List of usage examples for javax.xml.parsers DocumentBuilderFactory setIgnoringComments
public void setIgnoringComments(boolean ignoreComments)
From source file:org.wso2.balana.finder.impl.FileBasedPolicyFinderModule.java
/** * Private helper that tries to load the given file-based policy, and * returns null if any error occurs./*from w w w .j a v a 2s. com*/ * * @param policyFile file path to policy * @param finder policy finder * @return <code>AbstractPolicy</code> */ private AbstractPolicy loadPolicy(String policyFile, PolicyFinder finder) { AbstractPolicy policy = null; InputStream stream = null; try { // create the factory DocumentBuilderFactory factory = Utils.getSecuredDocumentBuilderFactory(); factory.setIgnoringComments(true); factory.setNamespaceAware(true); factory.setValidating(false); // create a builder based on the factory & try to load the policy DocumentBuilder db = factory.newDocumentBuilder(); stream = new FileInputStream(policyFile); Document doc = db.parse(stream); // handle the policy, if it's a known type Element root = doc.getDocumentElement(); String name = DOMHelper.getLocalName(root); if (name.equals("Policy")) { policy = Policy.getInstance(root); } else if (name.equals("PolicySet")) { policy = PolicySet.getInstance(root, finder); } } catch (Exception e) { // just only logs log.error("Fail to load policy : " + policyFile, e); } finally { if (stream != null) { try { stream.close(); } catch (IOException e) { log.error("Error while closing input stream"); } } } if (policy != null) { policies.put(policy.getId(), policy); } return policy; }
From source file:org.wso2.bps.samples.migration.MigrationExecutor.java
/** * Create DB connection/*from w w w .j a v a2 s .c o m*/ * @return Connection * @throws ParserConfigurationException * @throws IOException * @throws SAXException * @throws ClassNotFoundException * @throws SQLException */ private static Connection initializeDBConnection() throws ParserConfigurationException, IOException, SAXException, ClassNotFoundException, SQLException { String databaseUsername = null; String databasePassword = null; String databaseDriver = null; boolean dbConfigFound = false; String configPath = System.getProperty("carbon.home") + File.separator + "repository" + File.separator + "conf" + File.separator + "datasources" + File.separator + "bps-datasources.xml"; System.out.println("Using datasource config file at :" + configPath); File elementXmlFile = new File(configPath); DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance(); dbFactory.setIgnoringComments(true); dbFactory.setIgnoringElementContentWhitespace(true); DocumentBuilder dBuilder = dbFactory.newDocumentBuilder(); Document document = dBuilder.parse(elementXmlFile); document.getDocumentElement().normalize(); NodeList datasourceList = document.getDocumentElement().getElementsByTagName("datasource"); for (int i = 0; i < datasourceList.getLength(); i++) { Node datasource = datasourceList.item(i); String dbName = ((DeferredElementImpl) datasource).getElementsByTagName("name").item(0) .getTextContent(); if (dbName.equals("BPS_DS")) { databaseURL = document.getDocumentElement().getElementsByTagName("url").item(i).getTextContent() .split(";")[0]; databaseDriver = document.getDocumentElement().getElementsByTagName("driverClassName").item(i) .getTextContent(); databaseUsername = document.getDocumentElement().getElementsByTagName("username").item(i) .getTextContent(); databasePassword = document.getDocumentElement().getElementsByTagName("password").item(i) .getTextContent(); dbConfigFound = true; break; } } if (!dbConfigFound) { System.out.println("DB configurations not found or invalid!"); System.exit(0); } Class.forName(databaseDriver); return DriverManager.getConnection(databaseURL, databaseUsername, databasePassword); }
From source file:org.wso2.bps.samples.processcleanup.CleanupExecutor.java
/** * Create DB connection//from ww w .j ava2s. c om * * @return Connection * @throws ParserConfigurationException * @throws IOException * @throws SAXException * @throws ClassNotFoundException * @throws SQLException */ private static Connection initializeDBConnection() throws ParserConfigurationException, IOException, SAXException, ClassNotFoundException, SQLException { String databaseUsername = null; String databasePassword = null; String databaseDriver = null; boolean dbConfigFound = false; bpsHome = System.getProperty(CleanupConstants.CARBON_HOME); if (!(bpsHome.endsWith(File.separator))) { bpsHome += File.separator; } System.out.println("Processcleanuptool startup - BPS HOME DIRECTORY : " + bpsHome); String configPath = bpsHome + CleanupConstants.REPOSITORY + File.separator + CleanupConstants.CONF + File.separator + CleanupConstants.DATASOURCES + File.separator + CleanupConstants.BPS_DATASOURCES; File elementXmlFile = new File(configPath); DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance(); dbFactory.setIgnoringComments(true); dbFactory.setIgnoringElementContentWhitespace(true); DocumentBuilder dBuilder = dbFactory.newDocumentBuilder(); Document document = dBuilder.parse(elementXmlFile); document.getDocumentElement().normalize(); NodeList datasourceList = document.getDocumentElement().getElementsByTagName(CleanupConstants.DATASOURCE); for (int i = 0; i < datasourceList.getLength(); i++) { Node datasource = datasourceList.item(i); String dbName = ((DeferredElementImpl) datasource).getElementsByTagName(CleanupConstants.NAME).item(0) .getTextContent(); if (dbName.equals(CleanupConstants.BPS_DS)) { databaseURL = document.getDocumentElement().getElementsByTagName(CleanupConstants.URL).item(i) .getTextContent().split(";")[0]; databaseDriver = document.getDocumentElement() .getElementsByTagName(CleanupConstants.DRIVER_CLASS_NAME).item(i).getTextContent(); databaseUsername = document.getDocumentElement().getElementsByTagName(CleanupConstants.USER_NAME) .item(i).getTextContent(); databasePassword = document.getDocumentElement().getElementsByTagName(CleanupConstants.PASSWORD) .item(i).getTextContent(); dbConfigFound = true; break; } } if (!dbConfigFound) { log.error("DB configurations not found or invalid!"); System.exit(0); } Class.forName(databaseDriver); return DriverManager.getConnection(databaseURL, databaseUsername, databasePassword); }
From source file:org.wso2.carbon.automation.engine.configurations.AutomationConfigurationReader.java
private static Document readConfigurationXmlDocument() throws Exception { File fXmlFile = new File( FrameworkPathUtil.getSystemResourceLocation() + FrameworkConstants.CONFIGURATION_FILE_NAME); DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance(); //remove all comments from the content of the automation.xml dbFactory.setIgnoringComments(true); DocumentBuilder dBuilder = dbFactory.newDocumentBuilder(); Document xmlDocument = dBuilder.parse(fXmlFile); //remove all text(empty) elements removeText(xmlDocument);//ww w .j ava2s . c om xmlDocument.normalizeDocument(); return xmlDocument; }
From source file:org.wso2.carbon.dataservices.core.XSLTTransformer.java
/** * This method provides a secured document builder which will secure XXE attacks. * * @param setIgnoreComments whether to set setIgnoringComments in DocumentBuilderFactory. * @return DocumentBuilder//from ww w . jav a 2s .c om * @throws javax.xml.parsers.ParserConfigurationException */ private static DocumentBuilder getSecuredDocumentBuilder(boolean setIgnoreComments) throws ParserConfigurationException { DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setIgnoringComments(setIgnoreComments); documentBuilderFactory.setNamespaceAware(true); documentBuilderFactory.setExpandEntityReferences(false); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); documentBuilder.setEntityResolver(new EntityResolver() { @Override public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException { throw new SAXException("Possible XML External Entity (XXE) attack. Skip resolving entity"); } }); return documentBuilder; }
From source file:org.wso2.carbon.datasource.utils.DataSourceUtils.java
/** * This method provides a secured document builder which will secure XXE attacks. * * @param setIgnoreComments whether to set setIgnoringComments in DocumentBuilderFactory. * @return DocumentBuilder//from w ww . j a v a2 s . c o m * @throws ParserConfigurationException */ private static DocumentBuilder getSecuredDocumentBuilder(boolean setIgnoreComments) throws ParserConfigurationException { DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setIgnoringComments(setIgnoreComments); documentBuilderFactory.setNamespaceAware(true); documentBuilderFactory.setExpandEntityReferences(false); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); documentBuilder.setEntityResolver((publicId, systemId) -> { throw new SAXException("Possible XML External Entity (XXE) attack. Skip resolving entity"); }); return documentBuilder; }
From source file:org.wso2.carbon.identity.entitlement.EntitlementUtil.java
/** * * This method provides a secured document builder which will secure XXE attacks. * * @param setIgnoreComments whether to set setIgnoringComments in DocumentBuilderFactory. * @return DocumentBuilder//from w w w. j a va 2 s . c o m * @throws ParserConfigurationException */ private static DocumentBuilder getSecuredDocumentBuilder(boolean setIgnoreComments) throws ParserConfigurationException { DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setIgnoringComments(setIgnoreComments); documentBuilderFactory.setNamespaceAware(true); documentBuilderFactory.setExpandEntityReferences(false); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); SecurityManager securityManager = new SecurityManager(); securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT); documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); documentBuilder.setEntityResolver(new CarbonEntityResolver()); return documentBuilder; }
From source file:org.wso2.carbon.identity.entitlement.pap.PAPPolicyReader.java
private PAPPolicyReader(PolicyFinder policyFinder) { this.policyFinder = policyFinder; // create the factory DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setIgnoringComments(true); documentBuilderFactory.setNamespaceAware(true); documentBuilderFactory.setExpandEntityReferences(false); SecurityManager securityManager = new SecurityManager(); securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT); documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager); // now use the factory to create the document builder try {//from www.j a v a 2s . co m documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); builder = documentBuilderFactory.newDocumentBuilder(); builder.setEntityResolver(new CarbonEntityResolver()); builder.setErrorHandler(this); } catch (ParserConfigurationException pce) { throw new IllegalArgumentException("Filed to setup repository: "); } }
From source file:org.wso2.carbon.identity.entitlement.policy.PolicyReader.java
private PolicyReader(PolicyFinder policyFinder) { this.policyFinder = policyFinder; // create the factory DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setIgnoringComments(true); factory.setNamespaceAware(true);/*from w ww. j a va2 s . com*/ // now use the factory to create the document builder try { builder = factory.newDocumentBuilder(); builder.setErrorHandler(this); } catch (ParserConfigurationException pce) { throw new IllegalArgumentException("Filed to setup repository: "); } }
From source file:org.wso2.carbon.policyeditor.PolicyEditorService.java
/** * Formats a given unformatted XML string * * @param xml/*from w ww. ja v a 2 s. c o m*/ * @return A CDATA wrapped, formatted XML String */ public String formatXML(String xml) { try { // create the factory DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance(); docFactory.setIgnoringComments(true); docFactory.setNamespaceAware(true); docFactory.setExpandEntityReferences(false); SecurityManager securityManager = new SecurityManager(); securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT); docFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager); DocumentBuilder docBuilder; Document xmlDoc; // now use the factory to create the document builder docFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); docBuilder = docFactory.newDocumentBuilder(); docBuilder.setEntityResolver(new CarbonEntityResolver()); xmlDoc = docBuilder.parse(new ByteArrayInputStream(xml.getBytes(Charsets.UTF_8))); OutputFormat format = new OutputFormat(xmlDoc); format.setLineWidth(0); format.setIndenting(true); format.setIndent(2); ByteArrayOutputStream baos = new ByteArrayOutputStream(); XMLSerializer serializer = new XMLSerializer(baos, format); serializer.serialize(xmlDoc); xml = baos.toString("UTF-8"); } catch (ParserConfigurationException pce) { throw new IllegalArgumentException("Failed to setup repository: "); } catch (Exception e) { log.error(e); } return "<![CDATA[" + xml + "]]>"; }