Example usage for javax.xml.parsers DocumentBuilderFactory setFeature

List of usage examples for javax.xml.parsers DocumentBuilderFactory setFeature

  1. HOME
  2. Java
  3. javax
  4. javax.xml.parsers.*
  5. DocumentBuilderFactory
  6. setFeature

Introduction

In this page you can find the example usage for javax.xml.parsers DocumentBuilderFactory setFeature.

Prototype

public abstract void setFeature(String name, boolean value) throws ParserConfigurationException;

Source Link

Document

Set a feature for this DocumentBuilderFactory and DocumentBuilder s created by this factory.

Usage

From source file:org.wso2.carbon.identity.entitlement.pap.PAPPolicyReader.java

private PAPPolicyReader(PolicyFinder policyFinder) {

    this.policyFinder = policyFinder;
    // create the factory
    DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
    documentBuilderFactory.setIgnoringComments(true);
    documentBuilderFactory.setNamespaceAware(true);
    documentBuilderFactory.setExpandEntityReferences(false);
    SecurityManager securityManager = new SecurityManager();
    securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
    documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);

    // now use the factory to create the document builder
    try {//ww w  .  jav  a  2  s .  c o  m
        documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        builder = documentBuilderFactory.newDocumentBuilder();
        builder.setEntityResolver(new CarbonEntityResolver());
        builder.setErrorHandler(this);
    } catch (ParserConfigurationException pce) {
        throw new IllegalArgumentException("Filed to setup repository: ");
    }
}

From source file:org.wso2.carbon.identity.entitlement.policy.PolicyRequestBuilder.java

/**
 * creates DOM representation of the XACML request
 *
 * @param request XACML request as a String object
 * @return XACML request as a DOM element
 * @throws EntitlementException throws, if fails
 *//*from   ww w. j  a  va2s . co  m*/
public Element getXacmlRequest(String request) throws EntitlementException {

    ByteArrayInputStream inputStream;
    DocumentBuilderFactory documentBuilderFactory;
    Document doc;

    inputStream = new ByteArrayInputStream(request.getBytes());
    documentBuilderFactory = DocumentBuilderFactory.newInstance();
    documentBuilderFactory.setNamespaceAware(true);
    documentBuilderFactory.setExpandEntityReferences(false);

    SecurityManager securityManager = new SecurityManager();
    securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
    documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);
    DocumentBuilder documentBuilder;
    try {
        documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        documentBuilder = documentBuilderFactory.newDocumentBuilder();
        documentBuilder.setEntityResolver(new CarbonEntityResolver());
        doc = documentBuilder.parse(inputStream);
    } catch (SAXException e) {
        throw new EntitlementException("Error while creating DOM from XACML request");
    } catch (IOException e) {
        throw new EntitlementException("Error while creating DOM from XACML request");
    } catch (ParserConfigurationException e) {
        throw new EntitlementException("Error while creating DOM from XACML request");
    } finally {
        try {
            inputStream.close();
        } catch (IOException e) {
            log.error("Error in closing input stream of XACML request");
        }
    }
    return doc.getDocumentElement();
}

From source file:org.wso2.carbon.identity.entitlement.proxy.wsxacml.WSXACMLEntitlementServiceClient.java

/**
 * Constructing the SAML or XACML Objects from a String
 *
 * @param xmlString Decoded SAML or XACML String
 * @return SAML or XACML Object// ww w.j  av  a  2s  . c o  m
 * @throws EntitlementProxyException
 */
private XMLObject unmarshall(String xmlString) throws EntitlementProxyException {

    try {
        doBootstrap();
        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
        documentBuilderFactory.setNamespaceAware(true);

        documentBuilderFactory.setExpandEntityReferences(false);
        documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        SecurityManager securityManager = new SecurityManager();
        securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
        documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);

        DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
        docBuilder.setEntityResolver(new CarbonEntityResolver());
        Document document = docBuilder
                .parse(new ByteArrayInputStream(xmlString.trim().getBytes(Charset.forName("UTF-8"))));
        Element element = document.getDocumentElement();
        UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
        Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
        return unmarshaller.unmarshall(element);
    } catch (Exception e) {
        log.error("Error in constructing XML(SAML or XACML) Object from the encoded String", e);
        throw new EntitlementProxyException("Error in constructing XML(SAML or XACML) from the encoded String",
                e);
    }
}

From source file:org.wso2.carbon.identity.entitlement.wsxacml.WSXACMLMessageReceiver.java

/**
 * Constructing the SAML or XACML Objects from a String
 *
 * @param xmlString Decoded SAML or XACML String
 * @return SAML or XACML Object//from w  w w.  j a va 2s. c  o  m
 * @throws org.wso2.carbon.identity.entitlement.EntitlementException
 */
public XMLObject unmarshall(String xmlString) throws EntitlementException {

    try {
        doBootstrap();
        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
        documentBuilderFactory.setNamespaceAware(true);

        documentBuilderFactory.setExpandEntityReferences(false);
        documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        SecurityManager securityManager = new SecurityManager();
        securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
        documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);

        DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
        docBuilder.setEntityResolver(new CarbonEntityResolver());
        Document document = docBuilder.parse(new ByteArrayInputStream(xmlString.trim().getBytes()));
        Element element = document.getDocumentElement();
        UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
        Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
        return unmarshaller.unmarshall(element);
    } catch (Exception e) {
        log.error("Error in constructing XML(SAML or XACML) Object from the encoded String", e);
        throw new EntitlementException("Error in constructing XML(SAML or XACML) from the encoded String ", e);
    }
}

From source file:org.wso2.carbon.identity.query.saml.util.SAMLQueryRequestUtil.java

/**
 * Create DocumentBuilderFactory with the XXE and XEE prevention measurements.
 *
 * @return DocumentBuilderFactory instance
 *//*from  w  w  w  .  j ava2s  .  c o m*/
public static DocumentBuilderFactory getSecuredDocumentBuilderFactory() throws IdentitySAML2QueryException {

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
    dbf.setNamespaceAware(true);
    dbf.setXIncludeAware(false);
    dbf.setExpandEntityReferences(false);
    try {
        dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
        dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
        dbf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
        dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        dbf.setNamespaceAware(true);
        dbf.setExpandEntityReferences(false);
        dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);

    } catch (ParserConfigurationException e) {
        log.error("Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or "
                + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE
                + " or secure-processing.");
        throw new IdentitySAML2QueryException(
                "Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or "
                        + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or "
                        + Constants.LOAD_EXTERNAL_DTD_FEATURE + " or secure-processing.",
                e);
    }

    SecurityManager securityManager = new SecurityManager();
    securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
    dbf.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY, securityManager);

    return dbf;

}

From source file:org.wso2.carbon.identity.saml.inbound.util.SAMLSSOUtil.java

/**
 * Constructing the AuthnRequest Object from a String
 *
 * @param authReqStr Decoded AuthReq String
 * @return AuthnRequest Object//from  ww  w.j  av a 2s . com
 * @throws
 */
public static XMLObject unmarshall(String authReqStr) throws IdentityException {
    InputStream inputStream = null;
    try {
        doBootstrap();
        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
        documentBuilderFactory.setNamespaceAware(true);

        documentBuilderFactory.setExpandEntityReferences(false);
        documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        org.apache.xerces.util.SecurityManager securityManager = new SecurityManager();
        securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
        documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);

        DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
        docBuilder.setEntityResolver(new CarbonEntityResolver());
        inputStream = new ByteArrayInputStream(authReqStr.trim().getBytes(StandardCharsets.UTF_8));
        Document document = docBuilder.parse(inputStream);
        Element element = document.getDocumentElement();
        UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
        Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
        return unmarshaller.unmarshall(element);
    } catch (Exception e) {
        log.error("Error in constructing AuthRequest from the encoded String", e);
        throw IdentityException.error("Error in constructing AuthRequest from the encoded String ", e);
    } finally {
        if (inputStream != null) {
            try {
                inputStream.close();
            } catch (IOException e) {
                log.error("Error while closing the stream", e);
            }
        }
    }
}

From source file:org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.java

/**
 * Constructing the AuthnRequest Object from a String
 *
 * @param authReqStr Decoded AuthReq String
 * @return AuthnRequest Object/*from  www .j a va  2s. c o  m*/
 * @throws org.wso2.carbon.identity.base.IdentityException
 */
public static XMLObject unmarshall(String authReqStr) throws IdentityException {
    InputStream inputStream = null;
    try {
        doBootstrap();
        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
        documentBuilderFactory.setNamespaceAware(true);

        documentBuilderFactory.setExpandEntityReferences(false);
        documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        SecurityManager securityManager = new SecurityManager();
        securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
        documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);

        DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
        docBuilder.setEntityResolver(new CarbonEntityResolver());
        inputStream = new ByteArrayInputStream(authReqStr.trim().getBytes(StandardCharsets.UTF_8));
        Document document = docBuilder.parse(inputStream);
        Element element = document.getDocumentElement();
        UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
        Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
        return unmarshaller.unmarshall(element);
    } catch (Exception e) {
        log.error("Error in constructing AuthRequest from the encoded String", e);
        throw new IdentityException("Error in constructing AuthRequest from the encoded String ", e);
    } finally {
        if (inputStream != null) {
            try {
                inputStream.close();
            } catch (IOException e) {
                log.error("Error while closing the stream", e);
            }
        }
    }
}

From source file:org.wso2.carbon.identity.user.registration.UserRegistrationService.java

/**
 * * This method provides a secured document builder which will secure XXE attacks.
 *
 * @return DocumentBuilder/*from www. j av a  2  s .  c o  m*/
 * @throws ParserConfigurationException
 */
private DocumentBuilder getSecuredDocumentBuilder() throws ParserConfigurationException {

    DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
    documentBuilderFactory.setNamespaceAware(true);
    documentBuilderFactory.setExpandEntityReferences(false);
    documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
    SecurityManager securityManager = new SecurityManager();
    securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
    documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);
    DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
    documentBuilder.setEntityResolver(new CarbonEntityResolver());
    return documentBuilder;

}

From source file:org.wso2.carbon.jaggeryapp.template.deployer.internal.util.JaggeryappTemplateDeployerHelper.java

public static DocumentBuilderFactory getSecuredDocumentBuilder() {

    DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
    documentBuilderFactory.setNamespaceAware(true);
    documentBuilderFactory.setXIncludeAware(false);
    documentBuilderFactory.setExpandEntityReferences(false);
    try {//  w  w w.j a  v  a  2 s . c o m
        documentBuilderFactory
                .setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
        documentBuilderFactory.setFeature(
                Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
        documentBuilderFactory.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE,
                false);
    } catch (ParserConfigurationException e) {
        log.error("Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or "
                + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE);
    }

    org.apache.xerces.util.SecurityManager securityManager = new org.apache.xerces.util.SecurityManager();
    securityManager.setEntityExpansionLimit(JaggeryappTemplateDeployerConstants.ENTITY_EXPANSION_LIMIT);
    documentBuilderFactory.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY,
            securityManager);
    return documentBuilderFactory;
}

From source file:org.wso2.carbon.pc.core.assets.common.AssetResource.java

/**
 * Parse string to xml document//from  w  ww .j  ava2  s .c  o  m
 *
 * @param xmlString
 * @return
 * @throws Exception
 */
protected Document stringToXML(String xmlString)
        throws IOException, SAXException, ParserConfigurationException {
    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
    factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
    DocumentBuilder builder = factory.newDocumentBuilder();
    return builder.parse(new InputSource(new StringReader(xmlString)));
}