[olingo-odata4] branch master updated: [OLINGO-1409] XML serializer defaults

Mon, 11 Nov 2019 20:05:13 -0800 

This is an automated email from the ASF dual-hosted git repository.

mibo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/olingo-odata4.git


The following commit(s) were added to refs/heads/master by this push:
     new 5948974  [OLINGO-1409] XML serializer defaults
5948974 is described below

commit 5948974ad28271818e2afe747c71cde56a7f2c63
Author: mibo <[email protected]>
AuthorDate: Tue Nov 12 04:59:33 2019 +0100

    [OLINGO-1409] XML serializer defaults
---
 .../apache/olingo/server/core/MetadataParser.java   | 21 ++++++++++++++-------
 .../core/deserializer/xml/ODataXmlDeserializer.java |  2 ++
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git 
a/lib/server-core-ext/src/main/java/org/apache/olingo/server/core/MetadataParser.java
 
b/lib/server-core-ext/src/main/java/org/apache/olingo/server/core/MetadataParser.java
index 150c49c..3eeaef3 100644
--- 
a/lib/server-core-ext/src/main/java/org/apache/olingo/server/core/MetadataParser.java
+++ 
b/lib/server-core-ext/src/main/java/org/apache/olingo/server/core/MetadataParser.java
@@ -162,7 +162,7 @@ public class MetadataParser {
   }
 
   public SchemaBasedEdmProvider buildEdmProvider(Reader csdl) throws 
XMLStreamException {
-    XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
+    XMLInputFactory xmlInputFactory = createXmlInputFactory();
     XMLEventReader reader = xmlInputFactory.createXMLEventReader(csdl);    
     return buildEdmProvider(reader, this.referenceResolver, 
this.implicitlyLoadCoreVocabularies,
             this.useLocalCoreVocabularies, true, null);
@@ -170,17 +170,17 @@ public class MetadataParser {
   
   public SchemaBasedEdmProvider addToEdmProvider(SchemaBasedEdmProvider 
existing, Reader csdl)
       throws XMLStreamException {
-    XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
+    XMLInputFactory xmlInputFactory = createXmlInputFactory();
     XMLEventReader reader = xmlInputFactory.createXMLEventReader(csdl);
     return addToEdmProvider(existing, reader, this.referenceResolver, 
this.implicitlyLoadCoreVocabularies,
         this.useLocalCoreVocabularies, true, null);
   }
-  
+
   protected SchemaBasedEdmProvider buildEdmProvider(Reader csdl, 
ReferenceResolver resolver,
                                                     boolean loadCore, boolean 
useLocal,
                                                     boolean 
loadReferenceSchemas, String namespace)
           throws XMLStreamException {
-    XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
+    XMLInputFactory xmlInputFactory = createXmlInputFactory();
     XMLEventReader reader = xmlInputFactory.createXMLEventReader(csdl);
     return buildEdmProvider(reader, resolver, loadCore, useLocal, 
loadReferenceSchemas, namespace);
   }
@@ -189,7 +189,7 @@ public class MetadataParser {
                                                     boolean loadCore, boolean 
useLocal,
                                                     boolean 
loadReferenceSchemas, String namespace)
           throws XMLStreamException {
-    XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
+    XMLInputFactory xmlInputFactory = createXmlInputFactory();
     XMLEventReader reader = xmlInputFactory.createXMLEventReader(csdl);
     return buildEdmProvider(reader, resolver, loadCore, useLocal, 
loadReferenceSchemas, namespace);
   } 
@@ -249,8 +249,15 @@ public class MetadataParser {
           : fixXmlBase(xmlBase.toString()), resolver, loadCore, useLocal);
     }
     return provider;
-  }  
-  
+  }
+
+  private XMLInputFactory createXmlInputFactory() {
+    XMLInputFactory factory = XMLInputFactory.newInstance();
+    factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
+    factory.setProperty("javax.xml.stream.isSupportingExternalEntities", 
false);
+    return factory;
+  }
+
   private void loadReferencesSchemas(SchemaBasedEdmProvider provider,
       String xmlBase, ReferenceResolver resolver, boolean loadCore,
       boolean useLocal) {    
diff --git 
a/lib/server-core/src/main/java/org/apache/olingo/server/core/deserializer/xml/ODataXmlDeserializer.java
 
b/lib/server-core/src/main/java/org/apache/olingo/server/core/deserializer/xml/ODataXmlDeserializer.java
index c8a1fcb..8356cba 100644
--- 
a/lib/server-core/src/main/java/org/apache/olingo/server/core/deserializer/xml/ODataXmlDeserializer.java
+++ 
b/lib/server-core/src/main/java/org/apache/olingo/server/core/deserializer/xml/ODataXmlDeserializer.java
@@ -94,6 +94,8 @@ public class ODataXmlDeserializer implements 
ODataDeserializer {
   }
   
   protected XMLEventReader getReader(final InputStream input) throws 
XMLStreamException {
+    FACTORY.setProperty(XMLInputFactory.SUPPORT_DTD, false);
+    FACTORY.setProperty("javax.xml.stream.isSupportingExternalEntities", 
false);
     return FACTORY.createXMLEventReader(input);
   }

Reply via email to