Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 3fac6a1dd -> 00646355e
Set secure processing feature on all TransformerFactories Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/00646355 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/00646355 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/00646355 Branch: refs/heads/3.1.x-fixes Commit: 00646355eeda1f09d0f92a094d1275870c52a8a7 Parents: 3fac6a1 Author: Colm O hEigeartaigh <[email protected]> Authored: Wed Apr 6 12:05:54 2016 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Wed Apr 6 12:06:25 2016 +0100 ---------------------------------------------------------------------- .../org/apache/cxf/profile/FastInfosetExperiment.java | 1 + .../cxf/feature/transform/AbstractXSLTInterceptor.java | 12 ++++++++++-- .../java/org/apache/cxf/staxutils/StaxUtilsTest.java | 11 +++++++---- .../demo/colocated/client/DispatchSourceClient.java | 4 +++- .../server/GreeterDOMSourcePayloadProvider.java | 4 +++- .../src/main/java/demo/hw/client/Get.java | 4 +++- .../src/main/java/demo/restful/client/Client.java | 4 +++- .../org/apache/cxf/jaxrs/impl/ResponseImplTest.java | 6 ++++-- .../apache/cxf/jaxrs/provider/SourceProviderTest.java | 5 +++-- .../cxf/jaxws/handler/HandlerChainInvokerTest.java | 4 +++- .../org/apache/cxf/javascript/JsXMLHttpRequest.java | 6 ++++-- .../org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java | 9 ++++++--- .../cxf/systest/handlers/HandlerInvocationTest.java | 4 ++-- .../systest/provider/AbstractSourcePayloadProvider.java | 4 +++- .../systest/provider/HWSAXSourcePayloadProvider.java | 4 +++- .../systest/provider/HWStreamSourcePayloadProvider.java | 4 +++- .../apache/cxf/systest/provider/TestLogicalHandler.java | 4 +++- .../provider/datasource/DataSourceProviderTest.java | 8 +++++--- .../java/org/apache/cxf/systest/ws/rm/SequenceTest.java | 7 ++++--- .../cxf/systest/ws/security/WSSecurityClientTest.java | 9 +++++---- .../jaxwsmm/MessageProviderWithAddressingPolicy.java | 5 +++-- .../tools/common/toolspec/parser/CommandLineParser.java | 4 +++- 22 files changed, 84 insertions(+), 39 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/benchmark/profiling/src/main/java/org/apache/cxf/profile/FastInfosetExperiment.java ---------------------------------------------------------------------- diff --git a/benchmark/profiling/src/main/java/org/apache/cxf/profile/FastInfosetExperiment.java b/benchmark/profiling/src/main/java/org/apache/cxf/profile/FastInfosetExperiment.java index 23ee83e..4c35e21 100644 --- a/benchmark/profiling/src/main/java/org/apache/cxf/profile/FastInfosetExperiment.java +++ b/benchmark/profiling/src/main/java/org/apache/cxf/profile/FastInfosetExperiment.java @@ -64,6 +64,7 @@ public class FastInfosetExperiment { private FastInfosetExperiment() throws ParserConfigurationException { documentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); fiFile = new File("fiTest.fixml"); } http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/core/src/main/java/org/apache/cxf/feature/transform/AbstractXSLTInterceptor.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/feature/transform/AbstractXSLTInterceptor.java b/core/src/main/java/org/apache/cxf/feature/transform/AbstractXSLTInterceptor.java index b18ffcf..4259220 100644 --- a/core/src/main/java/org/apache/cxf/feature/transform/AbstractXSLTInterceptor.java +++ b/core/src/main/java/org/apache/cxf/feature/transform/AbstractXSLTInterceptor.java @@ -41,7 +41,15 @@ import org.apache.cxf.staxutils.StaxUtils; * Creates an XMLStreamReader from the InputStream on the Message. */ public abstract class AbstractXSLTInterceptor extends AbstractPhaseInterceptor<Message> { - private static final TransformerFactory TRANSFORM_FACTORIY = TransformerFactory.newInstance(); + private static final TransformerFactory TRANSFORM_FACTORY = TransformerFactory.newInstance(); + + static { + try { + TRANSFORM_FACTORY.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + } catch (javax.xml.transform.TransformerConfigurationException ex) { + // + } + } private String contextPropertyName; private final Templates xsltTemplate; @@ -61,7 +69,7 @@ public abstract class AbstractXSLTInterceptor extends AbstractPhaseInterceptor<M throw new IllegalArgumentException("Cannot load XSLT from path: " + xsltPath); } Document doc = StaxUtils.read(xsltStream); - xsltTemplate = TRANSFORM_FACTORIY.newTemplates(new DOMSource(doc)); + xsltTemplate = TRANSFORM_FACTORY.newTemplates(new DOMSource(doc)); } catch (TransformerConfigurationException e) { throw new IllegalArgumentException( String.format("Cannot create XSLT template from path: %s, error: ", http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/core/src/test/java/org/apache/cxf/staxutils/StaxUtilsTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/cxf/staxutils/StaxUtilsTest.java b/core/src/test/java/org/apache/cxf/staxutils/StaxUtilsTest.java index 8f680f7..818d262 100644 --- a/core/src/test/java/org/apache/cxf/staxutils/StaxUtilsTest.java +++ b/core/src/test/java/org/apache/cxf/staxutils/StaxUtilsTest.java @@ -314,8 +314,9 @@ public class StaxUtilsTest extends Assert { XMLStreamReader reader = StaxUtils.createXMLStreamReader(source); XMLStreamWriter writer = StaxUtils.createXMLStreamWriter(baos); StaxSource staxSource = new StaxSource(reader); - TransformerFactory trf = TransformerFactory.newInstance(); - Transformer transformer = trf.newTransformer(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer transformer = transformerFactory.newTransformer(); transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); transformer.transform(staxSource, new StreamResult(baos)); writer.flush(); @@ -332,9 +333,10 @@ public class StaxUtilsTest extends Assert { XMLStreamReader reader = StaxUtils.createXMLStreamReader(stringReader); XMLStreamWriter writer = StaxUtils.createXMLStreamWriter(baos); StaxSource staxSource = new StaxSource(reader); - TransformerFactory trf = TransformerFactory.newInstance(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); Document doc = StaxUtils.read(getTestStream("./resources/copy.xsl")); - Transformer transformer = trf.newTransformer(new DOMSource(doc)); + Transformer transformer = transformerFactory.newTransformer(new DOMSource(doc)); //System.out.println("Used transformer: " + transformer.getClass().getName()); transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); transformer.transform(staxSource, new StreamResult(baos)); @@ -349,6 +351,7 @@ public class StaxUtilsTest extends Assert { try { trf = TransformerFactory .newInstance("com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl", null); + trf.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); ByteArrayOutputStream baos = new ByteArrayOutputStream(); String xml = "<root xmlns=\"urn:org.apache.cxf:test\">Text</root>"; StringReader stringReader = new StringReader(xml); http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/distribution/src/main/release/samples/in_jvm_transport/src/main/java/demo/colocated/client/DispatchSourceClient.java ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/in_jvm_transport/src/main/java/demo/colocated/client/DispatchSourceClient.java b/distribution/src/main/release/samples/in_jvm_transport/src/main/java/demo/colocated/client/DispatchSourceClient.java index 8b728eb..181b931 100755 --- a/distribution/src/main/release/samples/in_jvm_transport/src/main/java/demo/colocated/client/DispatchSourceClient.java +++ b/distribution/src/main/release/samples/in_jvm_transport/src/main/java/demo/colocated/client/DispatchSourceClient.java @@ -111,7 +111,9 @@ public final class DispatchSourceClient { } private static String decodeSource(Source source, String uri, String name) throws Exception { - Transformer transformer = TransformerFactory.newInstance().newTransformer(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer transformer = transformerFactory.newTransformer(); ContentHandler handler = new ContentHandler(uri, name); transformer.transform(source, new SAXResult(handler)); return handler.getValue(); http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/distribution/src/main/release/samples/jaxws_dispatch_provider/src/main/java/demo/hwDispatch/server/GreeterDOMSourcePayloadProvider.java ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/jaxws_dispatch_provider/src/main/java/demo/hwDispatch/server/GreeterDOMSourcePayloadProvider.java b/distribution/src/main/release/samples/jaxws_dispatch_provider/src/main/java/demo/hwDispatch/server/GreeterDOMSourcePayloadProvider.java index 1383491..5d6ba88 100644 --- a/distribution/src/main/release/samples/jaxws_dispatch_provider/src/main/java/demo/hwDispatch/server/GreeterDOMSourcePayloadProvider.java +++ b/distribution/src/main/release/samples/jaxws_dispatch_provider/src/main/java/demo/hwDispatch/server/GreeterDOMSourcePayloadProvider.java @@ -41,7 +41,9 @@ public class GreeterDOMSourcePayloadProvider implements Provider<DOMSource> { DOMSource response = new DOMSource(); try { System.out.println("Incoming Client Request as a DOMSource data in PAYLOAD Mode"); - Transformer transformer = TransformerFactory.newInstance().newTransformer(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer transformer = transformerFactory.newTransformer(); StreamResult result = new StreamResult(System.out); transformer.transform(request, result); System.out.println("\n"); http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/distribution/src/main/release/samples/js_browser_client_simple/src/main/java/demo/hw/client/Get.java ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/js_browser_client_simple/src/main/java/demo/hw/client/Get.java b/distribution/src/main/release/samples/js_browser_client_simple/src/main/java/demo/hw/client/Get.java index 85b83d0..92f04c4 100644 --- a/distribution/src/main/release/samples/js_browser_client_simple/src/main/java/demo/hw/client/Get.java +++ b/distribution/src/main/release/samples/js_browser_client_simple/src/main/java/demo/hw/client/Get.java @@ -99,7 +99,9 @@ public final class Get { try { ByteArrayOutputStream bos = new ByteArrayOutputStream(); StreamResult sr = new StreamResult(bos); - Transformer trans = TransformerFactory.newInstance().newTransformer(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer transformer = transformerFactory.newTransformer(); Properties oprops = new Properties(); oprops.put(OutputKeys.OMIT_XML_DECLARATION, "yes"); trans.setOutputProperties(oprops); http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/distribution/src/main/release/samples/restful_dispatch/src/main/java/demo/restful/client/Client.java ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/restful_dispatch/src/main/java/demo/restful/client/Client.java b/distribution/src/main/release/samples/restful_dispatch/src/main/java/demo/restful/client/Client.java index 60bcb56..7f99764 100644 --- a/distribution/src/main/release/samples/restful_dispatch/src/main/java/demo/restful/client/Client.java +++ b/distribution/src/main/release/samples/restful_dispatch/src/main/java/demo/restful/client/Client.java @@ -92,7 +92,9 @@ public final class Client { try { ByteArrayOutputStream bos = new ByteArrayOutputStream(); StreamResult sr = new StreamResult(bos); - Transformer trans = TransformerFactory.newInstance().newTransformer(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer transformer = transformerFactory.newTransformer(); Properties oprops = new Properties(); oprops.put(OutputKeys.OMIT_XML_DECLARATION, "yes"); trans.setOutputProperties(oprops); http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/ResponseImplTest.java ---------------------------------------------------------------------- diff --git a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/ResponseImplTest.java b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/ResponseImplTest.java index d409072..72d90d5 100644 --- a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/ResponseImplTest.java +++ b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/ResponseImplTest.java @@ -89,9 +89,11 @@ public class ResponseImplTest extends Assert { public void testReadBufferedStaxSource() throws Exception { ResponseImpl r = new ResponseImpl(200); Source responseSource = readResponseSource(r); - Transformer trans = TransformerFactory.newInstance().newTransformer(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer transformer = transformerFactory.newTransformer(); DOMResult res = new DOMResult(); - trans.transform(responseSource, res); + transformer.transform(responseSource, res); Document doc = (Document)res.getNode(); assertEquals("Response", doc.getDocumentElement().getLocalName()); } http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/SourceProviderTest.java ---------------------------------------------------------------------- diff --git a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/SourceProviderTest.java b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/SourceProviderTest.java index aab4cae..f881cf0 100644 --- a/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/SourceProviderTest.java +++ b/rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/provider/SourceProviderTest.java @@ -100,8 +100,9 @@ public class SourceProviderTest extends Assert { Source source = p.readFrom(Source.class, null, null, null, null, is); ByteArrayOutputStream bos = new ByteArrayOutputStream(); - TransformerFactory.newInstance().newTransformer() - .transform(source, new StreamResult(bos)); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + transformerFactory.newTransformer().transform(source, new StreamResult(bos)); assertTrue(bos.toString().contains("test2")); } http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/handler/HandlerChainInvokerTest.java ---------------------------------------------------------------------- diff --git a/rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/handler/HandlerChainInvokerTest.java b/rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/handler/HandlerChainInvokerTest.java index 3080ebc..99082ef 100644 --- a/rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/handler/HandlerChainInvokerTest.java +++ b/rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/handler/HandlerChainInvokerTest.java @@ -999,7 +999,9 @@ public class HandlerChainInvokerTest extends Assert { String result = ""; try { - Transformer transformer = TransformerFactory.newInstance().newTransformer(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer transformer = transformerFactory.newTransformer(); transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); transformer.setOutputProperty(OutputKeys.METHOD, "xml"); OutputStream out = new ByteArrayOutputStream(); http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/rt/javascript/javascript-tests/src/test/java/org/apache/cxf/javascript/JsXMLHttpRequest.java ---------------------------------------------------------------------- diff --git a/rt/javascript/javascript-tests/src/test/java/org/apache/cxf/javascript/JsXMLHttpRequest.java b/rt/javascript/javascript-tests/src/test/java/org/apache/cxf/javascript/JsXMLHttpRequest.java index ec1b5df..219c819 100644 --- a/rt/javascript/javascript-tests/src/test/java/org/apache/cxf/javascript/JsXMLHttpRequest.java +++ b/rt/javascript/javascript-tests/src/test/java/org/apache/cxf/javascript/JsXMLHttpRequest.java @@ -456,7 +456,9 @@ public class JsXMLHttpRequest extends ScriptableObject { StreamResult result = new StreamResult(baos); DOMSource source = new DOMSource(node); try { - TransformerFactory.newInstance().newTransformer().transform(source, result); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + transformerFactory.newTransformer().transform(source, result); } catch (TransformerConfigurationException e) { throw new RuntimeException(e); } catch (TransformerException e) { @@ -672,4 +674,4 @@ public class JsXMLHttpRequest extends ScriptableObject { return doGetStatusText(); } } - \ No newline at end of file + http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java ---------------------------------------------------------------------- diff --git a/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java b/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java index 1d2e75b..a110e3c 100644 --- a/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java +++ b/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/model/wadl/WadlGenerator.java @@ -1227,14 +1227,17 @@ public class WadlGenerator implements ContainerRequestFilter { DOMSource domSource = new DOMSource(wadlDoc); // temporary workaround StringWriter stringWriter = new StringWriter(); - TransformerFactory tFactory = TransformerFactory.newInstance(); - Transformer transformer = tFactory.newTransformer(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer transformer = transformerFactory.newTransformer(); transformer.transform(domSource, new StreamResult(stringWriter)); return stringWriter.toString(); } private String transformLocally(Message m, UriInfo ui, Source source) throws Exception { InputStream is = ResourceUtils.getResourceStream(stylesheetReference, m.getExchange().getBus()); - Transformer t = TransformerFactory.newInstance().newTemplates(new StreamSource(is)).newTransformer(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer t = transformerFactory.newTemplates(new StreamSource(is)).newTransformer(); t.setParameter("base.path", (String)m.get("http.base.path")); StringWriter stringWriter = new StringWriter(); t.transform(source, new StreamResult(stringWriter)); http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/systests/jaxws/src/test/java/org/apache/cxf/systest/handlers/HandlerInvocationTest.java ---------------------------------------------------------------------- diff --git a/systests/jaxws/src/test/java/org/apache/cxf/systest/handlers/HandlerInvocationTest.java b/systests/jaxws/src/test/java/org/apache/cxf/systest/handlers/HandlerInvocationTest.java index 369f052..2b922c9 100644 --- a/systests/jaxws/src/test/java/org/apache/cxf/systest/handlers/HandlerInvocationTest.java +++ b/systests/jaxws/src/test/java/org/apache/cxf/systest/handlers/HandlerInvocationTest.java @@ -1011,8 +1011,8 @@ public class HandlerInvocationTest extends AbstractBusClientServerTestBase { throws TransformerException { StringWriter stringWriter = new StringWriter(); StreamResult streamResult = new StreamResult(stringWriter); - TransformerFactory transformerFactory = - TransformerFactory.newInstance(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); Transformer transformer = transformerFactory.newTransformer(); transformer.setOutputProperty(OutputKeys.INDENT, "no"); transformer.setOutputProperty( http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/AbstractSourcePayloadProvider.java ---------------------------------------------------------------------- diff --git a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/AbstractSourcePayloadProvider.java b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/AbstractSourcePayloadProvider.java index 4060b69..d6842d0 100644 --- a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/AbstractSourcePayloadProvider.java +++ b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/AbstractSourcePayloadProvider.java @@ -117,7 +117,9 @@ public abstract class AbstractSourcePayloadProvider implements SourceProvider { public static String getSourceAsString(Source s) throws Exception { try { - Transformer transformer = TransformerFactory.newInstance().newTransformer(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer transformer = transformerFactory.newTransformer(); transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); transformer.setOutputProperty(OutputKeys.METHOD, "xml"); Writer out = new StringWriter(); http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWSAXSourcePayloadProvider.java ---------------------------------------------------------------------- diff --git a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWSAXSourcePayloadProvider.java b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWSAXSourcePayloadProvider.java index 0f16067..01b151c 100644 --- a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWSAXSourcePayloadProvider.java +++ b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWSAXSourcePayloadProvider.java @@ -92,7 +92,9 @@ public class HWSAXSourcePayloadProvider implements Provider<SAXSource> { try { DOMResult domResult = new DOMResult(); - Transformer transformer = TransformerFactory.newInstance().newTransformer(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer transformer = transformerFactory.newTransformer(); transformer.transform(request, domResult); Node n = domResult.getNode().getFirstChild(); http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWStreamSourcePayloadProvider.java ---------------------------------------------------------------------- diff --git a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWStreamSourcePayloadProvider.java b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWStreamSourcePayloadProvider.java index bebef77..ee1cff1 100644 --- a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWStreamSourcePayloadProvider.java +++ b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/HWStreamSourcePayloadProvider.java @@ -91,7 +91,9 @@ public class HWStreamSourcePayloadProvider implements Provider<StreamSource> { StreamSource response = new StreamSource(); try { DOMResult domResult = new DOMResult(); - Transformer transformer = TransformerFactory.newInstance().newTransformer(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer transformer = transformerFactory.newTransformer(); transformer.transform(request, domResult); Node n = domResult.getNode().getFirstChild(); http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/TestLogicalHandler.java ---------------------------------------------------------------------- diff --git a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/TestLogicalHandler.java b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/TestLogicalHandler.java index 9789cc2..11141ce 100644 --- a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/TestLogicalHandler.java +++ b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/TestLogicalHandler.java @@ -70,7 +70,9 @@ public class TestLogicalHandler implements LogicalHandler<LogicalMessageContext> } public static String getSourceAsString(Source s) throws Exception { - Transformer transformer = TransformerFactory.newInstance().newTransformer(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer transformer = transformerFactory.newTransformer(); transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); transformer.setOutputProperty(OutputKeys.METHOD, "xml"); Writer out = new StringWriter(); http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/datasource/DataSourceProviderTest.java ---------------------------------------------------------------------- diff --git a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/datasource/DataSourceProviderTest.java b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/datasource/DataSourceProviderTest.java index de3d0e3..792fa8e 100644 --- a/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/datasource/DataSourceProviderTest.java +++ b/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/datasource/DataSourceProviderTest.java @@ -104,11 +104,13 @@ public class DataSourceProviderTest extends AbstractBusClientServerTestBase { try { ByteArrayOutputStream bos = new ByteArrayOutputStream(); StreamResult sr = new StreamResult(bos); - Transformer trans = TransformerFactory.newInstance().newTransformer(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer transformer = transformerFactory.newTransformer(); Properties oprops = new Properties(); oprops.put(OutputKeys.OMIT_XML_DECLARATION, "yes"); - trans.setOutputProperties(oprops); - trans.transform(source, sr); + transformer.setOutputProperties(oprops); + transformer.transform(source, sr); assertEquals(bos.toString(), "<doc><response>Hello</response></doc>"); bos.close(); } catch (Exception e) { http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/systests/ws-rm/src/test/java/org/apache/cxf/systest/ws/rm/SequenceTest.java ---------------------------------------------------------------------- diff --git a/systests/ws-rm/src/test/java/org/apache/cxf/systest/ws/rm/SequenceTest.java b/systests/ws-rm/src/test/java/org/apache/cxf/systest/ws/rm/SequenceTest.java index 346a0f6..fbd3239 100644 --- a/systests/ws-rm/src/test/java/org/apache/cxf/systest/ws/rm/SequenceTest.java +++ b/systests/ws-rm/src/test/java/org/apache/cxf/systest/ws/rm/SequenceTest.java @@ -1660,10 +1660,11 @@ public class SequenceTest extends AbstractBusClientServerTestBase { private static String convertToString(DOMSource domSource) throws TransformerException { - Transformer xformer = - TransformerFactory.newInstance().newTransformer(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer transformer = transformerFactory.newTransformer(); StringWriter output = new StringWriter(); - xformer.transform(domSource, new StreamResult(output)); + transformer.transform(domSource, new StreamResult(output)); return output.toString(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java index b738986..3e21958 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java @@ -402,12 +402,13 @@ public class WSSecurityClientTest extends AbstractBusClientServerTestBase { private static String source2String(Source source) throws Exception { final java.io.ByteArrayOutputStream bos = new java.io.ByteArrayOutputStream(); final StreamResult sr = new StreamResult(bos); - final Transformer trans = - TransformerFactory.newInstance().newTransformer(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer transformer = transformerFactory.newTransformer(); final java.util.Properties oprops = new java.util.Properties(); oprops.put(OutputKeys.OMIT_XML_DECLARATION, "yes"); - trans.setOutputProperties(oprops); - trans.transform(source, sr); + transformer.setOutputProperties(oprops); + transformer.transform(source, sr); return bos.toString(); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/addr_wsdl/jaxwsmm/MessageProviderWithAddressingPolicy.java ---------------------------------------------------------------------- diff --git a/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/addr_wsdl/jaxwsmm/MessageProviderWithAddressingPolicy.java b/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/addr_wsdl/jaxwsmm/MessageProviderWithAddressingPolicy.java index 9b3975a..d8f0ed1 100644 --- a/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/addr_wsdl/jaxwsmm/MessageProviderWithAddressingPolicy.java +++ b/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/addr_wsdl/jaxwsmm/MessageProviderWithAddressingPolicy.java @@ -51,12 +51,13 @@ public class MessageProviderWithAddressingPolicy implements Provider<Source> { } public Source invoke(Source request) { - TransformerFactory tfactory = TransformerFactory.newInstance(); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); try { + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); /* tfactory.setAttribute("indent-number", "2"); */ - Transformer serializer = tfactory.newTransformer(); + Transformer serializer = transformerFactory.newTransformer(); // Setup indenting to "pretty print" serializer.setOutputProperty(OutputKeys.INDENT, "yes"); serializer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount";, "2"); http://git-wip-us.apache.org/repos/asf/cxf/blob/00646355/tools/common/src/main/java/org/apache/cxf/tools/common/toolspec/parser/CommandLineParser.java ---------------------------------------------------------------------- diff --git a/tools/common/src/main/java/org/apache/cxf/tools/common/toolspec/parser/CommandLineParser.java b/tools/common/src/main/java/org/apache/cxf/tools/common/toolspec/parser/CommandLineParser.java index 852b76d..7da11ef 100644 --- a/tools/common/src/main/java/org/apache/cxf/tools/common/toolspec/parser/CommandLineParser.java +++ b/tools/common/src/main/java/org/apache/cxf/tools/common/toolspec/parser/CommandLineParser.java @@ -178,7 +178,9 @@ public class CommandLineParser { // output the result document if (LOG.isLoggable(Level.FINE)) { try { - Transformer serializer = TransformerFactory.newInstance() + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); + Transformer serializer = transformerFactory.newInstance() .newTransformer( new StreamSource(Tool.class .getResourceAsStream("indent-no-xml-declaration.xsl")));
