Commit 221d024e984dce7adf064d52454aec63cc910777
1 parent
57126ed132
Exists in
master
Transfer code from svn to gitlab.alfresco.com
Showing
8 changed files
with
371 additions
and
0 deletions
Show diff stats
pom.xml
... | ... | @@ -0,0 +1,107 @@ |
1 | +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
2 | + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | |
3 | + <modelVersion>4.0.0</modelVersion> | |
4 | + | |
5 | + <groupId>org.alfresco</groupId> | |
6 | + <artifactId>alfresco-xmlfactory</artifactId> | |
7 | + <version>1.0.4-SNAPSHOT</version> | |
8 | + <packaging>jar</packaging> | |
9 | + <name>xmlfactory</name> | |
10 | + <description>Alfresco-defined SAXParserFactory and DocumentBuilderFactory implementations, derived from the Xerces versions, | |
11 | + which allow features to be configured on and off at bootstrap</description> | |
12 | + <url>http://www.alfresco.com/</url> | |
13 | + | |
14 | + <properties> | |
15 | + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> | |
16 | + </properties> | |
17 | + | |
18 | + <issueManagement> | |
19 | + <system>JIRA</system> | |
20 | + <url>https://issues.alfresco.com/jira/browse/ACE</url> | |
21 | + </issueManagement> | |
22 | + | |
23 | + <scm> | |
24 | + <connection>scm:svn:http://svn.alfresco.com/repos/alfresco-open-mirror/modules/xmlfactory</connection> | |
25 | + <developerConnection>scm:svn:https://${user.name}@svn.alfresco.com/repos/alfresco-enterprise/modules/xmlfactory</developerConnection> | |
26 | + <url>http://svn.alfresco.com/repos/alfresco-open-mirror/modules/xmlfactory</url> | |
27 | + </scm> | |
28 | + | |
29 | + <repositories> | |
30 | + <repository> | |
31 | + <id>alfresco-public-snapshots</id> | |
32 | + <url>https://artifacts.alfresco.com/nexus/content/groups/public-snapshots</url> | |
33 | + <snapshots> | |
34 | + <enabled>true</enabled> | |
35 | + <updatePolicy>daily</updatePolicy> | |
36 | + </snapshots> | |
37 | + </repository> | |
38 | + <repository> | |
39 | + <id>alfresco-public</id> | |
40 | + <url>https://artifacts.alfresco.com/nexus/content/groups/public</url> | |
41 | + </repository> | |
42 | + </repositories> | |
43 | + | |
44 | + <distributionManagement> | |
45 | + <repository> | |
46 | + <id>alfresco-internal-releases</id> | |
47 | + <url>https://nexus.alfresco.com/nexus/content/repositories/internal-releases</url> | |
48 | + </repository> | |
49 | + <snapshotRepository> | |
50 | + <id>alfresco-internal-snapshots</id> | |
51 | + <url>https://nexus.alfresco.com/nexus/content/repositories/internal-snapshots</url> | |
52 | + </snapshotRepository> | |
53 | + </distributionManagement> | |
54 | + | |
55 | + <dependencies> | |
56 | + <dependency> | |
57 | + <groupId>junit</groupId> | |
58 | + <artifactId>junit</artifactId> | |
59 | + <version>3.8.1</version> | |
60 | + <scope>test</scope> | |
61 | + </dependency> | |
62 | + <dependency> | |
63 | + <groupId>xerces</groupId> | |
64 | + <artifactId>xercesImpl</artifactId> | |
65 | + <version>2.10.0-alfresco-patched</version> | |
66 | + </dependency> | |
67 | + <dependency> | |
68 | + <groupId>commons-logging</groupId> | |
69 | + <artifactId>commons-logging</artifactId> | |
70 | + <version>1.1.1</version> | |
71 | + <scope>provided</scope> | |
72 | + </dependency> | |
73 | + </dependencies> | |
74 | + | |
75 | + <build> | |
76 | + <plugins> | |
77 | + <plugin> | |
78 | + <groupId>org.apache.maven.plugins</groupId> | |
79 | + <artifactId>maven-compiler-plugin</artifactId> | |
80 | + <version>3.1</version> | |
81 | + <configuration> | |
82 | + <target>1.5</target> | |
83 | + </configuration> | |
84 | + </plugin> | |
85 | + | |
86 | + <plugin> | |
87 | + <groupId>org.apache.maven.plugins</groupId> | |
88 | + <artifactId>maven-assembly-plugin</artifactId> | |
89 | + <version>2.4</version> | |
90 | + <configuration> | |
91 | + <descriptors> | |
92 | + <descriptor>src/assembly/bin.xml</descriptor> | |
93 | + </descriptors> | |
94 | + </configuration> | |
95 | + <executions> | |
96 | + <execution> | |
97 | + <phase>package</phase> | |
98 | + <goals> | |
99 | + <goal>single</goal> | |
100 | + </goals> | |
101 | + </execution> | |
102 | + </executions> | |
103 | + </plugin> | |
104 | + </plugins> | |
105 | + </build> | |
106 | + | |
107 | +</project> | ... | ... |
src/assembly/bin.xml
... | ... | @@ -0,0 +1,13 @@ |
1 | +<assembly> | |
2 | + <id>bin</id> | |
3 | + <formats> | |
4 | + <format>zip</format> | |
5 | + </formats> | |
6 | + <dependencySets> | |
7 | + <dependencySet> | |
8 | + <unpack>false</unpack> | |
9 | + <scope>runtime</scope> | |
10 | + <outputDirectory>lib</outputDirectory> | |
11 | + </dependencySet> | |
12 | + </dependencySets> | |
13 | +</assembly> | ... | ... |
src/main/java/org/alfresco/xmlfactory/DocumentBuilderFactoryXercesImpl.java
... | ... | @@ -0,0 +1,46 @@ |
1 | +/* | |
2 | + * Copyright (C) 2005-2014 Alfresco Software Limited. | |
3 | + * | |
4 | + * This file is part of Alfresco | |
5 | + * | |
6 | + * Alfresco is free software: you can redistribute it and/or modify | |
7 | + * it under the terms of the GNU Lesser General Public License as published by | |
8 | + * the Free Software Foundation, either version 3 of the License, or | |
9 | + * (at your option) any later version. | |
10 | + * | |
11 | + * Alfresco is distributed in the hope that it will be useful, | |
12 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | + * GNU Lesser General Public License for more details. | |
15 | + * | |
16 | + * You should have received a copy of the GNU Lesser General Public License | |
17 | + * along with Alfresco. If not, see <http://www.gnu.org/licenses/>. | |
18 | + */ | |
19 | +package org.alfresco.xmlfactory; | |
20 | + | |
21 | +import java.util.ArrayList; | |
22 | +import java.util.List; | |
23 | + | |
24 | +import org.apache.xerces.jaxp.DocumentBuilderFactoryImpl; | |
25 | + | |
26 | +public class DocumentBuilderFactoryXercesImpl extends DocumentBuilderFactoryImpl | |
27 | +{ | |
28 | + private static List<String> featuresToEnable = FactoryHelper.DEFAULT_FEATURES_TO_ENABLE; | |
29 | + private static List<String> featuresToDisable = FactoryHelper.DEFAULT_FEATURES_TO_DISABLE; | |
30 | + | |
31 | + public DocumentBuilderFactoryXercesImpl() | |
32 | + { | |
33 | + super(); | |
34 | + FactoryHelper.configureFactory(this, featuresToEnable, featuresToDisable); | |
35 | + } | |
36 | + | |
37 | + public void setFeaturesToEnable(List<String> featuresToEnable) | |
38 | + { | |
39 | + DocumentBuilderFactoryXercesImpl.featuresToEnable = new ArrayList<String>(featuresToEnable); | |
40 | + } | |
41 | + | |
42 | + public void setFeaturesToDisable(List<String> featuresToDisable) | |
43 | + { | |
44 | + DocumentBuilderFactoryXercesImpl.featuresToDisable = new ArrayList<String>(featuresToDisable); | |
45 | + } | |
46 | +} | ... | ... |
src/main/java/org/alfresco/xmlfactory/FactoryHelper.java
... | ... | @@ -0,0 +1,119 @@ |
1 | +/* | |
2 | + * Copyright (C) 2005-2015 Alfresco Software Limited. | |
3 | + * | |
4 | + * This file is part of Alfresco | |
5 | + * | |
6 | + * Alfresco is free software: you can redistribute it and/or modify | |
7 | + * it under the terms of the GNU Lesser General Public License as published by | |
8 | + * the Free Software Foundation, either version 3 of the License, or | |
9 | + * (at your option) any later version. | |
10 | + * | |
11 | + * Alfresco is distributed in the hope that it will be useful, | |
12 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | + * GNU Lesser General Public License for more details. | |
15 | + * | |
16 | + * You should have received a copy of the GNU Lesser General Public License | |
17 | + * along with Alfresco. If not, see <http://www.gnu.org/licenses/>. | |
18 | + */ | |
19 | +package org.alfresco.xmlfactory; | |
20 | + | |
21 | +import java.util.ArrayList; | |
22 | +import java.util.Arrays; | |
23 | +import java.util.Collections; | |
24 | +import java.util.List; | |
25 | + | |
26 | +import javax.xml.XMLConstants; | |
27 | +import javax.xml.parsers.DocumentBuilderFactory; | |
28 | +import javax.xml.parsers.ParserConfigurationException; | |
29 | +import javax.xml.parsers.SAXParserFactory; | |
30 | + | |
31 | +import org.apache.commons.logging.Log; | |
32 | +import org.apache.commons.logging.LogFactory; | |
33 | + | |
34 | +public class FactoryHelper | |
35 | +{ | |
36 | + private static final Log logger = LogFactory.getLog(FactoryHelper.class); | |
37 | + | |
38 | + public final static String FEATURE_EXTERNAL_GENERAL_ENTITIES = "http://xml.org/sax/features/external-general-entities"; | |
39 | + public final static String FEATURE_EXTERNAL_PARAMETER_ENTITIES = "http://xml.org/sax/features/external-parameter-entities"; | |
40 | + public final static String FEATURE_USE_ENTITY_RESOLVER2 = "http://xml.org/sax/features/use-entity-resolver2"; | |
41 | + public final static String FEATURE_LOAD_EXTERNAL_DTD = "http://apache.org/xml/features/nonvalidating/load-external-dtd"; | |
42 | + | |
43 | + public final static List<String> DEFAULT_FEATURES_TO_DISABLE = Collections.unmodifiableList(new ArrayList<String>( | |
44 | + Arrays.asList(FEATURE_EXTERNAL_GENERAL_ENTITIES, | |
45 | + FEATURE_EXTERNAL_PARAMETER_ENTITIES, | |
46 | + FEATURE_USE_ENTITY_RESOLVER2, | |
47 | + FEATURE_LOAD_EXTERNAL_DTD))); | |
48 | + | |
49 | + public final static List<String> DEFAULT_FEATURES_TO_ENABLE = Collections.unmodifiableList(new ArrayList<String>( | |
50 | + Arrays.asList(XMLConstants.FEATURE_SECURE_PROCESSING))); | |
51 | + | |
52 | + public static void configureFactory(DocumentBuilderFactory factory, | |
53 | + List<String> featuresToEnable, List<String> featuresToDisable) | |
54 | + { | |
55 | + try | |
56 | + { | |
57 | + if (featuresToEnable != null) | |
58 | + { | |
59 | + for (String featureToEnable : featuresToEnable) | |
60 | + { | |
61 | + factory.setFeature(featureToEnable, true); | |
62 | + } | |
63 | + } | |
64 | + if (featuresToDisable != null) | |
65 | + { | |
66 | + for (String featureToDisable : featuresToDisable) | |
67 | + { | |
68 | + factory.setFeature(featureToDisable, false); | |
69 | + } | |
70 | + } | |
71 | + } | |
72 | + catch (ParserConfigurationException e) | |
73 | + { | |
74 | + //If we get any other exception then we've failed to configure the parser factory as required. | |
75 | + //Return the factory as is. | |
76 | + if (logger.isWarnEnabled()) | |
77 | + { | |
78 | + logger.warn("Failed to configure DocumentBuilderFactory securely.", e); | |
79 | + } | |
80 | + } | |
81 | + } | |
82 | + | |
83 | + public static void configureFactory(SAXParserFactory factory, | |
84 | + List<String> featuresToEnable, List<String> featuresToDisable) | |
85 | + { | |
86 | + try | |
87 | + { | |
88 | + if (featuresToEnable != null) | |
89 | + { | |
90 | + for (String featureToEnable : featuresToEnable) | |
91 | + { | |
92 | + factory.setFeature(featureToEnable, true); | |
93 | + } | |
94 | + } | |
95 | + if (featuresToDisable != null) | |
96 | + { | |
97 | + for (String featureToDisable : featuresToDisable) | |
98 | + { | |
99 | + factory.setFeature(featureToDisable, false); | |
100 | + } | |
101 | + } | |
102 | + } | |
103 | + catch (RuntimeException rte) | |
104 | + { | |
105 | + //If any runtime exception occurs then simply rethrow it | |
106 | + throw rte; | |
107 | + } | |
108 | + catch (Exception e) | |
109 | + { | |
110 | + //If we get any other exception then we've failed to configure the parser factory as required. | |
111 | + //Return the factory as is. | |
112 | + if (logger.isWarnEnabled()) | |
113 | + { | |
114 | + logger.warn("Failed to configure SAXParserFactory securely.", e); | |
115 | + } | |
116 | + } | |
117 | + } | |
118 | + | |
119 | +} | ... | ... |
src/main/java/org/alfresco/xmlfactory/SAXParserFactoryXercesImpl.java
... | ... | @@ -0,0 +1,46 @@ |
1 | +/* | |
2 | + * Copyright (C) 2005-2014 Alfresco Software Limited. | |
3 | + * | |
4 | + * This file is part of Alfresco | |
5 | + * | |
6 | + * Alfresco is free software: you can redistribute it and/or modify | |
7 | + * it under the terms of the GNU Lesser General Public License as published by | |
8 | + * the Free Software Foundation, either version 3 of the License, or | |
9 | + * (at your option) any later version. | |
10 | + * | |
11 | + * Alfresco is distributed in the hope that it will be useful, | |
12 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | + * GNU Lesser General Public License for more details. | |
15 | + * | |
16 | + * You should have received a copy of the GNU Lesser General Public License | |
17 | + * along with Alfresco. If not, see <http://www.gnu.org/licenses/>. | |
18 | + */ | |
19 | +package org.alfresco.xmlfactory; | |
20 | + | |
21 | +import java.util.ArrayList; | |
22 | +import java.util.List; | |
23 | + | |
24 | +import org.apache.xerces.jaxp.SAXParserFactoryImpl; | |
25 | + | |
26 | +public class SAXParserFactoryXercesImpl extends SAXParserFactoryImpl | |
27 | +{ | |
28 | + private static List<String> featuresToEnable = FactoryHelper.DEFAULT_FEATURES_TO_ENABLE; | |
29 | + private static List<String> featuresToDisable = FactoryHelper.DEFAULT_FEATURES_TO_DISABLE; | |
30 | + | |
31 | + public SAXParserFactoryXercesImpl() | |
32 | + { | |
33 | + super(); | |
34 | + FactoryHelper.configureFactory(this, featuresToEnable, featuresToDisable); | |
35 | + } | |
36 | + | |
37 | + public void setFeaturesToEnable(List<String> featuresToEnable) | |
38 | + { | |
39 | + SAXParserFactoryXercesImpl.featuresToEnable = new ArrayList<String>(featuresToEnable); | |
40 | + } | |
41 | + | |
42 | + public void setFeaturesToDisable(List<String> featuresToDisable) | |
43 | + { | |
44 | + SAXParserFactoryXercesImpl.featuresToDisable = new ArrayList<String>(featuresToDisable); | |
45 | + } | |
46 | +} | ... | ... |
src/main/resources/META-INF/services/javax.xml.parsers.DocumentBuilderFactory
... | ... | @@ -0,0 +1 @@ |
1 | +org.alfresco.xmlfactory.DocumentBuilderFactoryXercesImpl | ... | ... |
src/main/resources/META-INF/services/javax.xml.parsers.SAXParserFactory
... | ... | @@ -0,0 +1 @@ |
1 | +org.alfresco.xmlfactory.SAXParserFactoryXercesImpl | ... | ... |
src/test/java/org/alfresco/xmlfactory/AppTest.java
... | ... | @@ -0,0 +1,38 @@ |
1 | +package org.alfresco.xmlfactory; | |
2 | + | |
3 | +import junit.framework.Test; | |
4 | +import junit.framework.TestCase; | |
5 | +import junit.framework.TestSuite; | |
6 | + | |
7 | +/** | |
8 | + * Unit test for simple App. | |
9 | + */ | |
10 | +public class AppTest | |
11 | + extends TestCase | |
12 | +{ | |
13 | + /** | |
14 | + * Create the test case | |
15 | + * | |
16 | + * @param testName name of the test case | |
17 | + */ | |
18 | + public AppTest( String testName ) | |
19 | + { | |
20 | + super( testName ); | |
21 | + } | |
22 | + | |
23 | + /** | |
24 | + * @return the suite of tests being tested | |
25 | + */ | |
26 | + public static Test suite() | |
27 | + { | |
28 | + return new TestSuite( AppTest.class ); | |
29 | + } | |
30 | + | |
31 | + /** | |
32 | + * Rigourous Test :-) | |
33 | + */ | |
34 | + public void testApp() | |
35 | + { | |
36 | + assertTrue( true ); | |
37 | + } | |
38 | +} | ... | ... |