diff --git a/jaxws-ri/runtime/httpspi-servlet/src/main/java/com/sun/xml/ws/transport/httpspi/servlet/DeploymentDescriptorParser.java b/jaxws-ri/runtime/httpspi-servlet/src/main/java/com/sun/xml/ws/transport/httpspi/servlet/DeploymentDescriptorParser.java
index ac4d86fea..9ef0e090e 100644
--- a/jaxws-ri/runtime/httpspi-servlet/src/main/java/com/sun/xml/ws/transport/httpspi/servlet/DeploymentDescriptorParser.java
+++ b/jaxws-ri/runtime/httpspi-servlet/src/main/java/com/sun/xml/ws/transport/httpspi/servlet/DeploymentDescriptorParser.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2021 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2023 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Distribution License v. 1.0, which is available at
@@ -47,8 +47,8 @@ public class DeploymentDescriptorParser {
private final ResourceLoader loader;
private final AdapterFactory adapterFactory;
- // securite xml processing always enabled - parsing deployment descriptor ...
- private static final XMLInputFactory xif = XmlUtil.newXMLInputFactory(true);
+ // secure xml processing always enabled - parsing deployment descriptor ...
+ private static final XMLInputFactory xif = XmlUtil.newXMLInputFactory(false);
/**
* Endpoint names that are declared.
diff --git a/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/api/streaming/XMLStreamReaderFactory.java b/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/api/streaming/XMLStreamReaderFactory.java
index 8503a71cd..4514fe58e 100644
--- a/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/api/streaming/XMLStreamReaderFactory.java
+++ b/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/api/streaming/XMLStreamReaderFactory.java
@@ -99,7 +99,7 @@ private static XMLInputFactory getXMLInputFactory() {
}
}
if (xif == null) {
- xif = XmlUtil.newXMLInputFactory(true);
+ xif = XmlUtil.newXMLInputFactory(false);
}
xif.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, true);
xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
diff --git a/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/assembler/MetroConfigLoader.java b/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/assembler/MetroConfigLoader.java
index 9c16b97e7..544db5276 100644
--- a/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/assembler/MetroConfigLoader.java
+++ b/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/assembler/MetroConfigLoader.java
@@ -225,7 +225,7 @@ private static MetroConfig loadMetroConfig(@NotNull URL resourceUrl) {
try (InputStream is = getConfigInputStream(resourceUrl)) {
JAXBContext jaxbContext = createJAXBContext();
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
- XMLInputFactory factory = XmlUtil.newXMLInputFactory(true);
+ XMLInputFactory factory = XmlUtil.newXMLInputFactory(false);
JAXBElement configElement = unmarshaller.unmarshal(factory.createXMLStreamReader(is), MetroConfig.class);
return configElement.getValue();
} catch (Exception e) {
diff --git a/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/commons/xmlutil/Converter.java b/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/commons/xmlutil/Converter.java
index 42dbd1cb8..4e813c558 100644
--- a/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/commons/xmlutil/Converter.java
+++ b/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/commons/xmlutil/Converter.java
@@ -164,7 +164,7 @@ public static byte[] toBytes(Message message, String encoding) throws XMLStreamE
* @return {@link com.sun.xml.ws.api.message.Message} object created from the data stream
*/
public static Message toMessage(@NotNull InputStream dataStream, String encoding) throws XMLStreamException {
- XMLStreamReader xsr = XmlUtil.newXMLInputFactory(true).createXMLStreamReader(dataStream, encoding);
+ XMLStreamReader xsr = XmlUtil.newXMLInputFactory(false).createXMLStreamReader(dataStream, encoding);
return Messages.create(xsr);
}
diff --git a/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/policy/jaxws/PolicyWSDLParserExtension.java b/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/policy/jaxws/PolicyWSDLParserExtension.java
index 3b542f790..904bd5ad9 100644
--- a/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/policy/jaxws/PolicyWSDLParserExtension.java
+++ b/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/policy/jaxws/PolicyWSDLParserExtension.java
@@ -608,7 +608,7 @@ private boolean readExternalFile(final String fileUrl) {
try {
final URL xmlURL = new URL(fileUrl);
ios = xmlURL.openStream();
- reader = XmlUtil.newXMLInputFactory(true).createXMLStreamReader(ios);
+ reader = XmlUtil.newXMLInputFactory(false).createXMLStreamReader(ios);
while (reader.hasNext()) {
if (reader.isStartElement() && NamespaceVersion.resolveAsToken(reader.getName()) == XmlToken.Policy) {
readSinglePolicy(policyReader.readPolicyElement(reader, fileUrl), false);
diff --git a/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/server/EndpointFactory.java b/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/server/EndpointFactory.java
index 88d46fdba..6cf99f4ef 100644
--- a/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/server/EndpointFactory.java
+++ b/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/server/EndpointFactory.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2019 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2023 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Distribution License v. 1.0, which is available at
@@ -94,7 +94,7 @@
*/
public class EndpointFactory {
private static final EndpointFactory instance = new EndpointFactory();
-
+
public static EndpointFactory getInstance() {
return instance;
}
@@ -304,7 +304,7 @@ public WSEndpoint create(
}
protected WSEndpoint create(QName serviceName, QName portName, WSBinding binding, Container container, SEIModel seiModel, WSDLPort wsdlPort, Class implType, ServiceDefinitionImpl serviceDefinition, EndpointAwareTube terminal, boolean isTransportSynchronous, PolicyMap policyMap) {
- return new WSEndpointImpl(serviceName, portName, binding, container, seiModel,
+ return new WSEndpointImpl(serviceName, portName, binding, container, seiModel,
wsdlPort, implType, serviceDefinition, terminal, isTransportSynchronous, policyMap);
}
@@ -357,24 +357,24 @@ public Iterator iterator() {
break;
}
}
-
+
if (doc == null) {
// old metadata doesn't have this imported doc, may be external
- if (resolver != null) {
- try {
- InputSource source = resolver.resolveEntity(null, url);
- if (source != null) {
- MutableXMLStreamBuffer xsb = new MutableXMLStreamBuffer();
- XMLStreamReader reader = XmlUtil.newXMLInputFactory(true).createXMLStreamReader(source.getByteStream());
- xsb.createFromXMLStreamReader(reader);
-
- SDDocumentSource sdocSource = SDDocumentImpl.create(new URL(url), xsb);
- doc = SDDocumentImpl.create(sdocSource, null, null);
- }
- } catch (Exception ex) {
- ex.printStackTrace();
- }
- }
+ if (resolver != null) {
+ try {
+ InputSource source = resolver.resolveEntity(null, url);
+ if (source != null) {
+ MutableXMLStreamBuffer xsb = new MutableXMLStreamBuffer();
+ XMLStreamReader reader = XmlUtil.newXMLInputFactory(false).createXMLStreamReader(source.getByteStream());
+ xsb.createFromXMLStreamReader(reader);
+
+ SDDocumentSource sdocSource = SDDocumentImpl.create(new URL(url), xsb);
+ doc = SDDocumentImpl.create(sdocSource, null, null);
+ }
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
}
}
// Check if new metadata already contains this doc
@@ -383,7 +383,7 @@ public Iterator iterator() {
remaining.addAll(doc.getImports());
}
}
-
+
return newMap.values().iterator();
}
@@ -881,7 +881,7 @@ public Iterator iterator() {
final Iterator> colIt = cols.iterator();
return new Iterator() {
private Iterator current = null;
-
+
@Override
public boolean hasNext() {
if (current == null || !current.hasNext()) {
diff --git a/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/util/xml/XmlUtil.java b/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/util/xml/XmlUtil.java
index 5ea7127fa..2e7720a29 100644
--- a/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/util/xml/XmlUtil.java
+++ b/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/util/xml/XmlUtil.java
@@ -63,11 +63,7 @@
*/
public class XmlUtil {
- // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used
- private static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema";
-
- private final static String LEXICAL_HANDLER_PROPERTY =
- "http://xml.org/sax/properties/lexical-handler";
+ private final static String LEXICAL_HANDLER_PROPERTY = "http://xml.org/sax/properties/lexical-handler";
private static final String DISALLOW_DOCTYPE_DECL = "http://apache.org/xml/features/disallow-doctype-decl";
private static final String EXTERNAL_GE = "http://xml.org/sax/features/external-general-entities";
@@ -129,34 +125,6 @@ public static String getAttributeNSOrNull(
return a.getValue();
}
-/* public static boolean matchesTagNS(Element e, String tag, String nsURI) {
- try {
- return e.getLocalName().equals(tag)
- && e.getNamespaceURI().equals(nsURI);
- } catch (NullPointerException npe) {
-
- // localname not null since parsing would fail before here
- throw new WSDLParseException(
- "null.namespace.found",
- e.getLocalName());
- }
- }
-
- public static boolean matchesTagNS(
- Element e,
- javax.xml.namespace.QName name) {
- try {
- return e.getLocalName().equals(name.getLocalPart())
- && e.getNamespaceURI().equals(name.getNamespaceURI());
- } catch (NullPointerException npe) {
-
- // localname not null since parsing would fail before here
- throw new WSDLParseException(
- "null.namespace.found",
- e.getLocalName());
- }
- }*/
-
public static Iterator getAllChildren(Element element) {
return new NodeListIterator(element.getChildNodes());
}
@@ -384,7 +352,7 @@ public static XPathFactory newXPathFactory(boolean disableSecurity) {
public static XMLInputFactory newXMLInputFactory(boolean disableSecurity) {
XMLInputFactory factory = XMLInputFactory.newInstance();
- if (xmlSecurityDisabled(disableSecurity)) {
+ if (!xmlSecurityDisabled(disableSecurity)) {
// TODO-Miran: are those apppropriate defaults?
factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
@@ -419,14 +387,14 @@ public static SchemaFactory allowExternalAccess(SchemaFactory sf, String value,
}
try {
- sf.setProperty(ACCESS_EXTERNAL_SCHEMA, value);
+ sf.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, value);
if (LOGGER.isLoggable(Level.FINE)) {
- LOGGER.log(Level.FINE, "Property \"{0}\" is supported and has been successfully set by used JAXP implementation.", new Object[]{ACCESS_EXTERNAL_SCHEMA});
+ LOGGER.log(Level.FINE, "Property \"{0}\" is supported and has been successfully set by used JAXP implementation.", new Object[]{XMLConstants.ACCESS_EXTERNAL_SCHEMA});
}
} catch (SAXException ignored) {
// nothing to do; support depends on version JDK or SAX implementation
if (LOGGER.isLoggable(Level.CONFIG)) {
- LOGGER.log(Level.CONFIG, "Property \"{0}\" is not supported by used JAXP implementation.", new Object[]{ACCESS_EXTERNAL_SCHEMA});
+ LOGGER.log(Level.CONFIG, "Property \"{0}\" is not supported by used JAXP implementation.", new Object[]{XMLConstants.ACCESS_EXTERNAL_SCHEMA});
}
}
return sf;
diff --git a/jaxws-ri/runtime/rt/src/test/java/com/sun/xml/ws/util/xml/XmlUtilTest.java b/jaxws-ri/runtime/rt/src/test/java/com/sun/xml/ws/util/xml/XmlUtilTest.java
index d63deb128..add3ec933 100644
--- a/jaxws-ri/runtime/rt/src/test/java/com/sun/xml/ws/util/xml/XmlUtilTest.java
+++ b/jaxws-ri/runtime/rt/src/test/java/com/sun/xml/ws/util/xml/XmlUtilTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, 2019 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2022 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Distribution License v. 1.0, which is available at
@@ -14,6 +14,18 @@
import java.lang.reflect.Method;
import junit.framework.TestCase;
+import org.junit.Assert;
+import org.xml.sax.SAXNotRecognizedException;
+import org.xml.sax.SAXNotSupportedException;
+
+import javax.xml.XMLConstants;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.parsers.SAXParserFactory;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.xpath.XPathFactory;
+import javax.xml.xpath.XPathFactoryConfigurationException;
public class XmlUtilTest extends TestCase {
@@ -56,5 +68,40 @@ public void testXmlSecurityDisabled() throws InstantiationException, IllegalAcce
fieldDisabledBySetting.set(com.sun.xml.ws.util.xml.XmlUtil.class, disabledBySetting);
}
}
+
+ public void testNewDocumentBuilderFactory() {
+ DocumentBuilderFactory factory = XmlUtil.newDocumentBuilderFactory(false);
+ Assert.assertFalse(factory.isExpandEntityReferences());
+ factory = XmlUtil.newDocumentBuilderFactory(true);
+ Assert.assertTrue(factory.isExpandEntityReferences());
+ }
+
+ public void testNewTransformerFactory() {
+ TransformerFactory factory = XmlUtil.newTransformerFactory(false);
+ Assert.assertTrue(factory.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING));
+ factory = XmlUtil.newTransformerFactory(true);
+ Assert.assertFalse(factory.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING));
+ }
+
+ public void testNewSAXParserFactory() throws SAXNotSupportedException, SAXNotRecognizedException, ParserConfigurationException {
+ SAXParserFactory factory = XmlUtil.newSAXParserFactory(false);
+ Assert.assertTrue(factory.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING));
+ factory = XmlUtil.newSAXParserFactory(true);
+ Assert.assertFalse(factory.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING));
+ }
+
+ public void testNewXPathFactory() throws XPathFactoryConfigurationException {
+ XPathFactory factory = XmlUtil.newXPathFactory(false);
+ Assert.assertTrue(factory.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING));
+ factory = XmlUtil.newXPathFactory(true);
+ Assert.assertFalse(factory.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING));
+ }
+
+ public void testNewXMLInputFactory() {
+ XMLInputFactory factory = XmlUtil.newXMLInputFactory(false);
+ Assert.assertFalse((Boolean) factory.getProperty(XMLInputFactory.SUPPORT_DTD));
+ factory = XmlUtil.newXMLInputFactory(true);
+ Assert.assertTrue((Boolean) factory.getProperty(XMLInputFactory.SUPPORT_DTD));
+ }
}