[PLINK-509] setting required parser features

pskopek · pskopek · commit e81bf14ea6db · 2014-07-15T18:40:43.000+02:00
diff --git a/modules/common/src/main/java/org/picketlink/common/DefaultPicketLinkLogger.java b/modules/common/src/main/java/org/picketlink/common/DefaultPicketLinkLogger.java
@@ -2374,4 +2374,9 @@ public RuntimeException cannotSetMaxPoolSizeToNegative(String max) {
         return new RuntimeException("Cannot set maximum STS client pool size to negative number (" + max + ")");
     }
 
+    @Override
+    public RuntimeException parserFeatureNotSupported(String feature) {
+        return new RuntimeException("Parser feature " + feature + " not supported.");
+    }
+
 }
diff --git a/modules/common/src/main/java/org/picketlink/common/PicketLinkLogger.java b/modules/common/src/main/java/org/picketlink/common/PicketLinkLogger.java
@@ -1215,4 +1215,6 @@ public interface PicketLinkLogger {
 
     RuntimeException cannotSetMaxPoolSizeToNegative(String max);
 
+    RuntimeException parserFeatureNotSupported(String feature);
+
 }
diff --git a/modules/common/src/main/java/org/picketlink/common/util/DocumentUtil.java b/modules/common/src/main/java/org/picketlink/common/util/DocumentUtil.java
@@ -66,6 +66,10 @@ public class DocumentUtil {
 
     private static DocumentBuilderFactory documentBuilderFactory;
 
+    public static final String feature_external_general_entities = "http://xml.org/sax/features/external-general-entities";
+    public static final String feature_external_parameter_entities = "http://xml.org/sax/features/external-parameter-entities";
+    public static final String feature_disallow_doctype_decl = "http://apache.org/xml/features/disallow-doctype-decl";
+
     /**
      * Check whether a node belongs to a document
      *
@@ -517,6 +521,17 @@ private static DocumentBuilderFactory getDocumentBuilderFactory() {
                 documentBuilderFactory = DocumentBuilderFactory.newInstance();
                 documentBuilderFactory.setNamespaceAware(true);
                 documentBuilderFactory.setXIncludeAware(true);
+                String feature = "";
+                try {
+                    feature = feature_disallow_doctype_decl;
+                    documentBuilderFactory.setFeature(feature, true);
+                    feature = feature_external_general_entities;
+                    documentBuilderFactory.setFeature(feature, false);
+                    feature = feature_external_parameter_entities;
+                    documentBuilderFactory.setFeature(feature, false);
+                } catch (ParserConfigurationException e) {
+                    throw logger.parserFeatureNotSupported(feature);
+                }
             } finally {
                 if (tccl_jaxp) {
                     SecurityActions.setTCCL(prevTCCL);

Original file line number	Diff line number	Diff line change
`@@ -2374,4 +2374,9 @@ public RuntimeException cannotSetMaxPoolSizeToNegative(String max) {`
`2374`	`2374`	`return new RuntimeException("Cannot set maximum STS client pool size to negative number (" + max + ")");`
`2375`	`2375`	`}`
`2376`	`2376`
	`2377`	`+ @Override`
	`2378`	`+ public RuntimeException parserFeatureNotSupported(String feature) {`
	`2379`	`+ return new RuntimeException("Parser feature " + feature + " not supported.");`
	`2380`	`+ }`
	`2381`	`+`
`2377`	`2382`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1215,4 +1215,6 @@ public interface PicketLinkLogger {`
`1215`	`1215`
`1216`	`1216`	`RuntimeException cannotSetMaxPoolSizeToNegative(String max);`
`1217`	`1217`
	`1218`	`+ RuntimeException parserFeatureNotSupported(String feature);`
	`1219`	`+`
`1218`	`1220`	`}`