List of usage examples for javax.xml XMLConstants FEATURE_SECURE_PROCESSING
String FEATURE_SECURE_PROCESSING
To view the source code for javax.xml XMLConstants FEATURE_SECURE_PROCESSING.
Click Source Link
From source file:mondrian.util.XmlParserFactoryProducer.java
public static SAXReader getSAXReader(final EntityResolver resolver) { SAXReader reader = new SAXReader(); if (resolver != null) { reader.setEntityResolver(resolver); }//from w w w .jav a2 s. c o m try { reader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); } catch (SAXException e) { logger.error("Some parser properties are not supported."); } reader.setIncludeExternalDTDDeclarations(false); reader.setIncludeInternalDTDDeclarations(false); return reader; }
From source file:eu.stork.peps.test.simple.SSETestUtils.java
/** * Marshall./*from w w w . j a va 2 s . c om*/ * * @param samlToken the SAML token * * @return the byte[] * * @throws MarshallingException the marshalling exception * @throws ParserConfigurationException the parser configuration exception * @throws TransformerException the transformer exception */ public static byte[] marshall(final XMLObject samlToken) throws MarshallingException, ParserConfigurationException, TransformerException { final javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance(); dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); dbf.setNamespaceAware(true); dbf.setIgnoringComments(true); final javax.xml.parsers.DocumentBuilder docBuild = dbf.newDocumentBuilder(); // Get the marshaller factory final MarshallerFactory marshallerFactory = Configuration.getMarshallerFactory(); // Get the Subject marshaller final Marshaller marshaller = marshallerFactory.getMarshaller(samlToken); final Document doc = docBuild.newDocument(); // Marshall the SAML token marshaller.marshall(samlToken, doc); // Obtain a byte array representation of the marshalled SAML object final DOMSource domSource = new DOMSource(doc); final StringWriter writer = new StringWriter(); final StreamResult result = new StreamResult(writer); final TransformerFactory transFact = TransformerFactory.newInstance(); final Transformer transformer = transFact.newTransformer(); transformer.transform(domSource, result); return writer.toString().getBytes(); }
From source file:eu.eidas.engine.test.simple.SSETestUtils.java
/** * Marshall.//from w w w . ja v a2s . c om * * @param samlToken the SAML token * * @return the byte[] * * @throws MarshallingException the marshalling exception * @throws ParserConfigurationException the parser configuration exception * @throws TransformerException the transformer exception */ public static byte[] marshall(final XMLObject samlToken) throws MarshallingException, ParserConfigurationException, TransformerException { final javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance(); dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); dbf.setNamespaceAware(true); dbf.setIgnoringComments(true); final javax.xml.parsers.DocumentBuilder docBuild = dbf.newDocumentBuilder(); // Get the marshaller factory final MarshallerFactory marshallerFactory = Configuration.getMarshallerFactory(); // Get the Subject marshaller final Marshaller marshaller = marshallerFactory.getMarshaller(samlToken); final Document doc = docBuild.newDocument(); // Marshall the SAML token marshaller.marshall(samlToken, doc); // Obtain a byte array representation of the marshalled SAML object final DOMSource domSource = new DOMSource(doc); ByteArrayOutputStream baos = new ByteArrayOutputStream(); final StreamResult result = new StreamResult(new OutputStreamWriter(baos, Constants.UTF8)); final TransformerFactory transFact = TransformerFactory.newInstance(); final Transformer transformer = transFact.newTransformer(); transformer.transform(domSource, result); return baos.toByteArray(); }
From source file:Main.java
/** * Constructs a secure SAX Parser./*from ww w .j a v a 2 s . co m*/ * * @return a SAX Parser * @throws ParserConfigurationException thrown if there is a parser * configuration exception * @throws SAXNotRecognizedException thrown if there is an unrecognized * feature * @throws SAXNotSupportedException thrown if there is a non-supported * feature * @throws SAXException is thrown if there is a SAXException */ public static SAXParser buildSecureSaxParser() throws ParserConfigurationException, SAXNotRecognizedException, SAXNotSupportedException, SAXException { final SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); return factory.newSAXParser(); }
From source file:eu.eidas.configuration.ConfigurationReader.java
/** * Read configuration.// www .j a va2s. co m * * @return the map< string, instance engine> * * @throws SAMLEngineException the EIDASSAML engine runtime * exception */ public static Map<String, InstanceEngine> readConfiguration() throws SAMLEngineException { LOGGER.debug("Init reader: " + ENGINE_CONF_FILE); final Map<String, InstanceEngine> instanceConfs = new HashMap<String, InstanceEngine>(); Document document = null; // Load configuration file final DocumentBuilderFactory factory = EIDASSAMLEngine.newDocumentBuilderFactory(); DocumentBuilder builder; InputStream engineConf = null; try { factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); builder = factory.newDocumentBuilder(); engineConf = ConfigurationReader.class.getResourceAsStream("/" + ENGINE_CONF_FILE); document = builder.parse(engineConf); // Read instance final NodeList list = document.getElementsByTagName(NODE_INSTANCE); for (int indexElem = 0; indexElem < list.getLength(); ++indexElem) { final Element element = (Element) list.item(indexElem); final InstanceEngine instanceConf = new InstanceEngine(); // read every configuration. final String instanceName = element.getAttribute(NODE_INST_NAME); if (StringUtils.isBlank(instanceName)) { throw new EIDASSAMLEngineRuntimeException("Error reader instance name."); } instanceConf.setName(instanceName.trim()); final NodeList confNodes = element.getElementsByTagName(NODE_CONF); for (int indexNode = 0; indexNode < confNodes.getLength(); ++indexNode) { final Element configurationNode = (Element) confNodes.item(indexNode); final String configurationName = configurationNode.getAttribute(NODE_CONF_NAME); if (StringUtils.isBlank(configurationName)) { throw new EIDASSAMLEngineRuntimeException("Error reader configuration name."); } final ConfigurationEngine confSamlEngine = new ConfigurationEngine(); // Set configuration name. confSamlEngine.setName(configurationName.trim()); // Read every parameter for this configuration. final Map<String, String> parameters = generateParam(configurationNode); // Set parameters confSamlEngine.setParameters(parameters); // Add parameters to the configuration. instanceConf.getConfiguration().add(confSamlEngine); } // Add to the list of configurations. instanceConfs.put(element.getAttribute(NODE_INST_NAME), instanceConf); } } catch (SAXException e) { LOGGER.warn("ERROR : init library parser.", e.getMessage()); LOGGER.debug("ERROR : init library parser.", e); throw new SAMLEngineException(e); } catch (ParserConfigurationException e) { LOGGER.warn("ERROR : parser configuration file xml."); LOGGER.debug("ERROR : parser configuration file xml.", e); throw new SAMLEngineException(e); } catch (IOException e) { LOGGER.warn("ERROR : read configuration file.", e.getMessage()); LOGGER.debug("ERROR : read configuration file.", e); throw new SAMLEngineException(e); } finally { IOUtils.closeQuietly(engineConf); } return instanceConfs; }
From source file:eu.stork.peps.configuration.ConfigurationReader.java
/** * Read configuration./*w w w . j a va 2s.c om*/ * * @return the map< string, instance engine> * * @throws SAMLEngineException the STORKSAML engine runtime * exception */ public static Map<String, InstanceEngine> readConfiguration() throws SAMLEngineException { // fetch base from system properties, give a default if there is nothing configured String base = System.getProperty("eu.stork.samlengine.config.location"); if (null != base) if (!base.endsWith("/")) base += "/"; LOGGER.info("Init reader: " + base + ENGINE_CONF_FILE); final Map<String, InstanceEngine> instanceConfs = new HashMap<String, InstanceEngine>(); Document document = null; // Load configuration file final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilder builder; InputStream engineConf = null; try { factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); builder = factory.newDocumentBuilder(); if (null != base) engineConf = new FileInputStream(base + ENGINE_CONF_FILE); else engineConf = ConfigurationReader.class.getResourceAsStream("/" + ENGINE_CONF_FILE); document = builder.parse(engineConf); // Read instance final NodeList list = document.getElementsByTagName(NODE_INSTANCE); for (int indexElem = 0; indexElem < list.getLength(); ++indexElem) { final Element element = (Element) list.item(indexElem); final InstanceEngine instanceConf = new InstanceEngine(); // read every configuration. final String instanceName = element.getAttribute(NODE_INST_NAME); if (StringUtils.isBlank(instanceName)) { throw new STORKSAMLEngineRuntimeException("Error reader instance name."); } instanceConf.setName(instanceName.trim()); final NodeList confNodes = element.getElementsByTagName(NODE_CONF); for (int indexNode = 0; indexNode < confNodes.getLength(); ++indexNode) { final Element configurationNode = (Element) confNodes.item(indexNode); final String configurationName = configurationNode.getAttribute(NODE_CONF_NAME); if (StringUtils.isBlank(configurationName)) { throw new STORKSAMLEngineRuntimeException("Error reader configuration name."); } final ConfigurationEngine confSamlEngine = new ConfigurationEngine(); // Set configuration name. confSamlEngine.setName(configurationName.trim()); // Read every parameter for this configuration. final Map<String, String> parameters = generateParam(configurationNode); // Set parameters confSamlEngine.setParameters(parameters); // Add parameters to the configuration. instanceConf.getConfiguration().add(confSamlEngine); } // Add to the list of configurations. instanceConfs.put(element.getAttribute(NODE_INST_NAME), instanceConf); } } catch (SAXException e) { LOGGER.error("Error: init library parser."); throw new SAMLEngineException(e); } catch (ParserConfigurationException e) { LOGGER.error("Error: parser configuration file xml."); throw new SAMLEngineException(e); } catch (IOException e) { LOGGER.error("Error: read configuration file."); throw new SAMLEngineException(e); } finally { IOUtils.closeQuietly(engineConf); } return instanceConfs; }
From source file:com.bcmcgroup.flare.client.ClientUtil.java
/** * Convert a Document into a String/* w w w. j a va2 s . com*/ * * @param document the Document to be converted to String * @param omitXmlDeclaration set to true if you'd like to omit the XML declaration, false otherwise * @return the String converted from a Document * */ public static String convertDocumentToString(Document document, boolean omitXmlDeclaration) { try { StringWriter stringWriter = new StringWriter(); TransformerFactory transformerFactory = TransformerFactory.newInstance(); transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); Transformer transformer = transformerFactory.newTransformer(); if (omitXmlDeclaration) { transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); } else { transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "no"); } transformer.setOutputProperty(OutputKeys.METHOD, "xml"); transformer.setOutputProperty(OutputKeys.INDENT, "no"); transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); transformer.transform(new DOMSource(document), new StreamResult(stringWriter)); return stringWriter.toString(); } catch (TransformerException e) { logger.error("Transformer Exception when attempting to convert a document to a string. "); } return null; }
From source file:jeeves.utils.Xml.java
private static SAXBuilder getSAXBuilderWithoutXMLResolver(boolean validate) { SAXBuilder builder = new JeevesSAXBuilder(validate); //SAXBuilder builder = new SAXBuilder(validate); builder.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); return builder; }
From source file:com.dgwave.osrs.OsrsClient.java
private void initJaxb() throws OsrsException { if (jc != null && oj != null) return;/*from www. j a v a2 s . com*/ try { this.jc = JAXBContext.newInstance("com.dgwave.osrs.jaxb"); this.oj = new ObjectFactory(); SAXParserFactory spf = SAXParserFactory.newInstance(); spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); spf.setNamespaceAware(true); spf.setValidating(false); xmlReader = spf.newSAXParser().getXMLReader(); xmlReader.setEntityResolver(new EntityResolver() { @Override public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException { logger.debug("Ignoring DTD"); return new InputSource(new StringReader("")); } }); } catch (Exception e) { throw new OsrsException("JAXB Error", e); } }
From source file:com.bcmcgroup.flare.client.ClientUtil.java
/** * Constructs a DocumentBuilder object for XML documents * * @return DocumentBuilder object with the proper initializations *///ww w .j a va2 s. c o m public static DocumentBuilder generateDocumentBuilder() { try { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); dbf.setIgnoringElementContentWhitespace(true); dbf.setIgnoringComments(true); dbf.setFeature("http://xml.org/sax/features/external-general-entities", false); dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false); dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); return dbf.newDocumentBuilder(); } catch (ParserConfigurationException e) { logger.error("ParserConfigurationException when attempting to generate a document builder."); } return null; }