| /* |
| * reserved comment block |
| * DO NOT REMOVE OR ALTER! |
| */ |
| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package com.sun.org.apache.xerces.internal.parsers; |
| |
| import com.sun.org.apache.xerces.internal.impl.Constants; |
| import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool; |
| import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager; |
| import com.sun.org.apache.xerces.internal.util.SymbolTable; |
| import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; |
| |
| /** |
| * This configuration allows Xerces to behave in a security-conscious manner; that is, |
| * it permits applications to instruct Xerces to limit certain |
| * operations that could be exploited by malicious document authors to cause a denail-of-service |
| * attack when the document is parsed. |
| * |
| * In addition to the features and properties recognized by the base |
| * parser configuration, this class recognizes these additional |
| * features and properties: |
| * <ul> |
| * <li>Properties |
| * <ul> |
| * <li>http://apache.org/xml/properties/security-manager</li> |
| * </ul> |
| * </ul> |
| * |
| * @author Neil Graham, IBM |
| * |
| */ |
| public class SecurityConfiguration extends XIncludeAwareParserConfiguration |
| { |
| |
| // |
| // Constants |
| // |
| |
| protected static final String SECURITY_MANAGER_PROPERTY = |
| Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; |
| |
| // |
| // Constructors |
| // |
| |
| /** Default constructor. */ |
| public SecurityConfiguration () { |
| this(null, null, null); |
| } // <init>() |
| |
| /** |
| * Constructs a parser configuration using the specified symbol table. |
| * |
| * @param symbolTable The symbol table to use. |
| */ |
| public SecurityConfiguration (SymbolTable symbolTable) { |
| this(symbolTable, null, null); |
| } // <init>(SymbolTable) |
| |
| /** |
| * Constructs a parser configuration using the specified symbol table and |
| * grammar pool. |
| * <p> |
| * <strong>REVISIT:</strong> |
| * Grammar pool will be updated when the new validation engine is |
| * implemented. |
| * |
| * @param symbolTable The symbol table to use. |
| * @param grammarPool The grammar pool to use. |
| */ |
| public SecurityConfiguration (SymbolTable symbolTable, |
| XMLGrammarPool grammarPool) { |
| this(symbolTable, grammarPool, null); |
| } // <init>(SymbolTable,XMLGrammarPool) |
| |
| /** |
| * Constructs a parser configuration using the specified symbol table, |
| * grammar pool, and parent settings. |
| * <p> |
| * <strong>REVISIT:</strong> |
| * Grammar pool will be updated when the new validation engine is |
| * implemented. |
| * |
| * @param symbolTable The symbol table to use. |
| * @param grammarPool The grammar pool to use. |
| * @param parentSettings The parent settings. |
| */ |
| public SecurityConfiguration (SymbolTable symbolTable, |
| XMLGrammarPool grammarPool, |
| XMLComponentManager parentSettings) { |
| super(symbolTable, grammarPool, parentSettings); |
| |
| // create the SecurityManager property: |
| setProperty(SECURITY_MANAGER_PROPERTY, new XMLSecurityManager(true)); |
| } // <init>(SymbolTable,XMLGrammarPool) |
| |
| } // class SecurityConfiguration |