List of usage examples for javax.xml.parsers DocumentBuilderFactory setIgnoringComments
public void setIgnoringComments(boolean ignoreComments)
From source file:org.wso2.carbon.task.ui.internal.TaskManagementHelper.java
/** * This method provides a secured document builder which will secure XXE attacks. * * @param setIgnoreComments whether to set setIgnoringComments in DocumentBuilderFactory. * @return DocumentBuilder//from w w w.ja v a2 s. co m * @throws javax.xml.parsers.ParserConfigurationException */ public static DocumentBuilder getSecuredDocumentBuilder(boolean setIgnoreComments) throws ParserConfigurationException { DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setIgnoringComments(setIgnoreComments); documentBuilderFactory.setNamespaceAware(true); documentBuilderFactory.setExpandEntityReferences(false); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); documentBuilderFactory.setXIncludeAware(false); org.apache.xerces.util.SecurityManager securityManager = new SecurityManager(); securityManager.setEntityExpansionLimit(0); documentBuilderFactory.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY, securityManager); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); documentBuilder.setEntityResolver(new EntityResolver() { @Override public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException { throw new SAXException("Possible XML External Entity (XXE) attack. Skipping entity resolving"); } }); return documentBuilder; }
From source file:org.wso2.ei.businessprocess.utils.migration.MigrationExecutor.java
/** * Create DB connection/*from ww w .j ava 2 s. com*/ * @return Connection * @throws ParserConfigurationException * @throws IOException * @throws SAXException * @throws ClassNotFoundException * @throws SQLException */ private static Connection initializeDBConnection() throws ParserConfigurationException, IOException, SAXException, ClassNotFoundException, SQLException { String databaseUsername = null; String databasePassword = null; String databaseDriver = null; boolean dbConfigFound = false; String configPath = System.getProperty("carbon.home") + File.separator + "conf" + File.separator + "datasources" + File.separator + "bps-datasources.xml"; System.out.println("Using datasource config file at :" + configPath); File elementXmlFile = new File(configPath); DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance(); dbFactory.setIgnoringComments(true); dbFactory.setIgnoringElementContentWhitespace(true); DocumentBuilder dBuilder = dbFactory.newDocumentBuilder(); Document document = dBuilder.parse(elementXmlFile); document.getDocumentElement().normalize(); NodeList datasourceList = document.getDocumentElement().getElementsByTagName("datasource"); for (int i = 0; i < datasourceList.getLength(); i++) { Node datasource = datasourceList.item(i); String dbName = ((DeferredElementImpl) datasource).getElementsByTagName("name").item(0) .getTextContent(); if (dbName.equals("BPS_DS")) { databaseURL = document.getDocumentElement().getElementsByTagName("url").item(i).getTextContent() .split(";")[0]; databaseDriver = document.getDocumentElement().getElementsByTagName("driverClassName").item(i) .getTextContent(); databaseUsername = document.getDocumentElement().getElementsByTagName("username").item(i) .getTextContent(); databasePassword = document.getDocumentElement().getElementsByTagName("password").item(i) .getTextContent(); dbConfigFound = true; break; } } if (!dbConfigFound) { System.out.println("DB configurations not found or invalid!"); System.exit(0); } Class.forName(databaseDriver); return DriverManager.getConnection(databaseURL, databaseUsername, databasePassword); }
From source file:org.wso2.ei.businessprocess.utils.processcleanup.CleanupExecutor.java
/** * Create DB connection/*from w ww . ja v a 2 s .c o m*/ * * @return Connection * @throws ParserConfigurationException * @throws IOException * @throws SAXException * @throws ClassNotFoundException * @throws SQLException */ private static Connection initializeDBConnection() throws ParserConfigurationException, IOException, SAXException, ClassNotFoundException, SQLException { String databaseUsername = null; String databasePassword = null; String databaseDriver = null; boolean dbConfigFound = false; bpsHome = System.getProperty(CleanupConstants.CARBON_HOME); if (!(bpsHome.endsWith(File.separator))) { bpsHome += File.separator; } System.out.println("Processcleanuptool startup - BPS HOME DIRECTORY : " + bpsHome); String configPath = bpsHome + File.separator + CleanupConstants.CONF + File.separator + CleanupConstants.DATASOURCES + File.separator + CleanupConstants.BPS_DATASOURCES; File elementXmlFile = new File(configPath); DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance(); dbFactory.setIgnoringComments(true); dbFactory.setIgnoringElementContentWhitespace(true); DocumentBuilder dBuilder = dbFactory.newDocumentBuilder(); Document document = dBuilder.parse(elementXmlFile); document.getDocumentElement().normalize(); NodeList datasourceList = document.getDocumentElement().getElementsByTagName(CleanupConstants.DATASOURCE); for (int i = 0; i < datasourceList.getLength(); i++) { Node datasource = datasourceList.item(i); String dbName = ((DeferredElementImpl) datasource).getElementsByTagName(CleanupConstants.NAME).item(0) .getTextContent(); if (dbName.equals(CleanupConstants.BPS_DS)) { databaseURL = document.getDocumentElement().getElementsByTagName(CleanupConstants.URL).item(i) .getTextContent().split(";")[0]; databaseDriver = document.getDocumentElement() .getElementsByTagName(CleanupConstants.DRIVER_CLASS_NAME).item(i).getTextContent(); databaseUsername = document.getDocumentElement().getElementsByTagName(CleanupConstants.USER_NAME) .item(i).getTextContent(); databasePassword = document.getDocumentElement().getElementsByTagName(CleanupConstants.PASSWORD) .item(i).getTextContent(); dbConfigFound = true; break; } } if (!dbConfigFound) { log.error("DB configurations not found or invalid!"); System.exit(0); } Class.forName(databaseDriver); return DriverManager.getConnection(databaseURL, databaseUsername, databasePassword); }
From source file:org.wso2.identity.scenarios.commons.SAML2SSOTestBase.java
private XMLObject unmarshall(String saml2SSOString) throws Exception { doBootstrap();//from w w w . j a v a2 s .c om DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); documentBuilderFactory.setXIncludeAware(false); documentBuilderFactory.setExpandEntityReferences(false); try { documentBuilderFactory .setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false); documentBuilderFactory.setFeature( Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false); documentBuilderFactory.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); } catch (ParserConfigurationException e) { log.error("Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or " + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE + " or secure-processing."); } org.apache.xerces.util.SecurityManager securityManager = new SecurityManager(); securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT); documentBuilderFactory.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY, securityManager); documentBuilderFactory.setIgnoringComments(true); Document document = getDocument(documentBuilderFactory, saml2SSOString); if (isSignedWithComments(document)) { documentBuilderFactory.setIgnoringComments(false); document = getDocument(documentBuilderFactory, saml2SSOString); } Element element = document.getDocumentElement(); UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element); return unmarshaller.unmarshall(element); }
From source file:ru.codeinside.gses.webui.utils.JarParseUtils.java
public static Document readXml(InputStream is) throws SAXException, IOException, ParserConfigurationException { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setValidating(false);/*from w ww. j a v a 2s .c o m*/ dbf.setIgnoringComments(false); dbf.setIgnoringElementContentWhitespace(true); dbf.setNamespaceAware(true); // dbf.setCoalescing(true); // dbf.setExpandEntityReferences(true); DocumentBuilder db = dbf.newDocumentBuilder(); db.setEntityResolver(new NullResolver()); // db.setErrorHandler( new MyErrorHandler()); return db.parse(is); }
From source file:tkwatch.Utilities.java
/** * Gets a working instance of a document builder. * //from w ww . java 2s . c o m * @return The document builder instance. * @throws ParserConfigurationException */ public static final DocumentBuilder getDocumentBuilder() throws ParserConfigurationException { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setValidating(false); dbf.setIgnoringComments(false); dbf.setIgnoringElementContentWhitespace(true); dbf.setNamespaceAware(true); DocumentBuilder builder = dbf.newDocumentBuilder(); builder.setEntityResolver(new NullResolver()); return builder; }
From source file:tufts.vue.ds.XMLIngest.java
private static org.w3c.dom.Document parseXML(Object input, boolean validating) { try {/* www. j ava 2 s . co m*/ // Create a builder factory javax.xml.parsers.DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setIgnoringElementContentWhitespace(true); factory.setIgnoringComments(true); //factory.setCoalescing(true); factory.setValidating(validating); // Create the builder and parse the file final org.w3c.dom.Document doc; if (input instanceof String) { doc = factory.newDocumentBuilder().parse(new File((String) input)); } else if (input instanceof InputSource) { doc = factory.newDocumentBuilder().parse((InputSource) input); } else if (input instanceof InputStream) { // InputSource encoded = new InputSource(); // encoded.setByteStream((InputStream)input); // encoded.setEncoding("ISO-8859-1"); // TODO: get from url stream // doc = factory.newDocumentBuilder().parse(encoded); // //doc = factory.newDocumentBuilder().parse(new InputStreamReader((InputStream) input, "ISO-8859-1")); doc = factory.newDocumentBuilder().parse((InputStream) input); } else throw new Error("Unhandled input type: " + Util.tags(input)); return doc; } catch (Throwable t) { t.printStackTrace(); } /*catch (SAXException e) { // A parsing error occurred; the xml input is not valid } catch (ParserConfigurationException e) { } catch (IOException e) { } */ return null; }
From source file:ubic.gemma.core.loader.entrez.pubmed.ESearchXMLParser.java
private Document openAndParse(InputStream is) throws IOException, ParserConfigurationException, SAXException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setIgnoringComments(true); DocumentBuilder builder = factory.newDocumentBuilder(); return builder.parse(is); }
From source file:ubic.gemma.core.loader.entrez.pubmed.PubMedXMLParser.java
public Collection<BibliographicReference> parse(InputStream is) { try {//from www . j a v a 2 s .c om // if ( is.available() == 0 ) { // throw new IOException( "XML stream contains no data." ); // } DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setIgnoringComments(true); factory.setValidating(false); builder = factory.newDocumentBuilder(); Document document = builder.parse(is); PubMedXMLParser.log.debug("done parsing"); return this.extractBibRefs(document); } catch (IOException | SAXException | ParserConfigurationException e) { throw new RuntimeException(e); } }
From source file:ubic.gemma.core.util.XMLUtils.java
public static Document openAndParse(InputStream is) throws IOException, ParserConfigurationException, SAXException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setIgnoringComments(true); // factory.setValidating( true ); DocumentBuilder builder = factory.newDocumentBuilder(); return builder.parse(is); }