[1/2] git commit: CAMEL-7713 Set the Xerces SecurityManager for the DocumentBuilderFactory by default
Repository: camel
Updated Branches:
refs/heads/camel-2.12.x 8c4e34ff3 -> a6227486c
refs/heads/camel-2.13.x 2c88ba733 -> 34242af15
CAMEL-7713 Set the Xerces SecurityManager for the DocumentBuilderFactory by
default
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/34242af1
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/34242af1
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/34242af1
Branch: refs/heads/camel-2.13.x
Commit: 34242af159d34ac436960019e1f39b5a15c4b6b4
Parents: 2c88ba7
Author: Willem Jiang
Authored: Mon Aug 18 20:54:55 2014 +0800
Committer: Willem Jiang
Committed: Mon Aug 18 21:33:30 2014 +0800
--
.../org/apache/camel/converter/jaxp/XmlConverter.java | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/camel/blob/34242af1/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
--
diff --git
a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
index 4580c41..2543de5 100644
--- a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
+++ b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
@@ -957,7 +957,19 @@ public class XmlConverter {
factory.setFeature("http://xml.org/sax/features/external-general-entities";,
false);
} catch (ParserConfigurationException e) {
LOG.warn("DocumentBuilderFactory doesn't support the feature {}
with value {}, due to {}."
- , new
Object[]{"http://xml.org/sax/features/external-general-entities";, true, e});
+ , new
Object[]{"http://xml.org/sax/features/external-general-entities";, false, e});
+}
+// setup the SecurityManager by default if it's apache xerces
+try {
+Class smClass =
ObjectHelper.loadClass("org.apache.xerces.util.SecurityManager");
+if (smClass != null) {
+Object sm = smClass.newInstance();
+// Here we just use the default setting of the SeurityManager
+
factory.setAttribute("http://apache.org/xml/properties/security-manager";, sm);
+}
+} catch (Exception e) {
+LOG.warn("DocumentBuilderFactory doesn't support the attribute {}
with value {}, due to {}."
+ , new
Object[]{"http://apache.org/xml/properties/security-manager";, true, e});
}
// setup the feature from the system property
setupFeatures(factory);
[2/2] git commit: CAMEL-7713 Set the Xerces SecurityManager for the DocumentBuilderFactory by default
CAMEL-7713 Set the Xerces SecurityManager for the DocumentBuilderFactory by
default
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/a6227486
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/a6227486
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/a6227486
Branch: refs/heads/camel-2.12.x
Commit: a6227486c44620d450a582132a627166608436d7
Parents: 8c4e34f
Author: Willem Jiang
Authored: Mon Aug 18 20:54:55 2014 +0800
Committer: Willem Jiang
Committed: Mon Aug 18 21:33:42 2014 +0800
--
.../org/apache/camel/converter/jaxp/XmlConverter.java | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/camel/blob/a6227486/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
--
diff --git
a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
index 4580c41..2543de5 100644
--- a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
+++ b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
@@ -957,7 +957,19 @@ public class XmlConverter {
factory.setFeature("http://xml.org/sax/features/external-general-entities";,
false);
} catch (ParserConfigurationException e) {
LOG.warn("DocumentBuilderFactory doesn't support the feature {}
with value {}, due to {}."
- , new
Object[]{"http://xml.org/sax/features/external-general-entities";, true, e});
+ , new
Object[]{"http://xml.org/sax/features/external-general-entities";, false, e});
+}
+// setup the SecurityManager by default if it's apache xerces
+try {
+Class smClass =
ObjectHelper.loadClass("org.apache.xerces.util.SecurityManager");
+if (smClass != null) {
+Object sm = smClass.newInstance();
+// Here we just use the default setting of the SeurityManager
+
factory.setAttribute("http://apache.org/xml/properties/security-manager";, sm);
+}
+} catch (Exception e) {
+LOG.warn("DocumentBuilderFactory doesn't support the attribute {}
with value {}, due to {}."
+ , new
Object[]{"http://apache.org/xml/properties/security-manager";, true, e});
}
// setup the feature from the system property
setupFeatures(factory);
git commit: CAMEL-7713 Set the Xerces SecurityManager for the DocumentBuilderFactory by default
Repository: camel
Updated Branches:
refs/heads/master 6f8e98f48 -> b592f2967
CAMEL-7713 Set the Xerces SecurityManager for the DocumentBuilderFactory by
default
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/b592f296
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/b592f296
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/b592f296
Branch: refs/heads/master
Commit: b592f2967798fc3fc21457dd54f0bc7e1d6e6743
Parents: 6f8e98f
Author: Willem Jiang
Authored: Mon Aug 18 20:54:55 2014 +0800
Committer: Willem Jiang
Committed: Mon Aug 18 20:55:14 2014 +0800
--
.../org/apache/camel/converter/jaxp/XmlConverter.java | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/camel/blob/b592f296/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
--
diff --git
a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
index 4580c41..2543de5 100644
--- a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
+++ b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
@@ -957,7 +957,19 @@ public class XmlConverter {
factory.setFeature("http://xml.org/sax/features/external-general-entities";,
false);
} catch (ParserConfigurationException e) {
LOG.warn("DocumentBuilderFactory doesn't support the feature {}
with value {}, due to {}."
- , new
Object[]{"http://xml.org/sax/features/external-general-entities";, true, e});
+ , new
Object[]{"http://xml.org/sax/features/external-general-entities";, false, e});
+}
+// setup the SecurityManager by default if it's apache xerces
+try {
+Class smClass =
ObjectHelper.loadClass("org.apache.xerces.util.SecurityManager");
+if (smClass != null) {
+Object sm = smClass.newInstance();
+// Here we just use the default setting of the SeurityManager
+
factory.setAttribute("http://apache.org/xml/properties/security-manager";, sm);
+}
+} catch (Exception e) {
+LOG.warn("DocumentBuilderFactory doesn't support the attribute {}
with value {}, due to {}."
+ , new
Object[]{"http://apache.org/xml/properties/security-manager";, true, e});
}
// setup the feature from the system property
setupFeatures(factory);
