List of usage examples for javax.xml XMLConstants ACCESS_EXTERNAL_SCHEMA
String ACCESS_EXTERNAL_SCHEMA
To view the source code for javax.xml XMLConstants ACCESS_EXTERNAL_SCHEMA.
Click Source Link
Property: accessExternalSchema
Restrict access to the protocols specified for external reference set by the schemaLocation attribute, Import and Include element.
From source file:ca.uhn.fhir.validation.SchemaBaseValidator.java
private void doValidate(IValidationContext<?> theContext, String schemaName) { Schema schema = loadSchema("dstu", schemaName); try {/*from www . j a v a 2 s . c o m*/ Validator validator = schema.newValidator(); MyErrorHandler handler = new MyErrorHandler(theContext); validator.setErrorHandler(handler); String encodedResource; if (theContext.getResourceAsStringEncoding() == EncodingEnum.XML) { encodedResource = theContext.getResourceAsString(); } else { encodedResource = theContext.getFhirContext().newXmlParser() .encodeResourceToString((IBaseResource) theContext.getResource()); } try { /* * See https://github.com/jamesagnew/hapi-fhir/issues/339 * https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing */ validator.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); validator.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); } catch (SAXNotRecognizedException ex) { ourLog.warn("Jaxp 1.5 Support not found.", ex); } validator.validate(new StreamSource(new StringReader(encodedResource))); } catch (SAXParseException e) { SingleValidationMessage message = new SingleValidationMessage(); message.setLocationLine(e.getLineNumber()); message.setLocationCol(e.getColumnNumber()); message.setMessage(e.getLocalizedMessage()); message.setSeverity(ResultSeverityEnum.FATAL); theContext.addValidationMessage(message); } catch (SAXException e) { // Catch all throw new ConfigurationException("Could not load/parse schema file", e); } catch (IOException e) { // Catch all throw new ConfigurationException("Could not load/parse schema file", e); } }