List of usage examples for javax.xml.parsers DocumentBuilderFactory setFeature
public abstract void setFeature(String name, boolean value) throws ParserConfigurationException;
From source file:org.wso2.carbon.apimgt.impl.utils.APIUtil.java
/** * @param tenantId//from w w w. j a v a2 s. co m * @throws APIManagementException */ public static void createSelfSignUpRoles(int tenantId) throws APIManagementException { try { RegistryService registryService = ServiceReferenceHolder.getInstance().getRegistryService(); UserRegistry govRegistry = registryService.getGovernanceSystemRegistry(tenantId); if (govRegistry.resourceExists(APIConstants.SELF_SIGN_UP_CONFIG_LOCATION)) { Resource resource = govRegistry.get(APIConstants.SELF_SIGN_UP_CONFIG_LOCATION); InputStream content = resource.getContentStream(); DocumentBuilderFactory factory = getSecuredDocumentBuilder(); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder parser = factory.newDocumentBuilder(); Document dc = parser.parse(content); boolean enableSignup = Boolean .parseBoolean(dc.getElementsByTagName(APIConstants.SELF_SIGN_UP_REG_ENABLED).item(0) .getFirstChild().getNodeValue()); String signUpDomain = dc.getElementsByTagName(APIConstants.SELF_SIGN_UP_REG_DOMAIN_ELEM).item(0) .getFirstChild().getNodeValue(); if (enableSignup) { int roleLength = dc.getElementsByTagName(APIConstants.SELF_SIGN_UP_REG_ROLE_NAME_ELEMENT) .getLength(); for (int i = 0; i < roleLength; i++) { String roleName = dc.getElementsByTagName(APIConstants.SELF_SIGN_UP_REG_ROLE_NAME_ELEMENT) .item(i).getFirstChild().getNodeValue(); boolean isExternalRole = Boolean.parseBoolean( dc.getElementsByTagName(APIConstants.SELF_SIGN_UP_REG_ROLE_IS_EXTERNAL).item(i) .getFirstChild().getNodeValue()); if (roleName != null) { // If isExternalRole==false ;create the subscriber role as an internal role if (isExternalRole && signUpDomain != null) { roleName = signUpDomain.toUpperCase() + CarbonConstants.DOMAIN_SEPARATOR + roleName; } else { roleName = UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR + roleName; } createSubscriberRole(roleName, tenantId); } } } } if (log.isDebugEnabled()) { log.debug("Adding Self signup configuration to the tenant's registry"); } } catch (RegistryException e) { throw new APIManagementException("Error while getting Self signup role information from the registry", e); } catch (ParserConfigurationException e) { throw new APIManagementException("Error while getting Self signup role information from the registry", e); } catch (SAXException e) { throw new APIManagementException("Error while getting Self signup role information from the registry", e); } catch (IOException e) { throw new APIManagementException("Error while getting Self signup role information from the registry", e); } }
From source file:org.wso2.carbon.apimgt.impl.utils.APIUtil.java
/** * Returns a secured DocumentBuilderFactory instance * @return DocumentBuilderFactory//w ww. j av a 2 s . c o m */ public static DocumentBuilderFactory getSecuredDocumentBuilder() { org.apache.xerces.impl.Constants Constants = null; DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); dbf.setXIncludeAware(false); dbf.setExpandEntityReferences(false); try { dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false); dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false); dbf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false); } catch (ParserConfigurationException e) { log.error("Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or " + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE); } SecurityManager securityManager = new SecurityManager(); securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT); dbf.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY, securityManager); return dbf; }
From source file:org.wso2.carbon.apimgt.webapp.publisher.WebappPublisherUtil.java
public static Document convertToDocument(File file) throws WebappPublisherConfigurationFailedException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true);/*from ww w .j av a2s.c om*/ try { factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { throw new WebappPublisherConfigurationFailedException( "Error occurred while parsing file, while converting " + "to a org.w3c.dom.Document", e); } }
From source file:org.wso2.carbon.appmgt.impl.utils.SelfSignUpUtil.java
/** * load configuration from the registry/*from w w w . jav a 2 s .c o m*/ * * @param tenantId tenant id * @return * @throws org.wso2.carbon.appmgt.api.AppManagementException */ private static UserRegistrationConfigDTO getSignupConfigurationFromRegistry(int tenantId) throws AppManagementException { UserRegistrationConfigDTO config = null; try { Registry registry = ServiceReferenceHolder.getInstance().getRegistryService() .getGovernanceSystemRegistry(tenantId); if (registry.resourceExists(AppMConstants.SELF_SIGN_UP_CONFIG_LOCATION)) { Resource resource = registry.get(AppMConstants.SELF_SIGN_UP_CONFIG_LOCATION); // build config from registry resource DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder builder = documentBuilderFactory.newDocumentBuilder(); String configXml = new String((byte[]) resource.getContent()); InputSource configInputSource = new InputSource(); configInputSource.setCharacterStream(new StringReader(configXml.trim())); Document doc = builder.parse(configInputSource); NodeList nodes = doc.getElementsByTagName(AppMConstants.SELF_SIGN_UP_REG_ROOT); if (nodes.getLength() > 0) { config = new UserRegistrationConfigDTO(); config.setSignUpDomain(((Element) nodes.item(0)) .getElementsByTagName(AppMConstants.SELF_SIGN_UP_REG_DOMAIN_ELEM).item(0) .getTextContent()); // set tenant admin credentials config.setAdminUserName( ((Element) nodes.item(0)).getElementsByTagName(AppMConstants.SELF_SIGN_UP_REG_USERNAME) .item(0).getTextContent()); config.setAdminPassword( ((Element) nodes.item(0)).getElementsByTagName(AppMConstants.SELF_SIGN_UP_REG_PASSWORD) .item(0).getTextContent()); config.setSignUpEnabled(Boolean.parseBoolean( ((Element) nodes.item(0)).getElementsByTagName(AppMConstants.SELF_SIGN_UP_REG_ENABLED) .item(0).getTextContent())); // iterate through sign-up role list Element roleListParent = (Element) ((Element) nodes.item(0)) .getElementsByTagName(AppMConstants.SELF_SIGN_UP_REG_ROLES_ELEM).item(0); NodeList rolesEl = roleListParent .getElementsByTagName(AppMConstants.SELF_SIGN_UP_REG_ROLE_ELEM); for (int i = 0; i < rolesEl.getLength(); i++) { Element tmpEl = (Element) rolesEl.item(i); String tmpRole = tmpEl .getElementsByTagName(AppMConstants.SELF_SIGN_UP_REG_ROLE_NAME_ELEMENT).item(0) .getTextContent(); boolean tmpIsExternal = Boolean.parseBoolean( tmpEl.getElementsByTagName(AppMConstants.SELF_SIGN_UP_REG_ROLE_IS_EXTERNAL).item(0) .getTextContent()); String permissions = null; NodeList permissionsNodeList = tmpEl.getElementsByTagName("Permissions"); if (permissionsNodeList.item(0) != null) { permissions = permissionsNodeList.item(0).getTextContent(); } String[] permissionList = null; permissionList = permissions != null ? permissions.split(",") : new String[] { "/permission/admin/login", "/permission/admin/manage/webapp/subscribe" }; SignUpRole signUpRole = new SignUpRole(); signUpRole.setRoleName(tmpRole); signUpRole.setExternalRole(tmpIsExternal); signUpRole.setPermissionsList(permissionList); config.getSignUpRoles().add(signUpRole); } } } } catch (RegistryException e) { throw new AppManagementException( "Error while reading sign-up configuration file in registry location : " + AppMConstants.SELF_SIGN_UP_CONFIG_LOCATION, e); } catch (ParserConfigurationException e) { throw new AppManagementException("Error while building sign-up configuration file in : " + AppMConstants.SELF_SIGN_UP_CONFIG_LOCATION, e); } catch (SAXException e) { throw new AppManagementException( "Error while parsing sign-up configuration in : " + AppMConstants.SELF_SIGN_UP_CONFIG_LOCATION, e); } catch (IOException e) { throw new AppManagementException( "Error while parsing sign-up configuration in : " + AppMConstants.SELF_SIGN_UP_CONFIG_LOCATION, e); } return config; }
From source file:org.wso2.carbon.appmgt.migration.util.ResourceUtil.java
private static DocumentBuilder getDocumentBuilder(String fileName) throws APPMMigrationException { DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance(); docFactory.setNamespaceAware(true);// w w w .jav a 2 s . c om DocumentBuilder docBuilder = null; try { docFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); docBuilder = docFactory.newDocumentBuilder(); } catch (ParserConfigurationException e) { ResourceUtil.handleException("Error occurred while trying to build the " + fileName + " xml document", e); } return docBuilder; }
From source file:org.wso2.carbon.bpmn.core.types.datatypes.xml.Utils.java
/** * Create DocumentBuilderFactory with the XXE and XEE prevention measurements. * * @return DocumentBuilderFactory instance *///w ww.ja v a2 s . c om public static DocumentBuilderFactory getSecuredDocumentBuilder() { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); dbf.setXIncludeAware(false); dbf.setExpandEntityReferences(false); try { dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false); dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false); dbf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false); dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); } catch (ParserConfigurationException e) { log.error("Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or " + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE + " or secure-processing."); } SecurityManager securityManager = new SecurityManager(); securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT); dbf.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY, securityManager); return dbf; }
From source file:org.wso2.carbon.certificate.mgt.core.util.CertificateManagerUtil.java
public static Document convertToDocument(File file) throws CertificateManagementException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true);/*from w w w. j a va2 s. co m*/ try { factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { throw new CertificateManagementException("Error occurred while parsing file, while converting " + "to a org.w3c.dom.Document : " + e.getMessage(), e); } }
From source file:org.wso2.carbon.dashboard.template.deployer.DashboardTemplateDeployer.java
private static DocumentBuilderFactory getSecuredDocumentBuilder() { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true);/*from w w w. ja va 2s . co m*/ dbf.setXIncludeAware(false); dbf.setExpandEntityReferences(false); try { dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false); dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false); dbf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false); } catch (ParserConfigurationException e) { log.error("Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or " + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE); } org.apache.xerces.util.SecurityManager securityManager = new org.apache.xerces.util.SecurityManager(); securityManager.setEntityExpansionLimit(DashboardTemplateDeployerConstants.ENTITY_EXPANSION_LIMIT); dbf.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY, securityManager); return dbf; }
From source file:org.wso2.carbon.dataservices.core.XSLTTransformer.java
/** * This method provides a secured document builder which will secure XXE attacks. * * @param setIgnoreComments whether to set setIgnoringComments in DocumentBuilderFactory. * @return DocumentBuilder/*from ww w.j a va2 s. c om*/ * @throws javax.xml.parsers.ParserConfigurationException */ private static DocumentBuilder getSecuredDocumentBuilder(boolean setIgnoreComments) throws ParserConfigurationException { DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setIgnoringComments(setIgnoreComments); documentBuilderFactory.setNamespaceAware(true); documentBuilderFactory.setExpandEntityReferences(false); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); documentBuilder.setEntityResolver(new EntityResolver() { @Override public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException { throw new SAXException("Possible XML External Entity (XXE) attack. Skip resolving entity"); } }); return documentBuilder; }
From source file:org.wso2.carbon.datasource.utils.DataSourceUtils.java
/** * This method provides a secured document builder which will secure XXE attacks. * * @param setIgnoreComments whether to set setIgnoringComments in DocumentBuilderFactory. * @return DocumentBuilder//from w ww . j a va2 s . co m * @throws ParserConfigurationException */ private static DocumentBuilder getSecuredDocumentBuilder(boolean setIgnoreComments) throws ParserConfigurationException { DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setIgnoringComments(setIgnoreComments); documentBuilderFactory.setNamespaceAware(true); documentBuilderFactory.setExpandEntityReferences(false); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); documentBuilder.setEntityResolver((publicId, systemId) -> { throw new SAXException("Possible XML External Entity (XXE) attack. Skip resolving entity"); }); return documentBuilder; }