[cxf] branch master updated: Deleting SchemaValidatingSAXParser + setting secure processing on the tuned document loader

Thu, 15 Nov 2018 07:03:03 -0800 

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/master by this push:
     new ced8157  Deleting SchemaValidatingSAXParser + setting secure 
processing on the tuned document loader
ced8157 is described below

commit ced81577a753b150e7afab30e3ddaeb44659221f
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Thu Nov 15 15:01:28 2018 +0000

    Deleting SchemaValidatingSAXParser + setting secure processing on the tuned 
document loader
---
 .../apache/cxf/bus/spring/TunedDocumentLoader.java |  3 +
 .../common/dom/SchemaValidatingSAXParser.java      | 84 ----------------------
 .../common/dom/SchemaValidatingSAXParserTest.java  | 32 ---------
 3 files changed, 3 insertions(+), 116 deletions(-)

diff --git 
a/core/src/main/java/org/apache/cxf/bus/spring/TunedDocumentLoader.java 
b/core/src/main/java/org/apache/cxf/bus/spring/TunedDocumentLoader.java
index 47dcd72..8951d4c 100644
--- a/core/src/main/java/org/apache/cxf/bus/spring/TunedDocumentLoader.java
+++ b/core/src/main/java/org/apache/cxf/bus/spring/TunedDocumentLoader.java
@@ -25,6 +25,7 @@ import java.io.InputStream;
 import java.net.URL;
 import java.util.logging.Logger;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.parsers.SAXParser;
@@ -87,6 +88,8 @@ class TunedDocumentLoader extends DefaultDocumentLoader {
             
nsasaxParserFactory.setFeature("http://xml.org/sax/features/namespaces";, true);
             
nsasaxParserFactory.setFeature("http://xml.org/sax/features/namespace-prefixes";,
                                            true);
+            
saxParserFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, 
Boolean.TRUE);
+            
nsasaxParserFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, 
Boolean.TRUE);
         } catch (Throwable e) {
             //ignore
         }
diff --git 
a/tools/common/src/main/java/org/apache/cxf/tools/common/dom/SchemaValidatingSAXParser.java
 
b/tools/common/src/main/java/org/apache/cxf/tools/common/dom/SchemaValidatingSAXParser.java
deleted file mode 100644
index a90c1ff..0000000
--- 
a/tools/common/src/main/java/org/apache/cxf/tools/common/dom/SchemaValidatingSAXParser.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.tools.common.dom;
-
-import java.io.InputStream;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import javax.xml.XMLConstants;
-import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
-import javax.xml.transform.stream.StreamSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.SchemaFactory;
-
-import org.apache.cxf.common.logging.LogUtils;
-
-/**
- * (not thread safe)
- *
- */
-public final class SchemaValidatingSAXParser {
-
-    private static final Logger LOG = 
LogUtils.getL7dLogger(SchemaValidatingSAXParser.class);
-
-    private final SAXParserFactory parserFactory = 
SAXParserFactory.newInstance();
-    private SAXParser parser;
-    private SchemaFactory schemaFactory;
-    private Schema schema;
-
-    public SchemaValidatingSAXParser() {
-        try {
-            parserFactory.setNamespaceAware(true);
-            parser = parserFactory.newSAXParser();
-        } catch (javax.xml.parsers.ParserConfigurationException e) {
-            LOG.log(Level.SEVERE, "SAX_PARSER_CONFIG_ERR_MSG");
-        } catch (org.xml.sax.SAXException saxe) {
-            LOG.log(Level.SEVERE, "SAX_PARSER_EXCEPTION_MSG");
-        }
-        setValidating(true);
-    }
-
-    private InputStream getSchemaLocation() {
-        String toolspec = 
"/org/apache/cxf/tools/common/toolspec/tool-specification.xsd";
-        return getClass().getResourceAsStream(toolspec);
-    }
-
-    public void setValidating(boolean validate) {
-        if (validate) {
-            this.schemaFactory = 
SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
-            try {
-                this.schema = schemaFactory.newSchema(new 
StreamSource(getSchemaLocation()));
-            } catch (org.xml.sax.SAXException e) {
-                LOG.log(Level.SEVERE, "SCHEMA_FACTORY_EXCEPTION_MSG");
-            }
-            try {
-                this.parserFactory.setSchema(this.schema);
-            } catch (UnsupportedOperationException e) {
-                LOG.log(Level.WARNING, "SAX_PARSER_NOT_SUPPORTED", e);
-            }
-        }
-    }
-
-    public SAXParser getSAXParser() {
-        return parser;
-    }
-}
diff --git 
a/tools/common/src/test/java/org/apache/cxf/tools/common/dom/SchemaValidatingSAXParserTest.java
 
b/tools/common/src/test/java/org/apache/cxf/tools/common/dom/SchemaValidatingSAXParserTest.java
deleted file mode 100644
index 5fd047f..0000000
--- 
a/tools/common/src/test/java/org/apache/cxf/tools/common/dom/SchemaValidatingSAXParserTest.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.tools.common.dom;
-
-import org.junit.Assert;
-import org.junit.Test;
-
-public class SchemaValidatingSAXParserTest extends Assert {
-    @Test
-    public void testMassMethod() {
-        SchemaValidatingSAXParser parser = new SchemaValidatingSAXParser();
-        parser.setValidating(true);
-        assertTrue(parser.getSAXParser() != null);
-    }
-}

Reply via email to