grund: {1}
NO_XPointerSchema = Schema f\u00FCr \"{0}\" wird standardm\u00E4\u00DFig nicht unterst\u00FCtzt. Definieren Sie Ihr eigenes Schema f\u00FCr {0}. Siehe http://apache.org/xml/properties/xpointer-schema

2
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_es.properties
View File

@ -39,7 +39,7 @@ FallbackChild = No se permite que los elementos del espacio de nombres ''http://
HrefMissing = Falta el atributo 'href' de un elemento 'include'.
RecursiveInclude = Se ha detectado un elemento include recursivo. El documento ''{0}'' ya se ha procesado.
InvalidParseValue = Valor no v\u00E1lido para el atributo ''parse'' en el elemento ''include'': ''{0}''.
XMLParseError = Error al intentar analizar el archivo XML (href=''{0}'').
XMLParseError = Error al intentar analizar el archivo XML (href=''{0}''). Motivo: {1}
XMLResourceError = Fallo de la operaci\u00F3n include, conversi\u00F3n a fallback. Error del recurso al leer el archivo como XML (href=''{0}''). Motivo: {1}
TextResourceError = Fallo de la operaci\u00F3n include, conversi\u00F3n a fallback. Error del recurso al leer el archivo como texto (href=''{0}''). Motivo: {1}
NO_XPointerSchema = El esquema para \"{0}\" no est\u00E1 soportado por defecto. Defina su propio esquema para {0}. Consulte http://apache.org/xml/properties/xpointer-schema

2
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_fr.properties
View File

@ -39,7 +39,7 @@ FallbackChild = Les \u00E9l\u00E9ments de l''espace de noms ''http://www.w3.org/
HrefMissing = L'attribut 'href' d'un \u00E9l\u00E9ment 'include' est manquant.
RecursiveInclude = El\u00E9ment "include" r\u00E9cursif d\u00E9tect\u00E9. Le document ''{0}'' a d\u00E9j\u00E0 \u00E9t\u00E9 trait\u00E9.
InvalidParseValue = Valeur non valide pour l''attribut ''parse'' sur l''\u00E9l\u00E9ment ''include'' : ''{0}''.
XMLParseError = Erreur lors de la tentative d''analyse du fichier XML (href=''{0}'').
XMLParseError = Erreur lors de la tentative d''analyse du fichier XML (href=''{0}''). Raison : {1}
XMLResourceError = Echec de l''op\u00E9ration Include, r\u00E9tablissement de l''\u00E9l\u00E9ment fallback. Erreur de ressource lors de la lecture du fichier en tant que XML (href=''{0}''). Raison : {1}
TextResourceError = Echec de l''op\u00E9ration Include, r\u00E9tablissement de l''\u00E9l\u00E9ment fallback. Erreur de ressource lors de la lecture du fichier en tant que texte (href=''{0}''). Raison : {1}
NO_XPointerSchema = Par d\u00E9faut, le sch\u00E9ma pour \"{0}\" n''est pas pris en charge. D\u00E9finissez votre propre sch\u00E9ma pour {0}. Reportez-vous \u00E0 l''adresse http://apache.org/xml/properties/xpointer-schema

2
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_it.properties
View File

@ -39,7 +39,7 @@ FallbackChild = Gli elementi dello spazio di nomi ''http://www.w3.org/2001/XIncl
HrefMissing = Manca l'attributo 'href' di un elemento 'include'.
RecursiveInclude = Inclusione ricorsiva rilevata. Il documento ''{0}'' \u00E8 gi\u00E0 stato elaborato.
InvalidParseValue = Valore non valido per l''attributo ''parse'' nell''elemento ''include'': ''{0}''.
XMLParseError = Errore nel tentativo di analizzare il file XML (href=''{0}'').
XMLParseError = Errore nel tentativo di analizzare il file XML (href=''{0}''). Motivo: {1}
XMLResourceError = Operazione di inclusione non riuscita. Verr\u00E0 ripristinato il fallback. Errore di risorsa durante la lettura del file come XML (href=''{0}''). Motivo: {1}
TextResourceError = Operazione di inclusione non riuscita. Verr\u00E0 ripristinato il fallback. Errore di risorsa durante la lettura del file come testo (href=''{0}''). Motivo: {1}
NO_XPointerSchema = Lo schema per \"{0}\" non \u00E8 supportato per impostazione predefinita. Definire il proprio schema per {0}. Vedere http://apache.org/xml/properties/xpointer-schema.

2
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_ja.properties
View File

@ -39,7 +39,7 @@ FallbackChild = \u30CD\u30FC\u30E0\u30B9\u30DA\u30FC\u30B9''http://www.w3.org/20
HrefMissing = 'include'\u8981\u7D20\u306E'href'\u5C5E\u6027\u304C\u3042\u308A\u307E\u305B\u3093\u3002
RecursiveInclude = \u518D\u5E30\u7684\u306Ainclude\u304C\u691C\u51FA\u3055\u308C\u307E\u3057\u305F\u3002\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8''{0}''\u306F\u3059\u3067\u306B\u51E6\u7406\u3055\u308C\u3066\u3044\u307E\u3059\u3002
InvalidParseValue = ''include''\u8981\u7D20\u306E''parse''\u5C5E\u6027\u306E\u5024\u304C\u7121\u52B9\u3067\u3059: ''{0}''\u3002
XMLParseError = XML\u30D5\u30A1\u30A4\u30EB\u306E\u89E3\u6790\u8A66\u884C\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(href=''{0}'')\u3002
XMLParseError = XML\u30D5\u30A1\u30A4\u30EB\u306E\u89E3\u6790\u8A66\u884C\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(href=''{0}'')\u3002\u7406\u7531: {1}
XMLResourceError = \u30A4\u30F3\u30AF\u30EB\u30FC\u30C9\u64CD\u4F5C\u304C\u5931\u6557\u3057\u3001\u30D5\u30A9\u30FC\u30EB\u30D0\u30C3\u30AF\u306B\u623B\u308A\u307E\u3059\u3002\u30D5\u30A1\u30A4\u30EB\u3092XML\u3068\u3057\u3066\u8AAD\u53D6\u308A\u4E2D\u306B\u30EA\u30BD\u30FC\u30B9\u30FB\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(href=''{0}'')\u3002\u7406\u7531: {1}
TextResourceError = \u30A4\u30F3\u30AF\u30EB\u30FC\u30C9\u64CD\u4F5C\u304C\u5931\u6557\u3057\u3001\u30D5\u30A9\u30FC\u30EB\u30D0\u30C3\u30AF\u306B\u623B\u308A\u307E\u3059\u3002\u30D5\u30A1\u30A4\u30EB\u3092\u30C6\u30AD\u30B9\u30C8\u3068\u3057\u3066\u8AAD\u53D6\u308A\u4E2D\u306B\u30EA\u30BD\u30FC\u30B9\u30FB\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(href=''{0}'')\u3002\u7406\u7531: {1}
NO_XPointerSchema = \u30C7\u30D5\u30A9\u30EB\u30C8\u3067\u306F\u3001\"{0}\"\u306E\u30B9\u30AD\u30FC\u30DE\u306F\u30B5\u30DD\u30FC\u30C8\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002{0}\u306B\u5BFE\u3057\u3066\u72EC\u81EA\u306E\u30B9\u30AD\u30FC\u30DE\u3092\u5B9A\u7FA9\u3057\u3066\u304F\u3060\u3055\u3044\u3002http://apache.org/xml/properties/xpointer-schema\u3092\u53C2\u7167\u3057\u3066\u304F\u3060\u3055\u3044

2
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_ko.properties
View File

@ -39,7 +39,7 @@ FallbackChild = ''include'' \uC678\uC5D0 \uB2E4\uB978 ''http://www.w3.org/2001/X
HrefMissing = 'include' \uC694\uC18C\uC758 'href' \uC18D\uC131\uC774 \uB204\uB77D\uB418\uC5C8\uC2B5\uB2C8\uB2E4.
RecursiveInclude = \uC21C\uD658 include\uAC00 \uAC10\uC9C0\uB418\uC5C8\uC2B5\uB2C8\uB2E4. ''{0}'' \uBB38\uC11C\uAC00 \uC774\uBBF8 \uCC98\uB9AC\uB418\uC5C8\uC2B5\uB2C8\uB2E4.
InvalidParseValue = ''include'' \uC694\uC18C\uC5D0 ''parse'' \uC18D\uC131\uC5D0 \uB300\uD574 \uBD80\uC801\uD569\uD55C \uAC12\uC774 \uC788\uC74C: ''{0}''.
XMLParseError = XML \uD30C\uC77C(href=''{0}'')\uC758 \uAD6C\uBB38\uC744 \uBD84\uC11D\uD558\uB824\uACE0 \uC2DC\uB3C4\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4.
XMLParseError = XML \uD30C\uC77C(href=''{0}'')\uC758 \uAD6C\uBB38\uC744 \uBD84\uC11D\uD558\uB824\uACE0 \uC2DC\uB3C4\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4.\uC6D0\uC778: {1}
XMLResourceError = Include \uC791\uC5C5\uC744 \uC2E4\uD328\uD558\uC5EC fallback\uC73C\uB85C \uBCF5\uC6D0\uD558\uB294 \uC911\uC785\uB2C8\uB2E4. \uD30C\uC77C\uC744 XML(href=''{0}'')\uB85C \uC77D\uB294 \uC911 \uB9AC\uC18C\uC2A4 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. \uC6D0\uC778: {1}
TextResourceError = Include \uC791\uC5C5\uC744 \uC2E4\uD328\uD558\uC5EC fallback\uC73C\uB85C \uBCF5\uC6D0\uD558\uB294 \uC911\uC785\uB2C8\uB2E4. \uD30C\uC77C\uC744 \uD14D\uC2A4\uD2B8(href=''{0}'')\uB85C \uC77D\uB294 \uC911 \uB9AC\uC18C\uC2A4 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. \uC6D0\uC778: {1}
NO_XPointerSchema = \uAE30\uBCF8\uC801\uC73C\uB85C \"{0}\"\uC5D0 \uB300\uD55C \uC2A4\uD0A4\uB9C8\uB294 \uC9C0\uC6D0\uB418\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4. {0}\uC5D0 \uB300\uD574 \uACE0\uC720\uD55C \uC2A4\uD0A4\uB9C8\uB97C \uC815\uC758\uD558\uC2ED\uC2DC\uC624. http://apache.org/xml/properties/xpointer-schema\uB97C \uCC38\uC870\uD558\uC2ED\uC2DC\uC624.

2
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_pt_BR.properties
View File

@ -39,7 +39,7 @@ FallbackChild = Elementos do namespace ''http://www.w3.org/2001/XInclude'', dife
HrefMissing = O atributo 'href' de um elemento 'include' n\u00E3o foi encontrado.
RecursiveInclude = Inclus\u00E3o recursiva detectada. O documento ''{0}'' j\u00E1 foi processado.
InvalidParseValue = Valor inv\u00E1lido para o atributo ''parse'' no elemento ''include'': ''{0}''.
XMLParseError = Erro ao tentar fazer parse do arquivo XML (href=''{0}'').
XMLParseError = Erro ao tentar fazer parse do arquivo XML (href=''{0}''). Motivo: {1}
XMLResourceError = Falha na opera\u00E7\u00E3o de inclus\u00E3o; revertendo para fallback. Erro do recurso ao ler o arquivo como XML (href=''{0}''). Motivo: {1}
TextResourceError = Falha na opera\u00E7\u00E3o de inclus\u00E3o; revertendo para fallback. Erro do recurso ao ler o arquivo como texto (href=''{0}''). Motivo: {1}
NO_XPointerSchema = Por default, o esquema para \"{0}\" n\u00E3o \u00E9 suportado. Defina seu pr\u00F3prio esquema para {0}. Consulte http://apache.org/xml/properties/xpointer-schema

2
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_sv.properties
View File

@ -39,7 +39,7 @@ FallbackChild = Element fr\u00E5n namnrymd ''http://www.w3.org/2001/XInclude'',
HrefMissing = Ett 'href'-attribut i ett 'include'-element saknas.
RecursiveInclude = Rekursiv inkludering uppt\u00E4cktes. Dokumentet ''{0}'' har redan bearbetats.
InvalidParseValue = Ogiltigt v\u00E4rde f\u00F6r ''parse''-attribut i ''include''-element: ''{0}''.
XMLParseError = Fel vid f\u00F6rs\u00F6k att tolka XML-fil (href=''{0}'').
XMLParseError = Fel vid f\u00F6rs\u00F6k att tolka XML-fil (href=''{0}''). Orsak: {1}
XMLResourceError = Inkluderings\u00E5tg\u00E4rden utf\u00F6rdes inte, \u00E5terst\u00E4ller genom att \u00E5terskapa. Resursfel vid l\u00E4sning av fil som XML (href=''{0}''). Orsak: {1}
TextResourceError = Inkluderings\u00E5tg\u00E4rden utf\u00F6rdes inte, \u00E5terst\u00E4ller genom att \u00E5terskapa. Resursfel vid l\u00E4sning av fil som text (href=''{0}''). Orsak: {1}
NO_XPointerSchema = Schema f\u00F6r \"{0}\" st\u00F6ds inte som standard. Definiera ett eget schema f\u00F6r {0}.Se http://apache.org/xml/properties/xpointer-schema

2
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_zh_CN.properties
View File

@ -39,7 +39,7 @@ FallbackChild = \u4E0D\u5141\u8BB8\u5C06\u540D\u79F0\u7A7A\u95F4 ''http://www.w3
HrefMissing = \u7F3A\u5C11 'include' \u5143\u7D20\u7684 'href' \u5C5E\u6027\u3002
RecursiveInclude = \u68C0\u6D4B\u5230\u9012\u5F52 include\u3002\u5DF2\u5904\u7406\u6587\u6863 ''{0}''\u3002
InvalidParseValue = ''include'' \u5143\u7D20\u7684 ''parse'' \u5C5E\u6027\u7684\u503C\u65E0\u6548: ''{0}''\u3002
XMLParseError = \u5C1D\u8BD5\u5BF9 XML \u6587\u4EF6 (href=''{0}'') \u8FDB\u884C\u8BED\u6CD5\u5206\u6790\u65F6\u51FA\u9519\u3002
XMLParseError = \u5C1D\u8BD5\u5BF9 XML \u6587\u4EF6 (href=''{0}'') \u8FDB\u884C\u8BED\u6CD5\u5206\u6790\u65F6\u51FA\u9519\u3002\u539F\u56E0: {1}
XMLResourceError = Include \u64CD\u4F5C\u5931\u8D25, \u5E76\u8FD8\u539F\u4E3A fallback\u3002\u4EE5 XML (href=''{0}'') \u683C\u5F0F\u8BFB\u53D6\u6587\u4EF6\u65F6\u51FA\u73B0\u8D44\u6E90\u9519\u8BEF\u3002\u539F\u56E0: {1}
TextResourceError = Include \u64CD\u4F5C\u5931\u8D25, \u5E76\u8FD8\u539F\u4E3A fallback\u3002\u4EE5\u6587\u672C (href=''{0}'') \u683C\u5F0F\u8BFB\u53D6\u6587\u4EF6\u65F6\u51FA\u73B0\u8D44\u6E90\u9519\u8BEF\u3002\u539F\u56E0: {1}
NO_XPointerSchema = \u9ED8\u8BA4\u60C5\u51B5\u4E0B, \u4E0D\u652F\u6301 \"{0}\" \u7684\u65B9\u6848\u3002\u8BF7\u4E3A{0}\u5B9A\u4E49\u60A8\u81EA\u5DF1\u7684\u65B9\u6848\u3002\u8BF7\u8BBF\u95EE http://apache.org/xml/properties/xpointer-schema

2
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages_zh_TW.properties
View File

@ -39,7 +39,7 @@ FallbackChild = \u4F86\u81EA\u547D\u540D\u7A7A\u9593 ''http://www.w3.org/2001/XI
HrefMissing = \u907A\u6F0F 'include' \u5143\u7D20\u7684 'href' \u5C6C\u6027\u3002
RecursiveInclude = \u5075\u6E2C\u5230\u905E\u8FF4\u5305\u542B\u3002\u5DF2\u7D93\u8655\u7406\u6587\u4EF6 ''{0}''\u3002
InvalidParseValue = ''include'' \u5143\u7D20\u4E0A ''parse'' \u5C6C\u6027\u7684\u7121\u6548\u503C: ''{0}''\u3002
XMLParseError = \u5617\u8A66\u5256\u6790 XML \u6A94\u6848\u6642\u767C\u751F\u932F\u8AA4 (href=''{0}'')\u3002
XMLParseError = \u5617\u8A66\u5256\u6790 XML \u6A94\u6848\u6642\u767C\u751F\u932F\u8AA4 (href=''{0}'')\u3002\u539F\u56E0: {1}
XMLResourceError = \u5305\u542B\u4F5C\u696D\u5931\u6557\uFF0C\u56DE\u5FA9\u81F3\u5F8C\u63F4\u3002\u4EE5 XML (href=''{0}'') \u65B9\u5F0F\u8B80\u53D6\u6A94\u6848\u6642\u767C\u751F\u8CC7\u6E90\u932F\u8AA4\u3002\u539F\u56E0: {1}
TextResourceError = \u5305\u542B\u4F5C\u696D\u5931\u6557\uFF0C\u56DE\u5FA9\u81F3\u5F8C\u63F4\u3002\u4EE5\u6587\u5B57 (href=''{0}'') \u65B9\u5F0F\u8B80\u53D6\u6A94\u6848\u6642\u767C\u751F\u8CC7\u6E90\u932F\u8AA4\u3002\u539F\u56E0: {1}
NO_XPointerSchema = \u9810\u8A2D\u4E0D\u652F\u63F4 \"{0}\" \u7684\u7DB1\u8981\u3002\u8ACB\u70BA {0} \u5B9A\u7FA9\u60A8\u81EA\u5DF1\u7684\u7DB1\u8981\u3002\u8ACB\u53C3\u95B1 http://apache.org/xml/properties/xpointer-schema

3
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties
View File

@ -261,6 +261,9 @@
# Entity related messages
# 3.1 Start-Tags, End-Tags, and Empty-Element Tags
ReferenceToExternalEntity = The external entity reference \"&{0};\" is not permitted in an attribute value.
AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
# 4.1 Character and Entity References
EntityNotDeclared = The entity \"{0}\" was referenced, but not declared.
ReferenceToUnparsedEntity = The unparsed entity reference \"&{0};\" is not permitted.

3
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_de.properties
View File

@ -289,6 +289,9 @@
# Entity related messages
# 3.1 Start-Tags, End-Tags, and Empty-Element Tags
ReferenceToExternalEntity = Externe Entit\u00E4tsreferenz \"&{0};\" ist in einem Attributwert nicht zul\u00E4ssig.
AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
# 4.1 Character and Entity References
EntityNotDeclared = Entit\u00E4t \"{0}\" wurde referenziert aber nicht deklariert.
ReferenceToUnparsedEntity = Nicht geparste Entit\u00E4tsreferenz \"&{0};\" ist nicht zul\u00E4ssig.

3
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_es.properties
View File

@ -289,6 +289,9 @@
# Entity related messages
# 3.1 Start-Tags, End-Tags, and Empty-Element Tags
ReferenceToExternalEntity = La referencia de entidad externa \"&{0};\" no est\u00E1 permitida en un valor de atributo.
AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
# 4.1 Character and Entity References
EntityNotDeclared = Se hizo referencia a la entidad \"{0}\", pero no se declar\u00F3.
ReferenceToUnparsedEntity = La referencia de entidad no analizada \"&{0};\" no est\u00E1 permitida.

3
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_fr.properties
View File

@ -289,6 +289,9 @@
# Entity related messages
# 3.1 Start-Tags, End-Tags, and Empty-Element Tags
ReferenceToExternalEntity = La r\u00E9f\u00E9rence d''entit\u00E9 externe \"&{0};\" n''est pas autoris\u00E9e dans une valeur d''attribut.
AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
# 4.1 Character and Entity References
EntityNotDeclared = L''entit\u00E9 \"{0}\" \u00E9tait r\u00E9f\u00E9renc\u00E9e, mais pas d\u00E9clar\u00E9e.
ReferenceToUnparsedEntity = La r\u00E9f\u00E9rence d''entit\u00E9 non analys\u00E9e \"&{0};\" n''est pas autoris\u00E9e.

3
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_it.properties
View File

@ -289,6 +289,9 @@
# Entity related messages
# 3.1 Start-Tags, End-Tags, and Empty-Element Tags
ReferenceToExternalEntity = Il riferimento di entit\u00E0 esterna \"&{0};\" non \u00E8 consentito in un valore di attributo.
AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
# 4.1 Character and Entity References
EntityNotDeclared = L''entit\u00E0 \"{0}\" \u00E8 indicata da un riferimento, ma non \u00E8 dichiarata.
ReferenceToUnparsedEntity = Il riferimento di entit\u00E0 non analizzata \"&{0};\" non \u00E8 consentito.

3
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_ja.properties
View File

@ -289,6 +289,9 @@
# Entity related messages
# 3.1 Start-Tags, End-Tags, and Empty-Element Tags
ReferenceToExternalEntity = \u5916\u90E8\u30A8\u30F3\u30C6\u30A3\u30C6\u30A3\u53C2\u7167\"&{0};\"\u306F\u3001\u5C5E\u6027\u5024\u3067\u306F\u8A31\u53EF\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002
AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
# 4.1 Character and Entity References
EntityNotDeclared = \u30A8\u30F3\u30C6\u30A3\u30C6\u30A3\"{0}\"\u304C\u53C2\u7167\u3055\u308C\u3066\u3044\u307E\u3059\u304C\u3001\u5BA3\u8A00\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002
ReferenceToUnparsedEntity = \u672A\u89E3\u6790\u30A8\u30F3\u30C6\u30A3\u30C6\u30A3\u53C2\u7167\"&{0};\"\u306F\u8A31\u53EF\u3055\u308C\u3066\u3044\u307E\u305B\u3093\u3002

3
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_ko.properties
View File

@ -289,6 +289,9 @@
# Entity related messages
# 3.1 Start-Tags, End-Tags, and Empty-Element Tags
ReferenceToExternalEntity = \uC18D\uC131\uAC12\uC5D0\uC11C\uB294 \uC678\uBD80 \uC5D4\uD2F0\uD2F0 \uCC38\uC870 \"&{0};\"\uC774 \uD5C8\uC6A9\uB418\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.
AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
# 4.1 Character and Entity References
EntityNotDeclared = \"{0}\" \uC5D4\uD2F0\uD2F0\uAC00 \uCC38\uC870\uB418\uC5C8\uC9C0\uB9CC \uC120\uC5B8\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4.
ReferenceToUnparsedEntity = \uAD6C\uBB38\uC774 \uBD84\uC11D\uB418\uC9C0 \uC54A\uC740 \uC5D4\uD2F0\uD2F0 \uCC38\uC870 \"&{0};\"\uC740(\uB294) \uD5C8\uC6A9\uB418\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.

3
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_pt_BR.properties
View File

@ -289,6 +289,9 @@
# Entity related messages
# 3.1 Start-Tags, End-Tags, and Empty-Element Tags
ReferenceToExternalEntity = A refer\u00EAncia da entidade externa \"&{0};\" n\u00E3o \u00E9 permitida em um valor do atributo.
AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
# 4.1 Character and Entity References
EntityNotDeclared = A entidade \"{0}\" foi referenciada, mas n\u00E3o declarada.
ReferenceToUnparsedEntity = A refer\u00EAncia da entidade n\u00E3o submetida a parse \"&{0};\" n\u00E3o \u00E9 permitida.

3
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_sv.properties
View File

@ -289,6 +289,9 @@
# Entity related messages
# 3.1 Start-Tags, End-Tags, and Empty-Element Tags
ReferenceToExternalEntity = Den externa enhetsreferensen \"&{0};\" till\u00E5ts inte i ett attributv\u00E4rde.
AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
# 4.1 Character and Entity References
EntityNotDeclared = Enheten \"{0}\" har refererats, men \u00E4r inte deklarerad.
ReferenceToUnparsedEntity = Den otolkade enhetsreferensen \"&{0};\" \u00E4r inte till\u00E5ten.

3
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_zh_CN.properties
View File

@ -289,6 +289,9 @@
# Entity related messages
# 3.1 Start-Tags, End-Tags, and Empty-Element Tags
ReferenceToExternalEntity = \u5C5E\u6027\u503C\u4E2D\u4E0D\u5141\u8BB8\u91C7\u7528\u5916\u90E8\u5B9E\u4F53\u5F15\u7528 \"&{0};\"\u3002
AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
# 4.1 Character and Entity References
EntityNotDeclared = \u5F15\u7528\u4E86\u5B9E\u4F53 \"{0}\", \u4F46\u672A\u58F0\u660E\u5B83\u3002
ReferenceToUnparsedEntity = \u4E0D\u5141\u8BB8\u4F7F\u7528\u672A\u8FDB\u884C\u8BED\u6CD5\u5206\u6790\u7684\u5B9E\u4F53\u5F15\u7528 \"&{0};\"\u3002

3
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages_zh_TW.properties
View File

@ -289,6 +289,9 @@
# Entity related messages
# 3.1 Start-Tags, End-Tags, and Empty-Element Tags
ReferenceToExternalEntity = \u5C6C\u6027\u503C\u4E0D\u5141\u8A31\u53C3\u7167\u5916\u90E8\u500B\u9AD4 \"&{0};\"\u3002
AccessExternalDTD = External DTD: Failed to read external DTD ''{0}'', because ''{1}'' access is not allowed.
AccessExternalEntity = External Entity: Failed to read external document ''{0}'', because ''{1}'' access is not allowed.
# 4.1 Character and Entity References
EntityNotDeclared = \u53C3\u7167\u4E86\u500B\u9AD4 \"{0}\"\uFF0C\u4F46\u662F\u672A\u5BA3\u544A\u3002
ReferenceToUnparsedEntity = \u4E0D\u5141\u8A31\u672A\u5256\u6790\u7684\u500B\u9AD4\u53C3\u7167 \"&{0};\"\u3002

4
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages.properties
View File

@ -86,6 +86,7 @@
#schema valid (3.X.3)
schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
schema_reference.4 = schema_reference.4: Failed to read schema document ''{0}'', because 1) could not find the document; 2) the document could not be read; 3) the root element of the document is not <xsd:schema>.
src-annotation = src-annotation: <annotation> elements can only contain <appinfo> and <documentation> elements, but ''{0}'' was found.
src-attribute.1 = src-attribute.1: The properties ''default'' and ''fixed'' cannot both be present in attribute declaration ''{0}''. Use only one of them.
@ -289,6 +290,3 @@
TargetNamespace.2 = TargetNamespace.2: Expecting no namespace, but the schema document has a target namespace of ''{1}''.
UndeclaredEntity = UndeclaredEntity: Entity ''{0}'' is not declared.
UndeclaredPrefix = UndeclaredPrefix: Cannot resolve ''{0}'' as a QName: the prefix ''{1}'' is not declared.
null
null
null

1
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_de.properties
View File

@ -114,6 +114,7 @@
#schema valid (3.X.3)
schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
schema_reference.4 = schema_reference.4: Schemadokument "{0}" konnte nicht gelesen werden, da 1) das Dokument nicht gefunden werden konnte; 2) das Dokument nicht gelesen werden konnte; 3) das Root-Element des Dokuments nicht <xsd:schema> ist.
src-annotation = src-annotation: <annotation>-Elemente k\u00F6nnen nur <appinfo>- und <documentation>-Elemente enthalten, aber es wurde "{0}" gefunden.
src-attribute.1 = src-attribute.1: Die Eigenschaften "default" und "fixed" k\u00F6nnen nicht beide in der Attributdeklaration "{0}" vorhanden sein. Verwenden Sie nur eine dieser Eigenschaften.

1
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_es.properties
View File

@ -114,6 +114,7 @@
#schema valid (3.X.3)
schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
schema_reference.4 = schema_reference.4: Fallo al leer el documento de esquema ''{0}'', porque 1) no se ha encontrado el documento; 2) no se ha podido leer el documento; 3) el elemento ra\u00EDz del documento no es <xsd:schema>.
src-annotation = src-annotation: Los elementos de <annotation> s\u00F3lo pueden contener elementos de <appinfo> y <documentation>, pero se ha encontrado ''{0}''.
src-attribute.1 = src-attribute.1: Las propiedades ''default'' y ''fixed'' no pueden estar presentes de forma simult\u00E1nea en la declaraci\u00F3n de atributo ''{0}''. Utilice s\u00F3lo una de ellas.

1
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_fr.properties
View File

@ -114,6 +114,7 @@
#schema valid (3.X.3)
schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
schema_reference.4 = schema_reference.4 : Echec de la lecture du document de sch\u00E9ma ''{0}'' pour les raisons suivantes : 1) Le document est introuvable ; 2) Le document n''a pas pu \u00EAtre lu ; 3) L''\u00E9l\u00E9ment racine du document n''est pas <xsd:schema>.
src-annotation = src-annotation : Les \u00E9l\u00E9ments <annotation> ne peuvent contenir que des \u00E9l\u00E9ments <appinfo> et <documentation>, mais ''{0}'' a \u00E9t\u00E9 trouv\u00E9.
src-attribute.1 = src-attribute.1 : Les propri\u00E9t\u00E9s ''default'' et ''fixed'' ne peuvent pas figurer simultan\u00E9ment dans la d\u00E9claration d''attribut ''{0}''. Utilisez uniquement l''une d''entre elles.

1
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_it.properties
View File

@ -114,6 +114,7 @@
#schema valid (3.X.3)
schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
schema_reference.4 = schema_reference.4: lettura del documento di schema "{0}" non riuscita perch\u00E9 1) non \u00E8 stato possibile trovare il documento; 2) non \u00E8 stato possibile leggere il documento; 3) l''elemento radice del documento non \u00E8 <xsd:schema>.
src-annotation = src-annotation: possono essere contenuti soltanto elementi <appinfo> e <documentation>, ma \u00E8 stato trovato ''{0}''.
src-attribute.1 = src-attribute.1: le propriet\u00E0 ''default'' e ''fixed'' non possono essere entrambi presenti nella dichiarazione di attributo ''{0}''. Utilizzarne solo una.

1
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_ja.properties
View File

@ -114,6 +114,7 @@
#schema valid (3.X.3)
schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
schema_reference.4 = schema_reference.4: 1)\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u304C\u898B\u3064\u304B\u3089\u306A\u304B\u3063\u305F\u30012)\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u3092\u8AAD\u307F\u53D6\u308C\u306A\u304B\u3063\u305F\u30013)\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8\u306E\u30EB\u30FC\u30C8\u8981\u7D20\u304C<xsd:schema>\u3067\u306F\u306A\u304B\u3063\u305F\u305F\u3081\u3001\u30B9\u30AD\u30FC\u30DE\u30FB\u30C9\u30AD\u30E5\u30E1\u30F3\u30C8''{0}''\u306E\u8AAD\u53D6\u308A\u306B\u5931\u6557\u3057\u307E\u3057\u305F\u3002
src-annotation = src-annotation: <annotation>\u8981\u7D20\u306B\u542B\u3081\u308B\u3053\u3068\u304C\u3067\u304D\u308B\u306E\u306F<appinfo>\u8981\u7D20\u304A\u3088\u3073<documentation>\u8981\u7D20\u306E\u307F\u3067\u3059\u304C\u3001''{0}''\u304C\u898B\u3064\u304B\u308A\u307E\u3057\u305F\u3002
src-attribute.1 = src-attribute.1: ''default''\u3068''fixed''\u306E\u4E21\u65B9\u306E\u30D7\u30ED\u30D1\u30C6\u30A3\u3092\u5C5E\u6027\u5BA3\u8A00''{0}''\u306B\u542B\u3081\u308B\u3053\u3068\u306F\u3067\u304D\u307E\u305B\u3093\u3002\u3044\u305A\u308C\u304B\u4E00\u65B9\u306E\u307F\u3092\u4F7F\u7528\u3057\u3066\u304F\u3060\u3055\u3044\u3002

1
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_ko.properties
View File

@ -114,6 +114,7 @@
#schema valid (3.X.3)
schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
schema_reference.4 = schema_reference.4: \uC2A4\uD0A4\uB9C8 \uBB38\uC11C ''{0}'' \uC77D\uAE30\uB97C \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4. \uC6D0\uC778: 1) \uBB38\uC11C\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. 2) \uBB38\uC11C\uB97C \uC77D\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. 3) \uBB38\uC11C\uC758 \uB8E8\uD2B8 \uC694\uC18C\uAC00 <xsd:schema>\uAC00 \uC544\uB2D9\uB2C8\uB2E4.
src-annotation = src-annotation: <annotation> \uC694\uC18C\uC5D0\uB294 <appinfo> \uBC0F <documentation> \uC694\uC18C\uB9CC \uD3EC\uD568\uB420 \uC218 \uC788\uC9C0\uB9CC ''{0}''\uC774(\uAC00) \uBC1C\uACAC\uB418\uC5C8\uC2B5\uB2C8\uB2E4.
src-attribute.1 = src-attribute.1: ''default'' \uBC0F ''fixed'' \uC18D\uC131\uC740 \uC18D\uC131 \uC120\uC5B8 ''{0}''\uC5D0 \uD568\uAED8 \uC874\uC7AC\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. \uD558\uB098\uB9CC \uC0AC\uC6A9\uD558\uC2ED\uC2DC\uC624.

1
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_pt_BR.properties
View File

@ -114,6 +114,7 @@
#schema valid (3.X.3)
schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
schema_reference.4 = schema_reference.4: Falha ao ler o documento do esquema ''{0}'' porque 1) n\u00E3o foi poss\u00EDvel encontrar o documento; 2) n\u00E3o foi poss\u00EDvel ler o documento; 3) o elemento-raiz do documento n\u00E3o \u00E9 <xsd:schema>.
src-annotation = src-annotation: os elementos de <annotation> podem conter somente os elementos <appinfo> e <documentation>, mas foi encontrado ''{0}''.
src-attribute.1 = src-attribute.1: As propriedades ''default'' e ''fixed'' n\u00E3o podem estar presentes na declara\u00E7\u00E3o do atributo ''{0}''. Use somente uma delas.

1
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_sv.properties
View File

@ -114,6 +114,7 @@
#schema valid (3.X.3)
schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
schema_reference.4 = schema_reference.4: L\u00E4sning av schemadokument ''{0}'' utf\u00F6rdes inte p\u00E5 grund av 1) det g\u00E5r inte att hitta dokumentet; 2) det g\u00E5r inte att l\u00E4sa dokumentet; 3) dokumentets rotelement \u00E4r inte <xsd:schema>.
src-annotation = src-annotation: element f\u00F6r <anteckningar> f\u00E5r endast inneh\u00E5lla element f\u00F6r <appinfo> och <dokumentation>, men ''{0}'' hittades.
src-attribute.1 = src-attribute.1: B\u00E5da egenskaperna ''default'' och ''fixed'' kan inte samtidigt ing\u00E5 i attributdeklarationen ''{0}''. Anv\u00E4nd en av dem.

1
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_zh_CN.properties
View File

@ -114,6 +114,7 @@
#schema valid (3.X.3)
schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
schema_reference.4 = schema_reference.4: \u65E0\u6CD5\u8BFB\u53D6\u65B9\u6848\u6587\u6863 ''{0}'', \u539F\u56E0\u4E3A 1) \u65E0\u6CD5\u627E\u5230\u6587\u6863; 2) \u65E0\u6CD5\u8BFB\u53D6\u6587\u6863; 3) \u6587\u6863\u7684\u6839\u5143\u7D20\u4E0D\u662F <xsd:schema>\u3002
src-annotation = src-annotation: <annotation> \u5143\u7D20\u53EA\u80FD\u5305\u542B <appinfo> \u548C <documentation> \u5143\u7D20, \u4F46\u53D1\u73B0\u4E86 ''{0}''\u3002
src-attribute.1 = src-attribute.1: \u5C5E\u6027\u58F0\u660E ''{0}'' \u4E2D\u4E0D\u80FD\u540C\u65F6\u5B58\u5728\u7279\u6027 ''default'' \u548C ''fixed''\u3002\u5E94\u53EA\u4F7F\u7528\u5176\u4E2D\u4E00\u4E2A\u3002

1
jaxp/src/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages_zh_TW.properties
View File

@ -114,6 +114,7 @@
#schema valid (3.X.3)
schema_reference.access = schema_reference: Failed to read schema document ''{0}'', because ''{1}'' access is not allowed.
schema_reference.4 = schema_reference.4: \u7121\u6CD5\u8B80\u53D6\u7DB1\u8981\u6587\u4EF6 ''{0}''\uFF0C\u56E0\u70BA 1) \u627E\u4E0D\u5230\u6587\u4EF6; 2) \u7121\u6CD5\u8B80\u53D6\u6587\u4EF6; 3) \u6587\u4EF6\u7684\u6839\u5143\u7D20\u4E0D\u662F <xsd:schema>\u3002
src-annotation = src-annotation: <annotation> \u5143\u7D20\u50C5\u80FD\u5305\u542B <appinfo> \u8207 <documentation> \u5143\u7D20\uFF0C\u4F46\u627E\u5230 ''{0}''\u3002
src-attribute.1 = src-attribute.1: \u5C6C\u6027 ''default'' \u8207 ''fixed'' \u4E0D\u53EF\u540C\u6642\u51FA\u73FE\u5728\u5C6C\u6027\u5BA3\u544A ''{0}'' \u4E2D\u3002\u8ACB\u53EA\u4F7F\u7528\u5176\u4E2D\u4E00\u500B\u3002

32
jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaLoader.java
View File

@ -53,6 +53,7 @@ import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings;
import com.sun.org.apache.xerces.internal.util.Status;
import com.sun.org.apache.xerces.internal.util.SymbolTable;
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
import com.sun.org.apache.xerces.internal.xni.XNIException;
import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription;
@ -71,6 +72,7 @@ import com.sun.org.apache.xerces.internal.xs.XSLoader;
import com.sun.org.apache.xerces.internal.xs.XSModel;
import java.util.HashMap;
import java.util.Map;
import javax.xml.XMLConstants;
import org.w3c.dom.DOMConfiguration;
import org.w3c.dom.DOMError;
import org.w3c.dom.DOMErrorHandler;
@ -216,6 +218,12 @@ XSLoader, DOMConfiguration {
protected static final String ENTITY_MANAGER =
Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_MANAGER_PROPERTY;
/** Property identifier: access to external dtd */
public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
/** Property identifier: access to external schema */
public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
// recognized properties
private static final String [] RECOGNIZED_PROPERTIES = {
ENTITY_MANAGER,
@ -229,7 +237,9 @@ XSLoader, DOMConfiguration {
JAXP_SCHEMA_SOURCE,
SECURITY_MANAGER,
LOCALE,
SCHEMA_DV_FACTORY
SCHEMA_DV_FACTORY,
ACCESS_EXTERNAL_DTD,
ACCESS_EXTERNAL_SCHEMA
};
// Data
@ -260,6 +270,8 @@ XSLoader, DOMConfiguration {
private final CMNodeFactory fNodeFactory = new CMNodeFactory(); //component mgr will be set later
private CMBuilder fCMBuilder;
private XSDDescription fXSDDescription = new XSDDescription();
private String faccessExternalDTD = Constants.EXTERNAL_ACCESS_DEFAULT;
private String faccessExternalSchema = Constants.EXTERNAL_ACCESS_DEFAULT;
private Map fJAXPCache;
private Locale fLocale = Locale.getDefault();
@ -454,6 +466,12 @@ XSLoader, DOMConfiguration {
fErrorReporter.putMessageFormatter(XSMessageFormatter.SCHEMA_DOMAIN, new XSMessageFormatter());
}
}
else if (propertyId.equals(ACCESS_EXTERNAL_DTD)) {
faccessExternalDTD = (String) state;
}
else if (propertyId.equals(ACCESS_EXTERNAL_SCHEMA)) {
faccessExternalSchema = (String) state;
}
} // setProperty(String, Object)
/**
@ -585,6 +603,15 @@ XSLoader, DOMConfiguration {
if(!fJAXPProcessed) {
processJAXPSchemaSource(locationPairs);
}
if (desc.isExternal()) {
String accessError = SecuritySupport.checkAccess(desc.getExpandedSystemId(), faccessExternalSchema, Constants.ACCESS_EXTERNAL_ALL);
if (accessError != null) {
throw new XNIException(fErrorReporter.reportError(XSMessageFormatter.SCHEMA_DOMAIN,
"schema_reference.access",
new Object[] { SecuritySupport.sanitizePath(desc.getExpandedSystemId()), accessError }, XMLErrorReporter.SEVERITY_ERROR));
}
}
SchemaGrammar grammar = fSchemaHandler.parseSchema(source, desc, locationPairs);
return grammar;
@ -1038,6 +1065,9 @@ XSLoader, DOMConfiguration {
// get generate-synthetic-annotations feature
fSchemaHandler.setGenerateSyntheticAnnotations(componentManager.getFeature(GENERATE_SYNTHETIC_ANNOTATIONS, false));
fSchemaHandler.reset(componentManager);
faccessExternalDTD = (String) componentManager.getProperty(ACCESS_EXTERNAL_DTD);
faccessExternalSchema = (String) componentManager.getProperty(ACCESS_EXTERNAL_SCHEMA);
}
private void initGrammarBucket(){

12
jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XMLSchemaValidator.java
View File

@ -29,7 +29,7 @@ import java.util.Map;
import java.util.Stack;
import java.util.Vector;
import java.util.ArrayList;
import javax.xml.XMLConstants;
import com.sun.org.apache.xerces.internal.impl.Constants;
import com.sun.org.apache.xerces.internal.impl.RevalidationHandler;
import com.sun.org.apache.xerces.internal.impl.XMLEntityManager;
@ -233,6 +233,12 @@ public class XMLSchemaValidator
protected static final String SCHEMA_DV_FACTORY =
Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY;
/** property identifier: access external dtd. */
private static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
/** Property identifier: access to external schema */
private static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
protected static final String USE_SERVICE_MECHANISM = Constants.ORACLE_FEATURE_SERVICE_MECHANISM;
// recognized features and properties
@ -291,11 +297,13 @@ public class XMLSchemaValidator
JAXP_SCHEMA_SOURCE,
JAXP_SCHEMA_LANGUAGE,
SCHEMA_DV_FACTORY,
ACCESS_EXTERNAL_DTD,
ACCESS_EXTERNAL_SCHEMA
};
/** Property defaults. */
private static final Object[] PROPERTY_DEFAULTS =
{ null, null, null, null, null, null, null, null, null, null, null};
{ null, null, null, null, null, null, null, null, null, null, null, null, null};
// this is the number of valuestores of each kind
// we expect an element to have. It's almost

12
jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/XSDDescription.java
View File

@ -34,6 +34,7 @@ import com.sun.org.apache.xerces.internal.xni.grammars.XMLSchemaDescription;
* @author Neil Graham, IBM
* @author Neeraj Bajaj, SUN Microsystems.
*
* @version $Id: XSDDescription.java,v 1.6 2010-11-01 04:39:55 joehw Exp $
*/
public class XSDDescription extends XMLResourceIdentifierImpl
implements XMLSchemaDescription {
@ -180,6 +181,17 @@ public class XSDDescription extends XMLResourceIdentifierImpl
fContextType == CONTEXT_XSITYPE;
}
/**
* @return true is the schema is external
*/
public boolean isExternal() {
return fContextType == CONTEXT_INCLUDE ||
fContextType == CONTEXT_REDEFINE ||
fContextType == CONTEXT_IMPORT ||
fContextType == CONTEXT_ELEMENT ||
fContextType == CONTEXT_ATTRIBUTE ||
fContextType == CONTEXT_XSITYPE;
}
/**
* Compares this grammar with the given grammar. Currently, we compare
* the target namespaces.

24
jaxp/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java
View File

@ -77,6 +77,7 @@ import com.sun.org.apache.xerces.internal.util.SymbolHash;
import com.sun.org.apache.xerces.internal.util.SymbolTable;
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
import com.sun.org.apache.xerces.internal.util.URI.MalformedURIException;
import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
import com.sun.org.apache.xerces.internal.xni.QName;
import com.sun.org.apache.xerces.internal.xni.XNIException;
import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
@ -105,6 +106,7 @@ import com.sun.org.apache.xerces.internal.xs.XSSimpleTypeDefinition;
import com.sun.org.apache.xerces.internal.xs.XSTerm;
import com.sun.org.apache.xerces.internal.xs.XSTypeDefinition;
import com.sun.org.apache.xerces.internal.xs.datatypes.ObjectList;
import javax.xml.XMLConstants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@ -221,6 +223,12 @@ public class XSDHandler {
protected static final String LOCALE =
Constants.XERCES_PROPERTY_PREFIX + Constants.LOCALE_PROPERTY;
/** property identifier: access external dtd. */
public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
/** Property identifier: access to external schema */
public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
protected static final boolean DEBUG_NODE_POOL = false;
// Data
@ -251,6 +259,8 @@ public class XSDHandler {
*/
protected SecurityManager fSecureProcessing = null;
private String fAccessExternalSchema;
// These tables correspond to the symbol spaces defined in the
// spec.
// They are keyed with a QName (that is, String("URI,localpart) and
@ -2150,6 +2160,15 @@ public class XSDHandler {
fLastSchemaWasDuplicate = true;
return schemaElement;
}
if (referType == XSDDescription.CONTEXT_IMPORT || referType == XSDDescription.CONTEXT_INCLUDE
|| referType == XSDDescription.CONTEXT_REDEFINE) {
String accessError = SecuritySupport.checkAccess(schemaId, fAccessExternalSchema, Constants.ACCESS_EXTERNAL_ALL);
if (accessError != null) {
reportSchemaFatalError("schema_reference.access",
new Object[] { SecuritySupport.sanitizePath(schemaId), accessError },
referElement);
}
}
}
fSchemaParser.parse(schemaSource);
@ -3561,6 +3580,11 @@ public class XSDHandler {
} catch (XMLConfigurationException e) {
}
//For Schema validation, the secure feature is set to true by default
fSchemaParser.setProperty(ACCESS_EXTERNAL_DTD,
componentManager.getProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT));
fAccessExternalSchema = (String) componentManager.getProperty(
ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
} // reset(XMLComponentManager)

10
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderFactoryImpl.java
View File

@ -37,7 +37,7 @@ import org.xml.sax.SAXNotSupportedException;
/**
* @author Rajiv Mordani
* @author Edwin Goei
* @version $Id: DocumentBuilderFactoryImpl.java,v 1.6 2009/07/28 23:48:32 joehw Exp $
* @version $Id: DocumentBuilderFactoryImpl.java,v 1.8 2010-11-01 04:40:06 joehw Exp $
*/
public class DocumentBuilderFactoryImpl extends DocumentBuilderFactory {
/** These are DocumentBuilderFactory attributes not DOM attributes */
@ -191,6 +191,9 @@ public class DocumentBuilderFactoryImpl extends DocumentBuilderFactory {
public void setFeature(String name, boolean value)
throws ParserConfigurationException {
if (features == null) {
features = new Hashtable();
}
// If this is the secure processing feature, save it then return.
if (name.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) {
if (System.getSecurityManager() != null && (!value)) {
@ -199,11 +202,10 @@ public class DocumentBuilderFactoryImpl extends DocumentBuilderFactory {
"jaxp-secureprocessing-feature", null));
}
fSecureProcess = value;
features.put(name, value ? Boolean.TRUE : Boolean.FALSE);
return;
}
if (features == null) {
features = new Hashtable();
}
features.put(name, value ? Boolean.TRUE : Boolean.FALSE);
// Test the feature by possibly throwing SAX exceptions
try {

29
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java
View File

@ -27,6 +27,7 @@ import java.util.Map;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.validation.Schema;
import javax.xml.XMLConstants;
import com.sun.org.apache.xerces.internal.dom.DOMImplementationImpl;
import com.sun.org.apache.xerces.internal.dom.DOMMessageFormatter;
@ -42,6 +43,7 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
import com.sun.org.apache.xerces.internal.xni.parser.XMLDocumentSource;
import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
import javax.xml.XMLConstants;
import org.w3c.dom.DOMImplementation;
import org.w3c.dom.Document;
import org.xml.sax.EntityResolver;
@ -95,6 +97,12 @@ public class DocumentBuilderImpl extends DocumentBuilder
private static final String SECURITY_MANAGER =
Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
/** property identifier: access external dtd. */
public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
/** Property identifier: access to external schema */
public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
private final DOMParser domParser;
private final Schema grammar;
@ -155,6 +163,23 @@ public class DocumentBuilderImpl extends DocumentBuilder
// If the secure processing feature is on set a security manager.
if (secureProcessing) {
domParser.setProperty(SECURITY_MANAGER, new SecurityManager());
/**
* By default, secure processing is set, no external access is allowed.
* However, we need to check if it is actively set on the factory since we
* allow the use of the System Property or jaxp.properties to override
* the default value
*/
if (features != null) {
Object temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING);
if (temp != null) {
boolean value = ((Boolean) temp).booleanValue();
if (value) {
domParser.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
domParser.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
}
}
}
}
this.grammar = dbf.getSchema();
@ -211,6 +236,10 @@ public class DocumentBuilderImpl extends DocumentBuilder
String feature = (String) entry.getKey();
boolean value = ((Boolean) entry.getValue()).booleanValue();
domParser.setFeature(feature, value);
if (feature.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) {
domParser.setProperty(ACCESS_EXTERNAL_DTD, "");
domParser.setProperty(ACCESS_EXTERNAL_SCHEMA, "");
}
}
}
}

3
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/SAXParserFactoryImpl.java
View File

@ -43,7 +43,7 @@ import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
* @author Rajiv Mordani
* @author Edwin Goei
*
* @version $Id: SAXParserFactoryImpl.java,v 1.7 2009/07/28 23:48:32 joehw Exp $
* @version $Id: SAXParserFactoryImpl.java,v 1.9 2010-11-01 04:40:06 joehw Exp $
*/
public class SAXParserFactoryImpl extends SAXParserFactory {
@ -124,6 +124,7 @@ public class SAXParserFactoryImpl extends SAXParserFactory {
"jaxp-secureprocessing-feature", null));
}
fSecureProcess = value;
putInFeatures(name, value);
return;
}

26
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java
View File

@ -92,6 +92,12 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
private static final String SECURITY_MANAGER =
Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
/** property identifier: access external dtd. */
public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
/** Property identifier: access to external schema */
public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
private final JAXPSAXParser xmlReader;
private String schemaLanguage = null; // null means DTD
private final Schema grammar;
@ -146,6 +152,22 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
// If the secure processing feature is on set a security manager.
if (secureProcessing) {
xmlReader.setProperty0(SECURITY_MANAGER, new SecurityManager());
/**
* By default, secure processing is set, no external access is allowed.
* However, we need to check if it is actively set on the factory since we
* allow the use of the System Property or jaxp.properties to override
* the default value
*/
if (features != null) {
Object temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING);
if (temp != null) {
boolean value = ((Boolean) temp).booleanValue();
if (value) {
xmlReader.setProperty0(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
xmlReader.setProperty0(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
}
}
}
}
// Set application's features, followed by validation features.
@ -220,6 +242,10 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
String feature = (String) entry.getKey();
boolean value = ((Boolean) entry.getValue()).booleanValue();
xmlReader.setFeature0(feature, value);
if (feature.equals(XMLConstants.FEATURE_SECURE_PROCESSING) && value) {
xmlReader.setProperty0(ACCESS_EXTERNAL_DTD, "");
xmlReader.setProperty0(ACCESS_EXTERNAL_SCHEMA, "");
}
}
}
}

28
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/AbstractXMLSchema.java
View File

@ -41,8 +41,15 @@ abstract class AbstractXMLSchema extends Schema implements
*/
private final HashMap fFeatures;
/**
* Map containing the initial values of properties for
* validators created using this grammar pool container.
*/
private final HashMap fProperties;
public AbstractXMLSchema() {
fFeatures = new HashMap();
fProperties = new HashMap();
}
/*
@ -77,11 +84,26 @@ abstract class AbstractXMLSchema extends Schema implements
}
/*
* Other methods
* Set a feature on the schema
*/
final void setFeature(String featureId, boolean state) {
public final void setFeature(String featureId, boolean state) {
fFeatures.put(featureId, state ? Boolean.TRUE : Boolean.FALSE);
}
/**
* Returns the initial value of a property for validators created
* using this grammar pool container or null if the validators
* should use the default value.
*/
public final Object getProperty(String propertyId) {
return fProperties.get(propertyId);
}
/*
* Set a property on the schema
*/
public final void setProperty(String propertyId, Object state) {
fProperties.put(propertyId, state);
}
} // AbstractXMLSchema

3
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java
View File

@ -32,6 +32,7 @@ import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.XMLConstants;
import com.sun.org.apache.xerces.internal.impl.Constants;
import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter;
@ -176,6 +177,8 @@ final class StreamValidatorHelper implements ValidatorHelper {
}
config.setProperty(SYMBOL_TABLE, fComponentManager.getProperty(SYMBOL_TABLE));
config.setProperty(VALIDATION_MANAGER, fComponentManager.getProperty(VALIDATION_MANAGER));
config.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
fComponentManager.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
config.setDocumentHandler(fSchemaValidator);
config.setDTDHandler(null);
config.setDTDContentModelHandler(null);

4
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java
View File

@ -675,6 +675,8 @@ final class ValidatorHandlerImpl extends ValidatorHandler implements
spf.setNamespaceAware(true);
try {
reader = spf.newSAXParser().getXMLReader();
reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
fComponentManager.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
// If this is a Xerces SAX parser, set the security manager if there is one
if (reader instanceof com.sun.org.apache.xerces.internal.parsers.SAXParser) {
SecurityManager securityManager = (SecurityManager) fComponentManager.getProperty(SECURITY_MANAGER);
@ -685,6 +687,8 @@ final class ValidatorHandlerImpl extends ValidatorHandler implements
// Ignore the exception if the security manager cannot be set.
catch (SAXException exc) {}
}
reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,
fComponentManager.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD));
}
} catch( Exception e ) {
// this is impossible, but better safe than sorry

27
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java
View File

@ -45,6 +45,7 @@ import com.sun.org.apache.xerces.internal.util.SecurityManager;
import com.sun.org.apache.xerces.internal.util.StAXInputSource;
import com.sun.org.apache.xerces.internal.util.Status;
import com.sun.org.apache.xerces.internal.util.XMLGrammarPoolImpl;
import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
import com.sun.org.apache.xerces.internal.xni.XNIException;
import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarDescription;
@ -82,6 +83,12 @@ public final class XMLSchemaFactory extends SchemaFactory {
private static final String SECURITY_MANAGER =
Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
/** property identifier: access external dtd. */
public static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
/** Property identifier: access to external schema */
public static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
//
// Data
//
@ -132,6 +139,14 @@ public final class XMLSchemaFactory extends SchemaFactory {
// Enable secure processing feature by default
fSecurityManager = new SecurityManager();
fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
//by default, the secure feature is set to true, otherwise the default would have been 'file'
String accessExternal = SecuritySupport.getDefaultAccessProperty(
Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, accessExternal);
accessExternal = SecuritySupport.getDefaultAccessProperty(
Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, accessExternal);
}
/**
@ -274,6 +289,7 @@ public final class XMLSchemaFactory extends SchemaFactory {
// Use a Schema that uses the system id as the equality source.
AbstractXMLSchema schema = new WeakReferenceXMLSchema();
propagateFeatures(schema);
propagateProperties(schema);
return schema;
}
@ -350,6 +366,8 @@ public final class XMLSchemaFactory extends SchemaFactory {
}
fSecurityManager = value ? new SecurityManager() : null;
fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
fXMLSchemaLoader.setProperty(ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT_FSP);
return;
} else if (name.equals(Constants.ORACLE_FEATURE_SERVICE_MECHANISM)) {
//in secure mode, let _useServicesMechanism be determined by the constructor
@ -418,6 +436,15 @@ public final class XMLSchemaFactory extends SchemaFactory {
}
}
private void propagateProperties(AbstractXMLSchema schema) {
String[] properties = fXMLSchemaLoader.getRecognizedProperties();
for (int i = 0; i < properties.length; ++i) {
Object state = fXMLSchemaLoader.getProperty(properties[i]);
schema.setProperty(properties[i], state);
}
}
/**
* Extension of XMLGrammarPoolImpl which exposes the number of
* grammars stored in the grammar pool.

9
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java
View File

@ -123,6 +123,12 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
private static final String LOCALE =
Constants.XERCES_PROPERTY_PREFIX + Constants.LOCALE_PROPERTY;
/** property identifier: access external dtd. */
private static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
/** Property identifier: access to external schema */
private static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
//
// Data
//
@ -243,6 +249,9 @@ final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettin
}
fComponents.put(SECURITY_MANAGER, fInitSecurityManager);
//pass on properties set on SchemaFactory
setProperty(ACCESS_EXTERNAL_DTD, grammarContainer.getProperty(ACCESS_EXTERNAL_DTD));
setProperty(ACCESS_EXTERNAL_SCHEMA, grammarContainer.getProperty(ACCESS_EXTERNAL_SCHEMA));
}
/**

17
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/XSGrammarPoolContainer.java
View File

@ -55,4 +55,21 @@ public interface XSGrammarPoolContainer {
*/
public Boolean getFeature(String featureId);
/*
* Set a feature on the schema
*/
public void setFeature(String featureId, boolean state);
/**
* Returns the initial value of a property for validators created
* using this grammar pool container or null if the validators
* should use the default value.
*/
public Object getProperty(String propertyId);
/*
* Set a property on the schema
*/
public void setProperty(String propertyId, Object state);
}

63
jaxp/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java
View File

@ -20,10 +20,13 @@
package com.sun.org.apache.xerces.internal.parsers;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Locale;
import java.util.Properties;
import javax.xml.XMLConstants;
import com.sun.org.apache.xerces.internal.impl.Constants;
import com.sun.org.apache.xerces.internal.impl.XML11DTDScannerImpl;
@ -52,6 +55,7 @@ import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings;
import com.sun.org.apache.xerces.internal.util.PropertyState;
import com.sun.org.apache.xerces.internal.util.Status;
import com.sun.org.apache.xerces.internal.util.SymbolTable;
import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler;
import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
@ -274,6 +278,12 @@ public class XML11Configuration extends ParserConfigurationSettings
protected static final String SCHEMA_DV_FACTORY =
Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY;
/** Property identifier: access to external dtd */
protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
/** Property identifier: access to external schema */
protected static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
// debugging
/** Set to true and recompile to print exception stack trace. */
@ -475,7 +485,8 @@ public class XML11Configuration extends ParserConfigurationSettings
XMLSCHEMA_VALIDATION, XMLSCHEMA_FULL_CHECKING,
EXTERNAL_GENERAL_ENTITIES,
EXTERNAL_PARAMETER_ENTITIES,
PARSER_SETTINGS
PARSER_SETTINGS,
XMLConstants.FEATURE_SECURE_PROCESSING
};
addRecognizedFeatures(recognizedFeatures);
// set state for default features
@ -488,30 +499,31 @@ public class XML11Configuration extends ParserConfigurationSettings
fFeatures.put(SCHEMA_ELEMENT_DEFAULT, Boolean.TRUE);
fFeatures.put(NORMALIZE_DATA, Boolean.TRUE);
fFeatures.put(SCHEMA_AUGMENT_PSVI, Boolean.TRUE);
fFeatures.put(GENERATE_SYNTHETIC_ANNOTATIONS, Boolean.FALSE);
fFeatures.put(VALIDATE_ANNOTATIONS, Boolean.FALSE);
fFeatures.put(HONOUR_ALL_SCHEMALOCATIONS, Boolean.FALSE);
fFeatures.put(NAMESPACE_GROWTH, Boolean.FALSE);
fFeatures.put(TOLERATE_DUPLICATES, Boolean.FALSE);
fFeatures.put(USE_GRAMMAR_POOL_ONLY, Boolean.FALSE);
fFeatures.put(GENERATE_SYNTHETIC_ANNOTATIONS, Boolean.FALSE);
fFeatures.put(VALIDATE_ANNOTATIONS, Boolean.FALSE);
fFeatures.put(HONOUR_ALL_SCHEMALOCATIONS, Boolean.FALSE);
fFeatures.put(NAMESPACE_GROWTH, Boolean.FALSE);
fFeatures.put(TOLERATE_DUPLICATES, Boolean.FALSE);
fFeatures.put(USE_GRAMMAR_POOL_ONLY, Boolean.FALSE);
fFeatures.put(PARSER_SETTINGS, Boolean.TRUE);
fFeatures.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
// add default recognized properties
final String[] recognizedProperties =
{
SYMBOL_TABLE,
ERROR_HANDLER,
ENTITY_RESOLVER,
SYMBOL_TABLE,
ERROR_HANDLER,
ENTITY_RESOLVER,
ERROR_REPORTER,
ENTITY_MANAGER,
DOCUMENT_SCANNER,
DTD_SCANNER,
DTD_PROCESSOR,
DTD_VALIDATOR,
DATATYPE_VALIDATOR_FACTORY,
VALIDATION_MANAGER,
SCHEMA_VALIDATOR,
XML_STRING,
DATATYPE_VALIDATOR_FACTORY,
VALIDATION_MANAGER,
SCHEMA_VALIDATOR,
XML_STRING,
XMLGRAMMAR_POOL,
JAXP_SCHEMA_SOURCE,
JAXP_SCHEMA_LANGUAGE,
@ -523,18 +535,20 @@ public class XML11Configuration extends ParserConfigurationSettings
SCHEMA_NONS_LOCATION,
LOCALE,
SCHEMA_DV_FACTORY,
ACCESS_EXTERNAL_DTD,
ACCESS_EXTERNAL_SCHEMA
};
addRecognizedProperties(recognizedProperties);
if (symbolTable == null) {
symbolTable = new SymbolTable();
}
fSymbolTable = symbolTable;
fProperties.put(SYMBOL_TABLE, fSymbolTable);
if (symbolTable == null) {
symbolTable = new SymbolTable();
}
fSymbolTable = symbolTable;
fProperties.put(SYMBOL_TABLE, fSymbolTable);
fGrammarPool = grammarPool;
if (fGrammarPool != null) {
fProperties.put(XMLGRAMMAR_POOL, fGrammarPool);
fProperties.put(XMLGRAMMAR_POOL, fGrammarPool);
}
fEntityManager = new XMLEntityManager();
@ -570,6 +584,15 @@ public class XML11Configuration extends ParserConfigurationSettings
fVersionDetector = new XMLVersionDetector();
//FEATURE_SECURE_PROCESSING is true, see the feature above
String accessExternal = SecuritySupport.getDefaultAccessProperty(
Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
fProperties.put(ACCESS_EXTERNAL_DTD, accessExternal);
accessExternal = SecuritySupport.getDefaultAccessProperty(
Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
fProperties.put(ACCESS_EXTERNAL_SCHEMA, accessExternal);
// add message formatters
if (fErrorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) {
XMLMessageFormatter xmft = new XMLMessageFormatter();

140
jaxp/src/com/sun/org/apache/xerces/internal/utils/SecuritySupport.java
View File

@ -23,14 +23,16 @@ package com.sun.org.apache.xerces.internal.utils;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Locale;
import java.util.MissingResourceException;
import java.util.Properties;
import java.util.PropertyResourceBundle;
import java.util.ResourceBundle;
@ -195,5 +197,141 @@ public final class SecuritySupport {
})).longValue();
}
/**
* Strip off path from an URI
*
* @param uri an URI with full path
* @return the file name only
*/
public static String sanitizePath(String uri) {
if (uri == null) {
return "";
}
int i = uri.lastIndexOf("/");
if (i > 0) {
return uri.substring(i+1, uri.length());
}
return "";
}
/**
* Check the protocol used in the systemId against allowed protocols
*
* @param systemId the Id of the URI
* @param allowedProtocols a list of allowed protocols separated by comma
* @param accessAny keyword to indicate allowing any protocol
* @return the name of the protocol if rejected, null otherwise
*/
public static String checkAccess(String systemId, String allowedProtocols, String accessAny) throws IOException {
if (systemId == null || allowedProtocols.equalsIgnoreCase(accessAny)) {
return null;
}
String protocol;
if (systemId.indexOf(":")==-1) {
protocol = "file";
} else {
URL url = new URL(systemId);
protocol = url.getProtocol();
if (protocol.equalsIgnoreCase("jar")) {
String path = url.getPath();
protocol = path.substring(0, path.indexOf(":"));
}
}
if (isProtocolAllowed(protocol, allowedProtocols)) {
//access allowed
return null;
} else {
return protocol;
}
}
/**
* Check if the protocol is in the allowed list of protocols. The check
* is case-insensitive while ignoring whitespaces.
*
* @param protocol a protocol
* @param allowedProtocols a list of allowed protocols
* @return true if the protocol is in the list
*/
private static boolean isProtocolAllowed(String protocol, String allowedProtocols) {
String temp[] = allowedProtocols.split(",");
for (String t : temp) {
t = t.trim();
if (t.equalsIgnoreCase(protocol)) {
return true;
}
}
return false;
}
/**
* Read from $java.home/lib/jaxp.properties for the specified property
*
* @param propertyId the Id of the property
* @return the value of the property
*/
public static String getDefaultAccessProperty(String sysPropertyId, String defaultVal) {
String accessExternal = SecuritySupport.getSystemProperty(sysPropertyId);
if (accessExternal == null) {
accessExternal = readJAXPProperty(sysPropertyId);
if (accessExternal == null) {
accessExternal = defaultVal;
}
}
return accessExternal;
}
/**
* Read from $java.home/lib/jaxp.properties for the specified property
* The program
*
* @param propertyId the Id of the property
* @return the value of the property
*/
static String readJAXPProperty(String propertyId) {
String value = null;
InputStream is = null;
try {
if (firstTime) {
synchronized (cacheProps) {
if (firstTime) {
String configFile = getSystemProperty("java.home") + File.separator +
"lib" + File.separator + "jaxp.properties";
File f = new File(configFile);
if (getFileExists(f)) {
is = getFileInputStream(f);
cacheProps.load(is);
}
firstTime = false;
}
}
}
value = cacheProps.getProperty(propertyId);
}
catch (Exception ex) {}
finally {
if (is != null) {
try {
is.close();
} catch (IOException ex) {}
}
}
return value;
}
/**
* Cache for properties in java.home/lib/jaxp.properties
*/
static final Properties cacheProps = new Properties();
/**
* Flag indicating if the program has tried reading java.home/lib/jaxp.properties
*/
static volatile boolean firstTime = true;
private SecuritySupport () {}
}

28
jaxp/src/com/sun/org/apache/xerces/internal/xinclude/XIncludeHandler.java
View File

@ -26,6 +26,7 @@ import java.util.Enumeration;
import java.util.Locale;
import java.util.Stack;
import java.util.StringTokenizer;
import javax.xml.XMLConstants;
import com.sun.org.apache.xerces.internal.impl.Constants;
import com.sun.org.apache.xerces.internal.impl.XMLEntityManager;
@ -229,6 +230,14 @@ public class XIncludeHandler
protected static final String PARSER_SETTINGS =
Constants.XERCES_FEATURE_PREFIX + Constants.PARSER_SETTINGS;
/** property identifier: access external dtd. */
protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
/** access external dtd: file protocol
* For DOM/SAX, the secure feature is set to true by default
*/
final static String EXTERNAL_ACCESS_DEFAULT = Constants.EXTERNAL_ACCESS_DEFAULT;
/** Recognized features. */
private static final String[] RECOGNIZED_FEATURES =
{ ALLOW_UE_AND_NOTATION_EVENTS, XINCLUDE_FIXUP_BASE_URIS, XINCLUDE_FIXUP_LANGUAGE };
@ -283,6 +292,12 @@ public class XIncludeHandler
protected XMLErrorReporter fErrorReporter;
protected XMLEntityResolver fEntityResolver;
protected SecurityManager fSecurityManager;
/**
* comma-delimited list of protocols that are allowed for the purpose
* of accessing external dtd or entity references
*/
protected String fAccessExternalDTD = EXTERNAL_ACCESS_DEFAULT;
// these are needed for text include processing
protected XIncludeTextReader fXInclude10TextReader;
@ -523,6 +538,8 @@ public class XIncludeHandler
fSecurityManager = null;
}
fAccessExternalDTD = (String)componentManager.getProperty(ACCESS_EXTERNAL_DTD);
// Get buffer size.
try {
Integer value =
@ -664,6 +681,14 @@ public class XIncludeHandler
}
return;
}
if (propertyId.equals(ACCESS_EXTERNAL_DTD)) {
fAccessExternalDTD = (String)value;
if (fChildConfig != null) {
fChildConfig.setProperty(propertyId, value);
}
return;
}
if (propertyId.equals(BUFFER_SIZE)) {
Integer bufferSize = (Integer) value;
if (fChildConfig != null) {
@ -1578,6 +1603,7 @@ public class XIncludeHandler
if (fErrorReporter != null) fChildConfig.setProperty(ERROR_REPORTER, fErrorReporter);
if (fEntityResolver != null) fChildConfig.setProperty(ENTITY_RESOLVER, fEntityResolver);
fChildConfig.setProperty(SECURITY_MANAGER, fSecurityManager);
fChildConfig.setProperty(ACCESS_EXTERNAL_DTD, fAccessExternalDTD);
fChildConfig.setProperty(BUFFER_SIZE, new Integer(fBufferSize));
// features must be copied to child configuration
@ -1691,7 +1717,7 @@ public class XIncludeHandler
if (fErrorReporter != null) {
fErrorReporter.setDocumentLocator(fDocLocation);
}
reportFatalError("XMLParseError", new Object[] { href });
reportFatalError("XMLParseError", new Object[] { href, e.getMessage() });
}
catch (IOException e) {
// necessary to make sure proper location is reported in errors

32
jaxp/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java
View File

@ -22,17 +22,17 @@
*/
package com.sun.org.apache.xml.internal.utils;
import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
import com.sun.org.apache.xalan.internal.XalanConstants;
import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
import java.util.HashMap;
import javax.xml.XMLConstants;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
import org.xml.sax.SAXException;
import org.xml.sax.XMLReader;
import org.xml.sax.helpers.XMLReaderFactory;
import org.xml.sax.SAXException;
/**
* Creates XMLReader objects and caches them for re-use.
@ -63,6 +63,11 @@ public class XMLReaderManager {
private HashMap m_inUse;
private boolean m_useServicesMechanism = true;
/**
* protocols allowed for external DTD references in source file and/or stylesheet.
*/
private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
/**
* Hidden constructor
*/
@ -131,6 +136,7 @@ public class XMLReaderManager {
try {
reader.setFeature(NAMESPACES_FEATURE, true);
reader.setFeature(NAMESPACE_PREFIXES_FEATURE, false);
reader.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, _accessExternalDTD);
} catch (SAXException se) {
// Try to carry on if we've got a parser that
// doesn't know about namespace prefixes.
@ -181,4 +187,22 @@ public class XMLReaderManager {
m_useServicesMechanism = flag;
}
/**
* Get property value
*/
public String getProperty(String name) {
if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
return _accessExternalDTD;
}
return null;
}
/**
* Set property.
*/
public void setProperty(String name, String value) {
if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) {
_accessExternalDTD = (String)value;
}
}
}

13
jaxp/src/com/sun/xml/internal/stream/StaxXMLInputSource.java
View File

@ -43,6 +43,9 @@ public class StaxXMLInputSource {
XMLEventReader fEventReader ;
XMLInputSource fInputSource ;
//indicate if the source is resolved by a resolver
boolean fHasResolver = false;
/** Creates a new instance of StaxXMLInputSource */
public StaxXMLInputSource(XMLStreamReader streamReader) {
fStreamReader = streamReader ;
@ -57,6 +60,12 @@ public class StaxXMLInputSource {
fInputSource = inputSource ;
}
public StaxXMLInputSource(XMLInputSource inputSource, boolean hasResolver){
fInputSource = inputSource ;
fHasResolver = hasResolver;
}
public XMLStreamReader getXMLStreamReader(){
return fStreamReader ;
}
@ -72,4 +81,8 @@ public class StaxXMLInputSource {
public boolean hasXMLStreamOrXMLEventReader(){
return (fStreamReader == null) && (fEventReader == null) ? false : true ;
}
public boolean hasResolver() {
return fHasResolver;
}
}

222
jaxp/src/javax/xml/XMLConstants.java
View File

@ -73,7 +73,7 @@ public final class XMLConstants {
* <p>The official XML Namespace name URI.</p>
*
* <p>Defined by the XML specification to be
* "<code>http://www.w3.org/XML/1998/namespace</code>".</p>
* "{@code http://www.w3.org/XML/1998/namespace}".</p>
*
* @see <a
* href="http://www.w3.org/TR/REC-xml-names/#ns-qualnames">
@ -85,7 +85,7 @@ public final class XMLConstants {
/**
* <p>The official XML Namespace prefix.</p>
*
* <p>Defined by the XML specification to be "<code>xml</code>".</p>
* <p>Defined by the XML specification to be "{@code xml}".</p>
*
* @see <a
* href="http://www.w3.org/TR/REC-xml-names/#ns-qualnames">
@ -99,7 +99,7 @@ public final class XMLConstants {
* XMLConstants.XMLNS_ATTRIBUTE}, Namespace name URI.</p>
*
* <p>Defined by the XML specification to be
* "<code>http://www.w3.org/2000/xmlns/</code>".</p>
* "{@code http://www.w3.org/2000/xmlns/}".</p>
*
* @see <a
* href="http://www.w3.org/TR/REC-xml-names/#ns-qualnames">
@ -117,7 +117,7 @@ public final class XMLConstants {
*
* <p>It is <strong><em>NOT</em></strong> valid to use as a
* prefix. Defined by the XML specification to be
* "<code>xmlns</code>".</p>
* "{@code xmlns}".</p>
*
* @see <a
* href="http://www.w3.org/TR/REC-xml-names/#ns-qualnames">
@ -128,7 +128,7 @@ public final class XMLConstants {
/**
* <p>W3C XML Schema Namespace URI.</p>
*
* <p>Defined to be "<code>http://www.w3.org/2001/XMLSchema</code>".
* <p>Defined to be "{@code http://www.w3.org/2001/XMLSchema}".
*
* @see <a href=
* "http://www.w3.org/TR/xmlschema-1/#Instance_Document_Constructions">
@ -141,7 +141,7 @@ public final class XMLConstants {
/**
* <p>W3C XML Schema Instance Namespace URI.</p>
*
* <p>Defined to be "<code>http://www.w3.org/2001/XMLSchema-instance</code>".</p>
* <p>Defined to be "{@code http://www.w3.org/2001/XMLSchema-instance}".</p>
*
* @see <a href=
* "http://www.w3.org/TR/xmlschema-1/#Instance_Document_Constructions">
@ -154,7 +154,7 @@ public final class XMLConstants {
/**
* <p>W3C XPath Datatype Namespace URI.</p>
*
* <p>Defined to be "<code>http://www.w3.org/2003/11/xpath-datatypes</code>".</p>
* <p>Defined to be "{@code http://www.w3.org/2003/11/xpath-datatypes}".</p>
*
* @see <a href="http://www.w3.org/TR/xpath-datamodel">XQuery 1.0 and XPath 2.0 Data Model</a>
*/
@ -163,14 +163,14 @@ public final class XMLConstants {
/**
* <p>XML Document Type Declaration Namespace URI as an arbitrary value.</p>
*
* <p>Since not formally defined by any existing standard, arbitrarily define to be "<code>http://www.w3.org/TR/REC-xml</code>".
* <p>Since not formally defined by any existing standard, arbitrarily define to be "{@code http://www.w3.org/TR/REC-xml}".
*/
public static final String XML_DTD_NS_URI = "http://www.w3.org/TR/REC-xml";
/**
* <p>RELAX NG Namespace URI.</p>
*
* <p>Defined to be "<code>http://relaxng.org/ns/structure/1.0</code>".</p>
* <p>Defined to be "{@code http://relaxng.org/ns/structure/1.0}".</p>
*
* @see <a href="http://relaxng.org/spec-20011203.html">RELAX NG Specification</a>
*/
@ -181,14 +181,212 @@ public final class XMLConstants {
*
* <ul>
* <li>
* <code>true</code> instructs the implementation to process XML securely.
* {@code true} instructs the implementation to process XML securely.
* This may set limits on XML constructs to avoid conditions such as denial of service attacks.
* </li>
* <li>
* <code>false</code> instructs the implementation to process XML acording the letter of the XML specifications
* ingoring security issues such as limits on XML constructs to avoid conditions such as denial of service attacks.
* {@code false} instructs the implementation to process XML in accordance with the XML specifications
* ignoring security issues such as limits on XML constructs to avoid conditions such as denial of service attacks.
* </li>
* </ul>
*/
public static final String FEATURE_SECURE_PROCESSING = "http://javax.xml.XMLConstants/feature/secure-processing";
/**
* <p>Property: accessExternalDTD</p>
*
* <p>
* Restrict access to external DTDs and external Entity References to the protocols specified.
* If access is denied due to the restriction of this property, a runtime exception that
* is specific to the context is thrown. In the case of {@link javax.xml.parsers.SAXParser}
* for example, {@link org.xml.sax.SAXException} is thrown.
* </p>
*
* <p>
* <b>Value: </b> a list of protocols separated by comma. A protocol is the scheme portion of a
* {@link java.net.URI}, or in the case of the JAR protocol, "jar" plus the scheme portion
* separated by colon.
* A scheme is defined as:
*
* <blockquote>
* scheme = alpha *( alpha | digit | "+" | "-" | "." )<br>
* where alpha = a-z and A-Z.<br><br>
*
* And the JAR protocol:<br>
*
* jar[:scheme]<br><br>
*
* Protocols including the keyword "jar" are case-insensitive. Any whitespaces as defined by
* {@link java.lang.Character#isSpaceChar } in the value will be ignored.
* Examples of protocols are file, http, jar:file.
*
* </blockquote>
*</p>
*
*<p>
* <b>Default value:</b> The default value is implementation specific and therefore not specified.
* The following options are provided for consideration:
* <blockquote>
* <UL>
* <LI>an empty string to deny all access to external references;</LI>
* <LI>a specific protocol, such as file, to give permission to only the protocol;</LI>
* <LI>the keyword "all" to grant permission to all protocols.</LI>
*</UL><br>
* When FEATURE_SECURE_PROCESSING is enabled, it is recommended that implementations
* restrict external connections by default, though this may cause problems for applications
* that process XML/XSD/XSL with external references.
* </blockquote>
* </p>
*
* <p>
* <b>Granting all access:</b> the keyword "all" grants permission to all protocols.
* </p>
* <p>
* <b>System Property:</b> The value of this property can be set or overridden by
* system property {@code javax.xml.accessExternalDTD}.
* </p>
*
* <p>
* <b>${JAVA_HOME}/lib/jaxp.properties:</b> This configuration file is in standard
* {@link java.util.Properties} format. If the file exists and the system property is specified,
* its value will be used to override the default of the property.
* </p>
*
* <p>
*
* </p>
* @since 1.7
*/
public static final String ACCESS_EXTERNAL_DTD = "http://javax.xml.XMLConstants/property/accessExternalDTD";
/**
* <p>Property: accessExternalSchema</p>
*
* <p>
* Restrict access to the protocols specified for external reference set by the
* schemaLocation attribute, Import and Include element. If access is denied
* due to the restriction of this property, a runtime exception that is specific
* to the context is thrown. In the case of {@link javax.xml.validation.SchemaFactory}
* for example, org.xml.sax.SAXException is thrown.
* </p>
* <p>
* <b>Value:</b> a list of protocols separated by comma. A protocol is the scheme portion of a
* {@link java.net.URI}, or in the case of the JAR protocol, "jar" plus the scheme portion
* separated by colon.
* A scheme is defined as:
*
* <blockquote>
* scheme = alpha *( alpha | digit | "+" | "-" | "." )<br>
* where alpha = a-z and A-Z.<br><br>
*
* And the JAR protocol:<br>
*
* jar[:scheme]<br><br>
*
* Protocols including the keyword "jar" are case-insensitive. Any whitespaces as defined by
* {@link java.lang.Character#isSpaceChar } in the value will be ignored.
* Examples of protocols are file, http, jar:file.
*
* </blockquote>
*</p>
*
*<p>
* <b>Default value:</b> The default value is implementation specific and therefore not specified.
* The following options are provided for consideration:
* <blockquote>
* <UL>
* <LI>an empty string to deny all access to external references;</LI>
* <LI>a specific protocol, such as file, to give permission to only the protocol;</LI>
* <LI>the keyword "all" to grant permission to all protocols.</LI>
*</UL><br>
* When FEATURE_SECURE_PROCESSING is enabled, it is recommended that implementations
* restrict external connections by default, though this may cause problems for applications
* that process XML/XSD/XSL with external references.
* </blockquote>
* </p>
* <p>
* <b>Granting all access:</b> the keyword "all" grants permission to all protocols.
* </p>
*
* <p>
* <b>System Property:</b> The value of this property can be set or overridden by
* system property {@code javax.xml.accessExternalSchema}
* </p>
*
* <p>
* <b>${JAVA_HOME}/lib/jaxp.properties:</b> This configuration file is in standard
* java.util.Properties format. If the file exists and the system property is specified,
* its value will be used to override the default of the property.
*
* @since 1.7
* </p>
*/
public static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema";
/**
* <p>Property: accessExternalStylesheet</p>
*
* <p>
* Restrict access to the protocols specified for external references set by the
* stylesheet processing instruction, Import and Include element, and document function.
* If access is denied due to the restriction of this property, a runtime exception
* that is specific to the context is thrown. In the case of constructing new
* {@link javax.xml.transform.Transformer} for example,
* {@link javax.xml.transform.TransformerConfigurationException}
* will be thrown by the {@link javax.xml.transform.TransformerFactory}.
* </p>
* <p>
* <b>Value:</b> a list of protocols separated by comma. A protocol is the scheme portion of a
* {@link java.net.URI}, or in the case of the JAR protocol, "jar" plus the scheme portion
* separated by colon.
* A scheme is defined as:
*
* <blockquote>
* scheme = alpha *( alpha | digit | "+" | "-" | "." )<br>
* where alpha = a-z and A-Z.<br><br>
*
* And the JAR protocol:<br>
*
* jar[:scheme]<br><br>
*
* Protocols including the keyword "jar" are case-insensitive. Any whitespaces as defined by
* {@link java.lang.Character#isSpaceChar } in the value will be ignored.
* Examples of protocols are file, http, jar:file.
*
* </blockquote>
*</p>
*
*<p>
* <b>Default value:</b> The default value is implementation specific and therefore not specified.
* The following options are provided for consideration:
* <blockquote>
* <UL>
* <LI>an empty string to deny all access to external references;</LI>
* <LI>a specific protocol, such as file, to give permission to only the protocol;</LI>
* <LI>the keyword "all" to grant permission to all protocols.</LI>
*</UL><br>
* When FEATURE_SECURE_PROCESSING is enabled, it is recommended that implementations
* restrict external connections by default, though this may cause problems for applications
* that process XML/XSD/XSL with external references.
* </blockquote>
* </p>
* <p>
* <b>Granting all access:</b> the keyword "all" grants permission to all protocols.
* </p>
*
* <p>
* <b>System Property:</b> The value of this property can be set or overridden by
* system property {@code javax.xml.accessExternalStylesheet}
* </p>
*
* <p>
* <b>${JAVA_HOME}/lib/jaxp.properties: </b> This configuration file is in standard
* java.util.Properties format. If the file exists and the system property is specified,
* its value will be used to override the default of the property.
*
* @since 1.7
*/
public static final String ACCESS_EXTERNAL_STYLESHEET = "http://javax.xml.XMLConstants/property/accessExternalStylesheet";
}

25
jaxp/src/javax/xml/parsers/DocumentBuilderFactory.java
View File

@ -351,6 +351,31 @@ public abstract class DocumentBuilderFactory {
/**
* Allows the user to set specific attributes on the underlying
* implementation.
* <p>
* All implementations that implement JAXP 1.5 or newer are required to
* support the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} and
* {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} properties.
* </p>
* <ul>
* <li>
* <p>
* Setting the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} property
* restricts the access to external DTDs, external Entity References to the
* protocols specified by the property.
* If access is denied during parsing due to the restriction of this property,
* {@link org.xml.sax.SAXException} will be thrown by the parse methods defined by
* {@link javax.xml.parsers.DocumentBuilder}.
* </p>
* <p>
* Setting the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} property
* restricts the access to external Schema set by the schemaLocation attribute to
* the protocols specified by the property. If access is denied during parsing
* due to the restriction of this property, {@link org.xml.sax.SAXException}
* will be thrown by the parse methods defined by
* {@link javax.xml.parsers.DocumentBuilder}.
* </p>
* </li>
* </ul>
*
* @param name The name of the attribute.
* @param value The value of the attribute.

23
jaxp/src/javax/xml/parsers/SAXParser.java
View File

@ -441,6 +441,29 @@ public abstract class SAXParser {
* A list of the core features and properties can be found at
* <a href="http://sax.sourceforge.net/?selected=get-set">
* http://sax.sourceforge.net/?selected=get-set</a>.</p>
* <p>
* All implementations that implement JAXP 1.5 or newer are required to
* support the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} and
* {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} properties.
* </p>
* <ul>
* <li>
* <p>
* Setting the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} property
* restricts the access to external DTDs, external Entity References to
* the protocols specified by the property. If access is denied during parsing
* due to the restriction of this property, {@link org.xml.sax.SAXException}
* will be thrown by the parse methods defined by {@link javax.xml.parsers.SAXParser}.
* </p>
* <p>
* Setting the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} property
* restricts the access to external Schema set by the schemaLocation attribute to
* the protocols specified by the property. If access is denied during parsing
* due to the restriction of this property, {@link org.xml.sax.SAXException}
* will be thrown by the parse methods defined by the {@link javax.xml.parsers.SAXParser}.
* </p>
* </li>
* </ul>
*
* @param name The name of the property to be set.
* @param value The value of the property to be set.

22
jaxp/src/javax/xml/stream/XMLInputFactory.java
View File

@ -433,9 +433,25 @@ public abstract class XMLInputFactory {
public abstract void setXMLReporter(XMLReporter reporter);
/**
* Allows the user to set specific feature/property on the underlying implementation. The underlying implementation
* is not required to support every setting of every property in the specification and may use IllegalArgumentException
* to signal that an unsupported property may not be set with the specified value.
* Allows the user to set specific feature/property on the underlying
* implementation. The underlying implementation is not required to support
* every setting of every property in the specification and may use
* IllegalArgumentException to signal that an unsupported property may not be
* set with the specified value.
* <p>
* All implementations that implement JAXP 1.5 or newer are required to
* support the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} property.
* </p>
* <ul>
* <li>
* <p>
* Access to external DTDs, external Entity References is restricted to the
* protocols specified by the property. If access is denied during parsing
* due to the restriction of this property, {@link javax.xml.stream.XMLStreamException}
* will be thrown.
* </p>
* </li>
* </ul>
* @param name The name of the property (may not be null)
* @param value The value of the property
* @throws java.lang.IllegalArgumentException if the property is not supported

40
jaxp/src/javax/xml/transform/TransformerFactory.java
View File

@ -325,6 +325,46 @@ public abstract class TransformerFactory {
* be an option that the implementation provides.
* An <code>IllegalArgumentException</code> is thrown if the underlying
* implementation doesn't recognize the attribute.
* <p>
* All implementations that implement JAXP 1.5 or newer are required to
* support the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} and
* {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_STYLESHEET} properties.
* </p>
* <ul>
* <li>
* <p>
* Access to external DTDs in the source file is restricted to the protocols
* specified by the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} property.
* If access is denied during transformation due to the restriction of this property,
* {@link javax.xml.transform.TransformerException} will be thrown by
* {@link javax.xml.transform.Transformer#transform(Source, Result)}.
* </p>
* <p>
* Access to external DTDs in the stylesheet is restricted to the protocols
* specified by the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} property.
* If access is denied during the creation of a new transformer due to the
* restriction of this property,
* {@link javax.xml.transform.TransformerConfigurationException} will be thrown
* by the {@link #newTransformer(Source)} method.
* </p>
* <p>
* Access to external reference set by the stylesheet processing instruction,
* Import and Include element is restricted to the protocols specified by the
* {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_STYLESHEET} property.
* If access is denied during the creation of a new transformer due to the
* restriction of this property,
* {@link javax.xml.transform.TransformerConfigurationException} will be thrown
* by the {@link #newTransformer(Source)} method.
* </p>
* <p>
* Access to external document through XSLT document function is restricted
* to the protocols specified by the property. If access is denied during
* the transformation due to the restriction of this property,
* {@link javax.xml.transform.TransformerException} will be thrown by the
* {@link javax.xml.transform.Transformer#transform(Source, Result)} method.
* </p>
* </li>
* </ul>
*
* @param name The name of the attribute.
* @param value The value of the attribute.

40
jaxp/src/javax/xml/validation/SchemaFactory.java
View File

@ -390,8 +390,44 @@ public abstract class SchemaFactory {
* possible for a {@link SchemaFactory} to recognize a property name but
* to be unable to change the current value.</p>
*
* <p>{@link SchemaFactory}s are not required to recognize setting
* any specific property names.</p>
* <p>
* All implementations that implement JAXP 1.5 or newer are required to
* support the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} and
* {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} properties.
* </p>
* <ul>
* <li>
* <p>Access to external DTDs in Schema files is restricted to the protocols
* specified by the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} property.
* If access is denied during the creation of new Schema due to the restriction
* of this property, {@link org.xml.sax.SAXException} will be thrown by the
* {@link #newSchema(Source)} or {@link #newSchema(File)}
* or {@link #newSchema(URL)} or or {@link #newSchema(Source[])} method.</p>
*
* <p>Access to external DTDs in xml source files is restricted to the protocols
* specified by the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} property.
* If access is denied during validation due to the restriction
* of this property, {@link org.xml.sax.SAXException} will be thrown by the
* {@link javax.xml.validation.Validator#validate(Source)} or
* {@link javax.xml.validation.Validator#validate(Source, Result)} method.</p>
*
* <p>Access to external reference set by the schemaLocation attribute is
* restricted to the protocols specified by the
* {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} property.
* If access is denied during validation due to the restriction of this property,
* {@link org.xml.sax.SAXException} will be thrown by the
* {@link javax.xml.validation.Validator#validate(Source)} or
* {@link javax.xml.validation.Validator#validate(Source, Result)} method.</p>
*
* <p>Access to external reference set by the Import
* and Include element is restricted to the protocols specified by the
* {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} property.
* If access is denied during the creation of new Schema due to the restriction
* of this property, {@link org.xml.sax.SAXException} will be thrown by the
* {@link #newSchema(Source)} or {@link #newSchema(File)}
* or {@link #newSchema(URL)} or {@link #newSchema(Source[])} method.</p>
* </li>
* </ul>
*
* @param name The property name, which is a non-null fully-qualified URI.
* @param object The requested value for the property.

23
jaxp/src/javax/xml/validation/Validator.java
View File

@ -440,8 +440,27 @@ public abstract class Validator {
* in specific contexts, such as before, during, or after
* a validation.</p>
*
* <p>{@link Validator}s are not required to recognize setting
* any specific property names.</p>
* <p>
* All implementations that implement JAXP 1.5 or newer are required to
* support the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD} and
* {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} properties.
* </p>
* <ul>
* <li>
* <p>Access to external DTDs in source or Schema file is restricted to
* the protocols specified by the {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_DTD}
* property. If access is denied during validation due to the restriction
* of this property, {@link org.xml.sax.SAXException} will be thrown by the
* {@link #validate(Source)} method.</p>
*
* <p>Access to external reference set by the schemaLocation attribute is
* restricted to the protocols specified by the
* {@link javax.xml.XMLConstants#ACCESS_EXTERNAL_SCHEMA} property.
* If access is denied during validation due to the restriction of this property,
* {@link org.xml.sax.SAXException} will be thrown by the
* {@link #validate(Source)} method.</p>
* </li>
* </ul>
*
* @param name The property name, which is a non-null fully-qualified URI.
* @param object The requested value for the property.