Mergejdk-9+179

author: asaha <none@none> 2017-07-13 21:33:35 -0700
committer: asaha <none@none> 2017-07-13 21:33:35 -0700
commit: 4376f06b68b6e8fde6075b97477050903f6ad270 (patch)
tree: 7f61440b953302252027328fe511ecafe9465f50
parent: 26ba683bef256b42e0d912977e4337697ac5d347 (diff)
parent: 80181a7ae0b8eb319636dd83c74e613cfe1c8008 (diff)
download: jdk9_jaxws-4376f06b68b6e8fde6075b97477050903f6ad270.tar.gz
2 files changed, 44 insertions, 25 deletions
diff --git a/src/java.xml.ws/share/classes/com/sun/xml/internal/ws/util/xml/XmlUtil.java b/src/java.xml.ws/share/classes/com/sun/xml/internal/ws/util/xml/XmlUtil.java
index 213b584b..8a63b73c 100644
--- a/src/java.xml.ws/share/classes/com/sun/xml/internal/ws/util/xml/XmlUtil.java
+++ b/src/java.xml.ws/share/classes/com/sun/xml/internal/ws/util/xml/XmlUtil.java
@@ -84,6 +84,14 @@ public class XmlUtil {
     private final static String LEXICAL_HANDLER_PROPERTY =
         "http://xml.org/sax/properties/lexical-handler";
 
+    private static final String DISALLOW_DOCTYPE_DECL = "http://apache.org/xml/features/disallow-doctype-decl";
+
+    private static final String EXTERNAL_GE = "http://xml.org/sax/features/external-general-entities";
+
+    private static final String EXTERNAL_PE = "http://xml.org/sax/features/external-parameter-entities";
+
+    private static final String LOAD_EXTERNAL_DTD = "http://apache.org/xml/features/nonvalidating/load-external-dtd";
+
     private static final Logger LOGGER = Logger.getLogger(XmlUtil.class.getName());
 
     private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.ws.disableXmlSecurity";
@@ -327,10 +335,24 @@ public class XmlUtil {
 
     public static DocumentBuilderFactory newDocumentBuilderFactory(boolean disableSecurity) {
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+        String featureToSet = XMLConstants.FEATURE_SECURE_PROCESSING;
         try {
-            factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !xmlSecurityDisabled(disableSecurity));
+            boolean securityOn = !xmlSecurityDisabled(disableSecurity);
+            factory.setFeature(featureToSet, securityOn);
+            factory.setNamespaceAware(true);
+            if (securityOn) {
+                factory.setExpandEntityReferences(false);
+                featureToSet = DISALLOW_DOCTYPE_DECL;
+                factory.setFeature(featureToSet, true);
+                featureToSet = EXTERNAL_GE;
+                factory.setFeature(featureToSet, false);
+                featureToSet = EXTERNAL_PE;
+                factory.setFeature(featureToSet, false);
+                featureToSet = LOAD_EXTERNAL_DTD;
+                factory.setFeature(featureToSet, false);
+            }
         } catch (ParserConfigurationException e) {
-            LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support secure xml processing!", new Object[] { factory.getClass().getName() } );
+            LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support "+featureToSet+" feature!", new Object[] {factory.getClass().getName()} );
         }
         return factory;
     }
@@ -347,10 +369,23 @@ public class XmlUtil {
 
     public static SAXParserFactory newSAXParserFactory(boolean disableSecurity) {
         SAXParserFactory factory = SAXParserFactory.newInstance();
+        String featureToSet = XMLConstants.FEATURE_SECURE_PROCESSING;
         try {
-            factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !xmlSecurityDisabled(disableSecurity));
+            boolean securityOn = !xmlSecurityDisabled(disableSecurity);
+            factory.setFeature(featureToSet, securityOn);
+            factory.setNamespaceAware(true);
+            if (securityOn) {
+                featureToSet = DISALLOW_DOCTYPE_DECL;
+                factory.setFeature(featureToSet, true);
+                featureToSet = EXTERNAL_GE;
+                factory.setFeature(featureToSet, false);
+                featureToSet = EXTERNAL_PE;
+                factory.setFeature(featureToSet, false);
+                featureToSet = LOAD_EXTERNAL_DTD;
+                factory.setFeature(featureToSet, false);
+            }
         } catch (ParserConfigurationException | SAXNotRecognizedException | SAXNotSupportedException e) {
-            LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support secure xml processing!", new Object[]{factory.getClass().getName()});
+            LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support "+featureToSet+" feature!", new Object[]{factory.getClass().getName()});
         }
         return factory;
     }
diff --git a/src/jdk.xml.ws/share/classes/com/sun/tools/internal/ws/wsdl/parser/DOMForest.java b/src/jdk.xml.ws/share/classes/com/sun/tools/internal/ws/wsdl/parser/DOMForest.java
index e105d2f3..c7d9aeec 100644
--- a/src/jdk.xml.ws/share/classes/com/sun/tools/internal/ws/wsdl/parser/DOMForest.java
+++ b/src/jdk.xml.ws/share/classes/com/sun/tools/internal/ws/wsdl/parser/DOMForest.java
@@ -112,29 +112,13 @@ public class DOMForest {
         this.entityResolver = entityResolver;
         this.errorReceiver = errReceiver;
         this.logic = logic;
+        // secure xml processing can be switched off if input requires it
+        boolean disableXmlSecurity = options == null ? false : options.disableXmlSecurity;
+
+        DocumentBuilderFactory dbf = XmlUtil.newDocumentBuilderFactory(disableXmlSecurity);
+        this.parserFactory = XmlUtil.newSAXParserFactory(disableXmlSecurity);
         try {
-            // secure xml processing can be switched off if input requires it
-            boolean secureProcessingEnabled = options == null || !options.disableXmlSecurity;
-            DocumentBuilderFactory dbf = XmlUtil.newDocumentBuilderFactory(!secureProcessingEnabled);
-            dbf.setNamespaceAware(true);
             this.documentBuilder = dbf.newDocumentBuilder();
-
-            this.parserFactory = XmlUtil.newSAXParserFactory(secureProcessingEnabled);
-            this.parserFactory.setNamespaceAware(true);
-
-            if(secureProcessingEnabled){
-                dbf.setExpandEntityReferences(false);
-                try {
-                parserFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
-                parserFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
-                parserFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
-              } catch (SAXNotRecognizedException e){
-                throw new ParserConfigurationException(e.getMessage());
-              } catch (SAXNotSupportedException e) {
-                throw new ParserConfigurationException(e.getMessage());
-              }
-            }
-
         } catch (ParserConfigurationException e) {
             throw new AssertionError(e);
         }
author	asaha <none@none>	2017-07-13 21:33:35 -0700
committer	asaha <none@none>	2017-07-13 21:33:35 -0700
commit	4376f06b68b6e8fde6075b97477050903f6ad270 (patch)
tree	7f61440b953302252027328fe511ecafe9465f50
parent	26ba683bef256b42e0d912977e4337697ac5d347 (diff)
parent	80181a7ae0b8eb319636dd83c74e613cfe1c8008 (diff)
download	jdk9_jaxws-4376f06b68b6e8fde6075b97477050903f6ad270.tar.gz