/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.sun.org.apache.xerces.internal.parsers;
import com.sun.org.apache.xerces.internal.impl.Constants;
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
import com.sun.org.apache.xerces.internal.util.SymbolTable;
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
This configuration allows Xerces to behave in a security-conscious manner; that is,
it permits applications to instruct Xerces to limit certain
operations that could be exploited by malicious document authors to cause a denail-of-service
attack when the document is parsed.
In addition to the features and properties recognized by the base
parser configuration, this class recognizes these additional
features and properties:
- Properties
- http://apache.org/xml/properties/security-manager
Author: Neil Graham, IBM
/**
* This configuration allows Xerces to behave in a security-conscious manner; that is,
* it permits applications to instruct Xerces to limit certain
* operations that could be exploited by malicious document authors to cause a denail-of-service
* attack when the document is parsed.
*
* In addition to the features and properties recognized by the base
* parser configuration, this class recognizes these additional
* features and properties:
* <ul>
* <li>Properties
* <ul>
* <li>http://apache.org/xml/properties/security-manager</li>
* </ul>
* </ul>
*
* @author Neil Graham, IBM
*
*/
public class SecurityConfiguration extends XIncludeAwareParserConfiguration
{
//
// Constants
//
protected static final String SECURITY_MANAGER_PROPERTY =
Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
//
// Constructors
//
Default constructor. /** Default constructor. */
public SecurityConfiguration () {
this(null, null, null);
} // <init>()
Constructs a parser configuration using the specified symbol table.
Params: - symbolTable – The symbol table to use.
/**
* Constructs a parser configuration using the specified symbol table.
*
* @param symbolTable The symbol table to use.
*/
public SecurityConfiguration (SymbolTable symbolTable) {
this(symbolTable, null, null);
} // <init>(SymbolTable)
Constructs a parser configuration using the specified symbol table and
grammar pool.
REVISIT:
Grammar pool will be updated when the new validation engine is
implemented.
Params: - symbolTable – The symbol table to use.
- grammarPool – The grammar pool to use.
/**
* Constructs a parser configuration using the specified symbol table and
* grammar pool.
* <p>
* <strong>REVISIT:</strong>
* Grammar pool will be updated when the new validation engine is
* implemented.
*
* @param symbolTable The symbol table to use.
* @param grammarPool The grammar pool to use.
*/
public SecurityConfiguration (SymbolTable symbolTable,
XMLGrammarPool grammarPool) {
this(symbolTable, grammarPool, null);
} // <init>(SymbolTable,XMLGrammarPool)
Constructs a parser configuration using the specified symbol table,
grammar pool, and parent settings.
REVISIT:
Grammar pool will be updated when the new validation engine is
implemented.
Params: - symbolTable – The symbol table to use.
- grammarPool – The grammar pool to use.
- parentSettings – The parent settings.
/**
* Constructs a parser configuration using the specified symbol table,
* grammar pool, and parent settings.
* <p>
* <strong>REVISIT:</strong>
* Grammar pool will be updated when the new validation engine is
* implemented.
*
* @param symbolTable The symbol table to use.
* @param grammarPool The grammar pool to use.
* @param parentSettings The parent settings.
*/
public SecurityConfiguration (SymbolTable symbolTable,
XMLGrammarPool grammarPool,
XMLComponentManager parentSettings) {
super(symbolTable, grammarPool, parentSettings);
// create the SecurityManager property:
setProperty(SECURITY_MANAGER_PROPERTY, new XMLSecurityManager(true));
} // <init>(SymbolTable,XMLGrammarPool)
} // class SecurityConfiguration