On 11/14/2013 2:51 AM, Alan Bateman wrote:
On 13/11/2013 22:08, huizhe wang wrote:
:
Each parser has its own copy of XMLSecurityManager that maintains the
values of the limits. The parser is reset before it starts to parse a
document. Resetting the values managed by XMLSecurityManager
therefore makes sure that the limits are per document.
Daniel sent me a private email to question if the reset in
PropertyManager is safe. He was right. I traced that back to the
previous patch in that the StAX parsers actually were sharing the
same XMLSecurityManager, and also XMLSecurityPropertyManager. I've
changed the code so that they are cloned.
webrev:
http://cr.openjdk.java.net/~joehw/jdk8/8028111/webrev/
Sorry about that, having it called XMLSecurityManager when it's not a
SecurityManager is always confusing. In that case, it looks okay to me.
It was worse if you remember we changed it to XMLSecurityManager from
SecurityManager in the 7u45 release, so at least it's XML security
manager, not security manager SecurityManager :-)
We can refactor it easily if it's annoying to read. But probably next
time when we have a bit more time.
-Joe
-Alan.
