List of usage examples for javax.xml.parsers DocumentBuilderFactory setIgnoringComments
public void setIgnoringComments(boolean ignoreComments)
From source file:org.apache.wiki.auth.user.XMLUserDatabase.java
private void buildDOM() { // Read DOM//from ww w .j a v a 2s . c o m DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setValidating(false); factory.setExpandEntityReferences(false); factory.setIgnoringComments(true); factory.setNamespaceAware(false); try { c_dom = factory.newDocumentBuilder().parse(c_file); log.debug("Database successfully initialized"); c_lastModified = c_file.lastModified(); c_lastCheck = System.currentTimeMillis(); } catch (ParserConfigurationException e) { log.error("Configuration error: " + e.getMessage()); } catch (SAXException e) { log.error("SAX error: " + e.getMessage()); } catch (FileNotFoundException e) { log.info("User database not found; creating from scratch..."); } catch (IOException e) { log.error("IO error: " + e.getMessage()); } if (c_dom == null) { try { // // Create the DOM from scratch // c_dom = factory.newDocumentBuilder().newDocument(); c_dom.appendChild(c_dom.createElement("users")); } catch (ParserConfigurationException e) { log.fatal("Could not create in-memory DOM"); } } }
From source file:org.apache98.hadoop.conf.Configuration.java
private Resource loadResource(Properties properties, Resource wrapper, boolean quiet) { String name = UNKNOWN_RESOURCE; try {/*from ww w . j a v a 2s . c o m*/ Object resource = wrapper.getResource(); name = wrapper.getName(); DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); // ignore all comments inside the xml file docBuilderFactory.setIgnoringComments(true); // allow includes in the xml file docBuilderFactory.setNamespaceAware(true); try { docBuilderFactory.setXIncludeAware(true); } catch (UnsupportedOperationException e) { LOG.error("Failed to set setXIncludeAware(true) for parser " + docBuilderFactory + ":" + e, e); } DocumentBuilder builder = docBuilderFactory.newDocumentBuilder(); Document doc = null; Element root = null; boolean returnCachedProperties = false; if (resource instanceof URL) { // an URL resource doc = parse(builder, (URL) resource); } else if (resource instanceof String) { // a CLASSPATH resource URL url = getResource((String) resource); doc = parse(builder, url); } else if (resource instanceof Path) { // a file resource // Can't use FileSystem API or we get an infinite loop // since FileSystem uses Configuration API. Use java.io.File instead. File file = new File(((Path) resource).toUri().getPath()).getAbsoluteFile(); if (file.exists()) { if (!quiet) { LOG.debug("parsing File " + file); } doc = parse(builder, new BufferedInputStream(new FileInputStream(file)), ((Path) resource).toString()); } } else if (resource instanceof InputStream) { doc = parse(builder, (InputStream) resource, null); returnCachedProperties = true; } else if (resource instanceof Properties) { overlay(properties, (Properties) resource); } else if (resource instanceof Element) { root = (Element) resource; } if (root == null) { if (doc == null) { if (quiet) { return null; } throw new RuntimeException(resource + " not found"); } root = doc.getDocumentElement(); } Properties toAddTo = properties; if (returnCachedProperties) { toAddTo = new Properties(); } if (!"configuration".equals(root.getTagName())) { LOG.fatal("bad conf file: top-level element not <configuration>"); } NodeList props = root.getChildNodes(); DeprecationContext deprecations = deprecationContext.get(); for (int i = 0; i < props.getLength(); i++) { Node propNode = props.item(i); if (!(propNode instanceof Element)) { continue; } Element prop = (Element) propNode; if ("configuration".equals(prop.getTagName())) { loadResource(toAddTo, new Resource(prop, name), quiet); continue; } if (!"property".equals(prop.getTagName())) { LOG.warn("bad conf file: element not <property>"); } NodeList fields = prop.getChildNodes(); String attr = null; String value = null; boolean finalParameter = false; LinkedList<String> source = new LinkedList<String>(); for (int j = 0; j < fields.getLength(); j++) { Node fieldNode = fields.item(j); if (!(fieldNode instanceof Element)) { continue; } Element field = (Element) fieldNode; if ("name".equals(field.getTagName()) && field.hasChildNodes()) { attr = StringInterner.weakIntern(((Text) field.getFirstChild()).getData().trim()); } if ("value".equals(field.getTagName()) && field.hasChildNodes()) { value = StringInterner.weakIntern(((Text) field.getFirstChild()).getData()); } if ("final".equals(field.getTagName()) && field.hasChildNodes()) { finalParameter = "true".equals(((Text) field.getFirstChild()).getData()); } if ("source".equals(field.getTagName()) && field.hasChildNodes()) { source.add(StringInterner.weakIntern(((Text) field.getFirstChild()).getData())); } } source.add(name); // Ignore this parameter if it has already been marked as 'final' if (attr != null) { if (deprecations.getDeprecatedKeyMap().containsKey(attr)) { DeprecatedKeyInfo keyInfo = deprecations.getDeprecatedKeyMap().get(attr); keyInfo.clearAccessed(); for (String key : keyInfo.newKeys) { // update new keys with deprecated key's value loadProperty(toAddTo, name, key, value, finalParameter, source.toArray(new String[source.size()])); } } else { loadProperty(toAddTo, name, attr, value, finalParameter, source.toArray(new String[source.size()])); } } } if (returnCachedProperties) { overlay(properties, toAddTo); return new Resource(toAddTo, name); } return null; } catch (IOException e) { LOG.fatal("error parsing conf " + name, e); throw new RuntimeException(e); } catch (DOMException e) { LOG.fatal("error parsing conf " + name, e); throw new RuntimeException(e); } catch (SAXException e) { LOG.fatal("error parsing conf " + name, e); throw new RuntimeException(e); } catch (ParserConfigurationException e) { LOG.fatal("error parsing conf " + name, e); throw new RuntimeException(e); } }
From source file:org.codelibs.robot.transformer.impl.XmlTransformer.java
@Override public ResultData transform(final ResponseData responseData) { if (responseData == null || responseData.getResponseBody() == null) { throw new RobotCrawlAccessException("No response body."); }// w w w . j a va 2 s .c o m final File tempFile = ResponseDataUtil.createResponseBodyFile(responseData); FileInputStream fis = null; try { fis = new FileInputStream(tempFile); final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); for (final Map.Entry<String, Object> entry : attributeMap.entrySet()) { factory.setAttribute(entry.getKey(), entry.getValue()); } for (final Map.Entry<String, String> entry : featureMap.entrySet()) { factory.setFeature(entry.getKey(), "true".equalsIgnoreCase(entry.getValue())); } factory.setCoalescing(coalescing); factory.setExpandEntityReferences(expandEntityRef); factory.setIgnoringComments(ignoringComments); factory.setIgnoringElementContentWhitespace(ignoringElementContentWhitespace); factory.setNamespaceAware(namespaceAware); factory.setValidating(validating); factory.setXIncludeAware(includeAware); final DocumentBuilder builder = factory.newDocumentBuilder(); final Document doc = builder.parse(fis); final StringBuilder buf = new StringBuilder(1000); buf.append(getResultDataHeader()); for (final Map.Entry<String, String> entry : fieldRuleMap.entrySet()) { final List<String> nodeStrList = new ArrayList<String>(); try { final NodeList nodeList = getNodeList(doc, entry.getValue()); for (int i = 0; i < nodeList.getLength(); i++) { final Node node = nodeList.item(i); nodeStrList.add(node.getTextContent()); } } catch (final TransformerException e) { logger.warn("Could not parse a value of " + entry.getKey() + ":" + entry.getValue(), e); } if (nodeStrList.size() == 1) { buf.append(getResultDataBody(entry.getKey(), nodeStrList.get(0))); } else if (nodeStrList.size() > 1) { buf.append(getResultDataBody(entry.getKey(), nodeStrList)); } } buf.append(getAdditionalData(responseData, doc)); buf.append(getResultDataFooter()); final ResultData resultData = new ResultData(); resultData.setTransformerName(getName()); try { resultData.setData(buf.toString().getBytes(charsetName)); } catch (final UnsupportedEncodingException e) { if (logger.isInfoEnabled()) { logger.info("Invalid charsetName: " + charsetName + ". Changed to " + Constants.UTF_8, e); } charsetName = Constants.UTF_8_CHARSET.name(); resultData.setData(buf.toString().getBytes(Constants.UTF_8_CHARSET)); } resultData.setEncoding(charsetName); return resultData; } catch (final RobotSystemException e) { throw e; } catch (final Exception e) { throw new RobotSystemException("Could not store data.", e); } finally { IOUtils.closeQuietly(fis); // clean up if (!tempFile.delete()) { logger.warn("Could not delete a temp file: " + tempFile); } } }
From source file:org.codice.ddf.cxf.SecureCxfClientFactoryTest.java
private Element getAssertionElement() throws Exception { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setValidating(false);//w w w.ja v a 2 s.c o m dbf.setIgnoringComments(false); dbf.setIgnoringElementContentWhitespace(true); dbf.setNamespaceAware(true); DocumentBuilder db = dbf.newDocumentBuilder(); db.setEntityResolver(new DOMUtils.NullResolver()); return db.parse(SecureCxfClientFactoryTest.class.getResourceAsStream("/SAMLAssertion.xml")) .getDocumentElement(); }
From source file:org.codice.ddf.security.common.jaxrs.RestSecurityTest.java
public static Document readXml(InputStream is) throws SAXException, IOException, ParserConfigurationException { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setValidating(false);// ww w . j av a 2 s .com dbf.setIgnoringComments(false); dbf.setIgnoringElementContentWhitespace(true); dbf.setNamespaceAware(true); // dbf.setCoalescing(true); // dbf.setExpandEntityReferences(true); DocumentBuilder db = null; db = dbf.newDocumentBuilder(); db.setEntityResolver(new DOMUtils.NullResolver()); // db.setErrorHandler( new MyErrorHandler()); return db.parse(is); }
From source file:org.codice.ddf.security.idp.server.IdpEndpointTest.java
public static Document readXml(InputStream is) throws SAXException, IOException, ParserConfigurationException { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setValidating(false);/*from www . j a v a2 s . c om*/ dbf.setIgnoringComments(false); dbf.setIgnoringElementContentWhitespace(true); dbf.setNamespaceAware(true); DocumentBuilder db = dbf.newDocumentBuilder(); db.setEntityResolver(new DOMUtils.NullResolver()); return db.parse(is); }
From source file:org.codice.ddf.security.servlet.expiry.SessionManagementServiceTest.java
private static Document readXml(InputStream is) throws SAXException, IOException, ParserConfigurationException { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setValidating(false);// ww w. j a v a 2 s .c o m dbf.setIgnoringComments(false); dbf.setIgnoringElementContentWhitespace(true); dbf.setNamespaceAware(true); DocumentBuilder db = dbf.newDocumentBuilder(); db.setEntityResolver(new DOMUtils.NullResolver()); return db.parse(is); }
From source file:org.cruxframework.crux.core.declarativeui.ViewProcessor.java
/** * Initializes the static resources//from w w w .j ava 2 s .c o m */ private static void init() { if (documentBuilder == null) { lock.lock(); if (documentBuilder == null) { try { DocumentBuilderFactory builderFactory = DocumentBuilderFactory.newInstance(); builderFactory.setNamespaceAware(true); builderFactory.setIgnoringComments(true); builderFactory.setIgnoringElementContentWhitespace(true); documentBuilder = builderFactory.newDocumentBuilder(); documentBuilder.setEntityResolver(new EntityResolver() { @Override public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException { if (systemId.contains("crux-view.dtd")) { return new InputSource(new ByteArrayInputStream(getValidEntities().getBytes())); } else { return null; } } private String getValidEntities() { StringBuffer sb = new StringBuffer(); sb.append("<!ENTITY quot \""\">"); sb.append("<!ENTITY amp \"&\">"); sb.append("<!ENTITY apos \"'\">"); sb.append("<!ENTITY lt \"<\">"); sb.append("<!ENTITY gt \">\">"); sb.append("<!ENTITY nbsp \" \">"); return sb.toString(); } }); initializePreProcessors(); } catch (Throwable e) { log.error("Error initializing cruxToHtmlTransformer.", e); } finally { lock.unlock(); } } } }
From source file:org.cytobank.acs.core.TableOfContents.java
/** * <p>Creates a DocumentBuilder with Cytobank's preferred security settings * applied to it. Specifically turning off external entities and external * DTDs to prevent External Entity Exploits (XXE)</p> * * @throws ParserConfigurationException//from ww w .j a v a 2 s . c om * @return DocumentBuilder */ protected DocumentBuilder getDocumentBuilder() throws ParserConfigurationException { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); DocumentBuilder db = null; String FEATURE = null; // This is the PRIMARY defense. If DTDs (doctypes) are disallowed, almost all XML entity attacks are prevented // Xerces 2 only - http://xerces.apache.org/xerces2-j/features.html#disallow-doctype-decl FEATURE = "http://apache.org/xml/features/disallow-doctype-decl"; dbf.setFeature(FEATURE, true); // If you can't completely disable DTDs, then at least do the following: // Xerces 1 - http://xerces.apache.org/xerces-j/features.html#external-general-entities // Xerces 2 - http://xerces.apache.org/xerces2-j/features.html#external-general-entities // JDK7+ - http://xml.org/sax/features/external-general-entities FEATURE = "http://xml.org/sax/features/external-general-entities"; dbf.setFeature(FEATURE, false); // Xerces 1 - http://xerces.apache.org/xerces-j/features.html#external-parameter-entities // Xerces 2 - http://xerces.apache.org/xerces2-j/features.html#external-parameter-entities // JDK7+ - http://xml.org/sax/features/external-parameter-entities FEATURE = "http://xml.org/sax/features/external-parameter-entities"; dbf.setFeature(FEATURE, false); // Disable external DTDs as well FEATURE = "http://apache.org/xml/features/nonvalidating/load-external-dtd"; dbf.setFeature(FEATURE, false); // and these as well, per Timothy Morgan's 2014 paper: "XML Schema, DTD, and Entity Attacks" (see reference below) dbf.setXIncludeAware(false); dbf.setExpandEntityReferences(false); // And, per Timothy Morgan: "If for some reason support for inline DOCTYPEs are a requirement, then // ensure the entity settings are disabled (as shown above) and beware that SSRF attacks // (http://cwe.mitre.org/data/definitions/918.html) and denial // of service attacks (such as billion laughs or decompression bombs via "jar:") are a risk." boolean namespaceAware = true; boolean xsdValidate = false; boolean ignoreWhitespace = false; boolean ignoreComments = false; boolean putCDATAIntoText = false; boolean createEntityRefs = false; dbf.setNamespaceAware(namespaceAware); dbf.setValidating(xsdValidate); dbf.setIgnoringComments(ignoreComments); dbf.setIgnoringElementContentWhitespace(ignoreWhitespace); dbf.setCoalescing(putCDATAIntoText); dbf.setExpandEntityReferences(createEntityRefs); db = dbf.newDocumentBuilder(); return db; }
From source file:org.dspace.app.sherpa.SHERPAResponse.java
public SHERPAResponse(InputStream xmlData) { try {//from w w w . j ava2 s. c om DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setValidating(false); factory.setIgnoringComments(true); factory.setIgnoringElementContentWhitespace(true); DocumentBuilder db = factory.newDocumentBuilder(); Document inDoc = db.parse(xmlData); Element xmlRoot = inDoc.getDocumentElement(); Element headersElement = XMLUtils.getSingleElement(xmlRoot, "header"); Element journalsElement = XMLUtils.getSingleElement(xmlRoot, "journals"); Element publishersElement = XMLUtils.getSingleElement(xmlRoot, "publishers"); message = XMLUtils.getElementValue(headersElement, "message"); if (StringUtils.isNotBlank(message)) { error = true; return; } license = XMLUtils.getElementValue(headersElement, "license"); licenseURL = XMLUtils.getElementValue(headersElement, "licenseurl"); disclaimer = XMLUtils.getElementValue(headersElement, "disclaimer"); List<Element> journalsList = XMLUtils.getElementList(journalsElement, "journal"); List<Element> publishersList = XMLUtils.getElementList(publishersElement, "publisher"); if (journalsList != null) { journals = new LinkedList<SHERPAJournal>(); for (Element journalElement : journalsList) { journals.add(new SHERPAJournal(XMLUtils.getElementValue(journalElement, "jtitle"), XMLUtils.getElementValue(journalElement, "issn"), XMLUtils.getElementValue(journalElement, "zetopub"), XMLUtils.getElementValue(journalElement, "romeopub"))); } } if (publishersList != null) { publishers = new LinkedList<SHERPAPublisher>(); for (Element publisherElement : publishersList) { Element preprintsElement = XMLUtils.getSingleElement(publisherElement, "preprints"); Element preprintsRestrictionElement = XMLUtils.getSingleElement(publisherElement, "prerestrictions"); Element postprintsElement = XMLUtils.getSingleElement(publisherElement, "postprints"); Element postprintsRestrictionElement = XMLUtils.getSingleElement(publisherElement, "postrestrictions"); Element pdfversionElement = XMLUtils.getSingleElement(publisherElement, "pdfversion"); Element pdfversionRestrictionElement = XMLUtils.getSingleElement(publisherElement, "pdfrestrictions"); Element conditionsElement = XMLUtils.getSingleElement(publisherElement, "conditions"); Element paidaccessElement = XMLUtils.getSingleElement(publisherElement, "paidaccess"); Element copyrightlinksElement = XMLUtils.getSingleElement(publisherElement, "copyrightlinks"); publishers.add(new SHERPAPublisher(XMLUtils.getElementValue(publisherElement, "name"), XMLUtils.getElementValue(publisherElement, "alias"), XMLUtils.getElementValue(publisherElement, "homeurl"), XMLUtils.getElementValue(preprintsElement, "prearchiving"), XMLUtils.getElementValueList(preprintsRestrictionElement, "prerestriction"), XMLUtils.getElementValue(postprintsElement, "postarchiving"), XMLUtils.getElementValueList(postprintsRestrictionElement, "postrestriction"), XMLUtils.getElementValue(pdfversionElement, "pdfarchiving"), XMLUtils.getElementValueList(pdfversionRestrictionElement, "pdfrestriction"), XMLUtils.getElementValueList(conditionsElement, "condition"), XMLUtils.getElementValue(paidaccessElement, "paidaccessurl"), XMLUtils.getElementValue(paidaccessElement, "paidaccessname"), XMLUtils.getElementValue(paidaccessElement, "paidaccessnotes"), XMLUtils.getElementValueArrayList(copyrightlinksElement, "copyrightlink", "copyrightlinktext", "copyrightlinkurl"), XMLUtils.getElementValue(publisherElement, "romeocolour"), XMLUtils.getElementValue(publisherElement, "dateadded"), XMLUtils.getElementValue(publisherElement, "dateupdated"))); } } } catch (Exception e) { error = true; } }