List of usage examples for javax.xml.parsers DocumentBuilderFactory setFeature
public abstract void setFeature(String name, boolean value) throws ParserConfigurationException;
From source file:Main.java
private static DocumentBuilder getBuilder() throws ParserConfigurationException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true);/*from w w w. jav a 2s . co m*/ factory.setFeature("http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false); factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); DocumentBuilder builder = factory.newDocumentBuilder(); // prevent DTD entities from being resolved. builder.setEntityResolver(new EntityResolver() { @Override public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException { return new InputSource(new StringReader("")); } }); return builder; }
From source file:Main.java
/** * @param is/* www . j a v a 2 s . com*/ * @return * @throws ParserConfigurationException * @throws IOException * @throws SAXException */ public static Document parseInputStream(InputStream is) throws IOException { try { DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); domFactory.setNamespaceAware(false); domFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder builder = domFactory.newDocumentBuilder(); return builder.parse(is); } catch (Exception e) { throw new IOException("Error parsing XML Stream", e); } }
From source file:mondrian.util.XmlParserFactoryProducer.java
/** * Creates an instance of {@link DocumentBuilderFactory} class * with enabled {@link XMLConstants#FEATURE_SECURE_PROCESSING} property. * Enabling this feature prevents from some XXE attacks (e.g. XML bomb) * See PPP-3506 for more details./*from ww w .j av a 2s .co m*/ * * @throws ParserConfigurationException if feature can't be enabled * */ public static DocumentBuilderFactory createSecureDocBuilderFactory() throws ParserConfigurationException { DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); docBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); docBuilderFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); return docBuilderFactory; }
From source file:Main.java
private static DocumentBuilder getDocumentBuilder() throws ParserConfigurationException { if (db == null) { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setValidating(false);/* w w w . j ava 2 s . com*/ dbf.setIgnoringComments(true); dbf.setFeature("http://xml.org/sax/features/namespaces", false); dbf.setFeature("http://xml.org/sax/features/validation", false); dbf.setFeature("http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false); dbf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); db = dbf.newDocumentBuilder(); } return db; }
From source file:Main.java
public static DocumentBuilder getDocumentBuilder(boolean secure) throws ParserConfigurationException { String feature;/* ww w.j av a 2s.c o m*/ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); feature = "http://xml.org/sax/features/external-general-entities"; factory.setFeature(feature, false); feature = "http://xml.org/sax/features/external-parameter-entities"; factory.setFeature(feature, false); feature = "http://apache.org/xml/features/nonvalidating/load-external-dtd"; factory.setFeature(feature, false); feature = "http://apache.org/xml/features/disallow-doctype-decl"; factory.setFeature(feature, true); factory.setXIncludeAware(false); factory.setExpandEntityReferences(false); factory.setNamespaceAware(true); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, secure); return factory.newDocumentBuilder(); }
From source file:Main.java
public static DocumentBuilderFactory createNonValidatingDocumentBuilderFactory() throws ParserConfigurationException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setValidating(false);/*from w ww. j a va2 s. com*/ factory.setNamespaceAware(true); factory.setFeature("http://xml.org/sax/features/namespaces", false); factory.setFeature("http://xml.org/sax/features/validation", false); factory.setFeature("http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false); factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); return factory; }
From source file:Main.java
/** * Creates and returns an new document builder factory. This method tries to * configure the namespace support for the builder. If the underlying parser * does not support namespaces then this method returns a simple * DocumentBuilder object.//from w ww. j av a 2 s .co m * * @return a new document builder * @throws ParserConfigurationException */ private static DocumentBuilder getDocumentBuilder() throws ParserConfigurationException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); // never forget this! try { factory.setFeature("http://xml.org/sax/features/namespaces", true); } catch (Throwable t) { // Just skip it... } DocumentBuilder builder = factory.newDocumentBuilder(); return builder; }
From source file:com.mirth.connect.server.util.SqlConfig.java
/** * This method loads the MyBatis SQL config file for the database in use, * then appends sqlMap entries from any installed plugins */// ww w . java 2 s . c om public static void init() { try { LogFactory.useLog4JLogging(); System.setProperty("derby.stream.error.method", "com.mirth.connect.server.Mirth.getNullOutputStream"); DatabaseSettings databaseSettings = ControllerFactory.getFactory().createConfigurationController() .getDatabaseSettings(); BufferedReader br = new BufferedReader(Resources.getResourceAsReader("SqlMapConfig.xml")); // parse the SqlMapConfig (ignoring the DTD) DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); Document document = factory.newDocumentBuilder().parse(new InputSource(br)); addPluginSqlMaps(databaseSettings.getDatabase(), new DonkeyElement(document.getDocumentElement()).getChildElement("mappers")); DocumentSerializer docSerializer = new DocumentSerializer(); Reader reader = new StringReader(docSerializer.toXML(document)); sqlSessionfactory = new SqlSessionFactoryBuilder().build(reader, databaseSettings.getProperties()); sqlSessionManager = SqlSessionManager.newInstance(sqlSessionfactory); } catch (Exception e) { throw new RuntimeException(e); } }
From source file:Main.java
public static DocumentBuilder createParser() { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); try {/* w ww. jav a 2s . c o m*/ dbf.setNamespaceAware(true); dbf.setValidating(false); dbf.setFeature("http://xml.org/sax/features/namespaces", false); dbf.setFeature("http://xml.org/sax/features/validation", false); dbf.setFeature("http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false); dbf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); } catch (ParserConfigurationException ex) { throw new RuntimeException(ex); } try { return dbf.newDocumentBuilder(); } catch (ParserConfigurationException ex) { System.err.println("[error] XmlUtils: Cannot create a DocumentBuilder instance."); } return null; }
From source file:Main.java
public static DocumentBuilder newDocumentBuilder(Boolean disallowDoctypeDecl) throws ParserConfigurationException { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true);/* w ww. ja va 2 s. co m*/ dbf.setValidating(false); // avoid external entity attacks dbf.setFeature("http://xml.org/sax/features/external-general-entities", false); dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false); boolean isDissalowDoctypeDecl = disallowDoctypeDecl == null ? true : disallowDoctypeDecl; dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", isDissalowDoctypeDecl); // avoid overflow attacks dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); return dbf.newDocumentBuilder(); }