[1/2] git commit: CAMEL-7713 Set the Xerces SecurityManager for the DocumentBuilderFactory by default
Repository: camel Updated Branches: refs/heads/camel-2.12.x 8c4e34ff3 -> a6227486c refs/heads/camel-2.13.x 2c88ba733 -> 34242af15 CAMEL-7713 Set the Xerces SecurityManager for the DocumentBuilderFactory by default Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/34242af1 Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/34242af1 Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/34242af1 Branch: refs/heads/camel-2.13.x Commit: 34242af159d34ac436960019e1f39b5a15c4b6b4 Parents: 2c88ba7 Author: Willem Jiang Authored: Mon Aug 18 20:54:55 2014 +0800 Committer: Willem Jiang Committed: Mon Aug 18 21:33:30 2014 +0800 -- .../org/apache/camel/converter/jaxp/XmlConverter.java | 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/camel/blob/34242af1/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java -- diff --git a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java index 4580c41..2543de5 100644 --- a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java +++ b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java @@ -957,7 +957,19 @@ public class XmlConverter { factory.setFeature("http://xml.org/sax/features/external-general-entities";, false); } catch (ParserConfigurationException e) { LOG.warn("DocumentBuilderFactory doesn't support the feature {} with value {}, due to {}." - , new Object[]{"http://xml.org/sax/features/external-general-entities";, true, e}); + , new Object[]{"http://xml.org/sax/features/external-general-entities";, false, e}); +} +// setup the SecurityManager by default if it's apache xerces +try { +Class smClass = ObjectHelper.loadClass("org.apache.xerces.util.SecurityManager"); +if (smClass != null) { +Object sm = smClass.newInstance(); +// Here we just use the default setting of the SeurityManager + factory.setAttribute("http://apache.org/xml/properties/security-manager";, sm); +} +} catch (Exception e) { +LOG.warn("DocumentBuilderFactory doesn't support the attribute {} with value {}, due to {}." + , new Object[]{"http://apache.org/xml/properties/security-manager";, true, e}); } // setup the feature from the system property setupFeatures(factory);
[2/2] git commit: CAMEL-7713 Set the Xerces SecurityManager for the DocumentBuilderFactory by default
CAMEL-7713 Set the Xerces SecurityManager for the DocumentBuilderFactory by default Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/a6227486 Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/a6227486 Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/a6227486 Branch: refs/heads/camel-2.12.x Commit: a6227486c44620d450a582132a627166608436d7 Parents: 8c4e34f Author: Willem Jiang Authored: Mon Aug 18 20:54:55 2014 +0800 Committer: Willem Jiang Committed: Mon Aug 18 21:33:42 2014 +0800 -- .../org/apache/camel/converter/jaxp/XmlConverter.java | 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/camel/blob/a6227486/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java -- diff --git a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java index 4580c41..2543de5 100644 --- a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java +++ b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java @@ -957,7 +957,19 @@ public class XmlConverter { factory.setFeature("http://xml.org/sax/features/external-general-entities";, false); } catch (ParserConfigurationException e) { LOG.warn("DocumentBuilderFactory doesn't support the feature {} with value {}, due to {}." - , new Object[]{"http://xml.org/sax/features/external-general-entities";, true, e}); + , new Object[]{"http://xml.org/sax/features/external-general-entities";, false, e}); +} +// setup the SecurityManager by default if it's apache xerces +try { +Class smClass = ObjectHelper.loadClass("org.apache.xerces.util.SecurityManager"); +if (smClass != null) { +Object sm = smClass.newInstance(); +// Here we just use the default setting of the SeurityManager + factory.setAttribute("http://apache.org/xml/properties/security-manager";, sm); +} +} catch (Exception e) { +LOG.warn("DocumentBuilderFactory doesn't support the attribute {} with value {}, due to {}." + , new Object[]{"http://apache.org/xml/properties/security-manager";, true, e}); } // setup the feature from the system property setupFeatures(factory);
git commit: CAMEL-7713 Set the Xerces SecurityManager for the DocumentBuilderFactory by default
Repository: camel Updated Branches: refs/heads/master 6f8e98f48 -> b592f2967 CAMEL-7713 Set the Xerces SecurityManager for the DocumentBuilderFactory by default Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/b592f296 Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/b592f296 Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/b592f296 Branch: refs/heads/master Commit: b592f2967798fc3fc21457dd54f0bc7e1d6e6743 Parents: 6f8e98f Author: Willem Jiang Authored: Mon Aug 18 20:54:55 2014 +0800 Committer: Willem Jiang Committed: Mon Aug 18 20:55:14 2014 +0800 -- .../org/apache/camel/converter/jaxp/XmlConverter.java | 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/camel/blob/b592f296/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java -- diff --git a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java index 4580c41..2543de5 100644 --- a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java +++ b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java @@ -957,7 +957,19 @@ public class XmlConverter { factory.setFeature("http://xml.org/sax/features/external-general-entities";, false); } catch (ParserConfigurationException e) { LOG.warn("DocumentBuilderFactory doesn't support the feature {} with value {}, due to {}." - , new Object[]{"http://xml.org/sax/features/external-general-entities";, true, e}); + , new Object[]{"http://xml.org/sax/features/external-general-entities";, false, e}); +} +// setup the SecurityManager by default if it's apache xerces +try { +Class smClass = ObjectHelper.loadClass("org.apache.xerces.util.SecurityManager"); +if (smClass != null) { +Object sm = smClass.newInstance(); +// Here we just use the default setting of the SeurityManager + factory.setAttribute("http://apache.org/xml/properties/security-manager";, sm); +} +} catch (Exception e) { +LOG.warn("DocumentBuilderFactory doesn't support the attribute {} with value {}, due to {}." + , new Object[]{"http://apache.org/xml/properties/security-manager";, true, e}); } // setup the feature from the system property setupFeatures(factory);