Commit 221d024e984dce7adf064d52454aec63cc910777

Authored by Jan Vonka
1 parent 57126ed132
Exists in master

Transfer code from svn to gitlab.alfresco.com

... ... @@ -0,0 +1,107 @@
  1 +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  2 + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  3 + <modelVersion>4.0.0</modelVersion>
  4 +
  5 + <groupId>org.alfresco</groupId>
  6 + <artifactId>alfresco-xmlfactory</artifactId>
  7 + <version>1.0.4-SNAPSHOT</version>
  8 + <packaging>jar</packaging>
  9 + <name>xmlfactory</name>
  10 + <description>Alfresco-defined SAXParserFactory and DocumentBuilderFactory implementations, derived from the Xerces versions,
  11 + which allow features to be configured on and off at bootstrap</description>
  12 + <url>http://www.alfresco.com/</url>
  13 +
  14 + <properties>
  15 + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
  16 + </properties>
  17 +
  18 + <issueManagement>
  19 + <system>JIRA</system>
  20 + <url>https://issues.alfresco.com/jira/browse/ACE</url>
  21 + </issueManagement>
  22 +
  23 + <scm>
  24 + <connection>scm:svn:http://svn.alfresco.com/repos/alfresco-open-mirror/modules/xmlfactory</connection>
  25 + <developerConnection>scm:svn:https://${user.name}@svn.alfresco.com/repos/alfresco-enterprise/modules/xmlfactory</developerConnection>
  26 + <url>http://svn.alfresco.com/repos/alfresco-open-mirror/modules/xmlfactory</url>
  27 + </scm>
  28 +
  29 + <repositories>
  30 + <repository>
  31 + <id>alfresco-public-snapshots</id>
  32 + <url>https://artifacts.alfresco.com/nexus/content/groups/public-snapshots</url>
  33 + <snapshots>
  34 + <enabled>true</enabled>
  35 + <updatePolicy>daily</updatePolicy>
  36 + </snapshots>
  37 + </repository>
  38 + <repository>
  39 + <id>alfresco-public</id>
  40 + <url>https://artifacts.alfresco.com/nexus/content/groups/public</url>
  41 + </repository>
  42 + </repositories>
  43 +
  44 + <distributionManagement>
  45 + <repository>
  46 + <id>alfresco-internal-releases</id>
  47 + <url>https://nexus.alfresco.com/nexus/content/repositories/internal-releases</url>
  48 + </repository>
  49 + <snapshotRepository>
  50 + <id>alfresco-internal-snapshots</id>
  51 + <url>https://nexus.alfresco.com/nexus/content/repositories/internal-snapshots</url>
  52 + </snapshotRepository>
  53 + </distributionManagement>
  54 +
  55 + <dependencies>
  56 + <dependency>
  57 + <groupId>junit</groupId>
  58 + <artifactId>junit</artifactId>
  59 + <version>3.8.1</version>
  60 + <scope>test</scope>
  61 + </dependency>
  62 + <dependency>
  63 + <groupId>xerces</groupId>
  64 + <artifactId>xercesImpl</artifactId>
  65 + <version>2.10.0-alfresco-patched</version>
  66 + </dependency>
  67 + <dependency>
  68 + <groupId>commons-logging</groupId>
  69 + <artifactId>commons-logging</artifactId>
  70 + <version>1.1.1</version>
  71 + <scope>provided</scope>
  72 + </dependency>
  73 + </dependencies>
  74 +
  75 + <build>
  76 + <plugins>
  77 + <plugin>
  78 + <groupId>org.apache.maven.plugins</groupId>
  79 + <artifactId>maven-compiler-plugin</artifactId>
  80 + <version>3.1</version>
  81 + <configuration>
  82 + <target>1.5</target>
  83 + </configuration>
  84 + </plugin>
  85 +
  86 + <plugin>
  87 + <groupId>org.apache.maven.plugins</groupId>
  88 + <artifactId>maven-assembly-plugin</artifactId>
  89 + <version>2.4</version>
  90 + <configuration>
  91 + <descriptors>
  92 + <descriptor>src/assembly/bin.xml</descriptor>
  93 + </descriptors>
  94 + </configuration>
  95 + <executions>
  96 + <execution>
  97 + <phase>package</phase>
  98 + <goals>
  99 + <goal>single</goal>
  100 + </goals>
  101 + </execution>
  102 + </executions>
  103 + </plugin>
  104 + </plugins>
  105 + </build>
  106 +
  107 +</project>
... ...
src/assembly/bin.xml
... ... @@ -0,0 +1,13 @@
  1 +<assembly>
  2 + <id>bin</id>
  3 + <formats>
  4 + <format>zip</format>
  5 + </formats>
  6 + <dependencySets>
  7 + <dependencySet>
  8 + <unpack>false</unpack>
  9 + <scope>runtime</scope>
  10 + <outputDirectory>lib</outputDirectory>
  11 + </dependencySet>
  12 + </dependencySets>
  13 +</assembly>
... ...
src/main/java/org/alfresco/xmlfactory/DocumentBuilderFactoryXercesImpl.java
... ... @@ -0,0 +1,46 @@
  1 +/*
  2 + * Copyright (C) 2005-2014 Alfresco Software Limited.
  3 + *
  4 + * This file is part of Alfresco
  5 + *
  6 + * Alfresco is free software: you can redistribute it and/or modify
  7 + * it under the terms of the GNU Lesser General Public License as published by
  8 + * the Free Software Foundation, either version 3 of the License, or
  9 + * (at your option) any later version.
  10 + *
  11 + * Alfresco is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU Lesser General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License
  17 + * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
  18 + */
  19 +package org.alfresco.xmlfactory;
  20 +
  21 +import java.util.ArrayList;
  22 +import java.util.List;
  23 +
  24 +import org.apache.xerces.jaxp.DocumentBuilderFactoryImpl;
  25 +
  26 +public class DocumentBuilderFactoryXercesImpl extends DocumentBuilderFactoryImpl
  27 +{
  28 + private static List<String> featuresToEnable = FactoryHelper.DEFAULT_FEATURES_TO_ENABLE;
  29 + private static List<String> featuresToDisable = FactoryHelper.DEFAULT_FEATURES_TO_DISABLE;
  30 +
  31 + public DocumentBuilderFactoryXercesImpl()
  32 + {
  33 + super();
  34 + FactoryHelper.configureFactory(this, featuresToEnable, featuresToDisable);
  35 + }
  36 +
  37 + public void setFeaturesToEnable(List<String> featuresToEnable)
  38 + {
  39 + DocumentBuilderFactoryXercesImpl.featuresToEnable = new ArrayList<String>(featuresToEnable);
  40 + }
  41 +
  42 + public void setFeaturesToDisable(List<String> featuresToDisable)
  43 + {
  44 + DocumentBuilderFactoryXercesImpl.featuresToDisable = new ArrayList<String>(featuresToDisable);
  45 + }
  46 +}
... ...
src/main/java/org/alfresco/xmlfactory/FactoryHelper.java
... ... @@ -0,0 +1,119 @@
  1 +/*
  2 + * Copyright (C) 2005-2015 Alfresco Software Limited.
  3 + *
  4 + * This file is part of Alfresco
  5 + *
  6 + * Alfresco is free software: you can redistribute it and/or modify
  7 + * it under the terms of the GNU Lesser General Public License as published by
  8 + * the Free Software Foundation, either version 3 of the License, or
  9 + * (at your option) any later version.
  10 + *
  11 + * Alfresco is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU Lesser General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License
  17 + * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
  18 + */
  19 +package org.alfresco.xmlfactory;
  20 +
  21 +import java.util.ArrayList;
  22 +import java.util.Arrays;
  23 +import java.util.Collections;
  24 +import java.util.List;
  25 +
  26 +import javax.xml.XMLConstants;
  27 +import javax.xml.parsers.DocumentBuilderFactory;
  28 +import javax.xml.parsers.ParserConfigurationException;
  29 +import javax.xml.parsers.SAXParserFactory;
  30 +
  31 +import org.apache.commons.logging.Log;
  32 +import org.apache.commons.logging.LogFactory;
  33 +
  34 +public class FactoryHelper
  35 +{
  36 + private static final Log logger = LogFactory.getLog(FactoryHelper.class);
  37 +
  38 + public final static String FEATURE_EXTERNAL_GENERAL_ENTITIES = "http://xml.org/sax/features/external-general-entities";
  39 + public final static String FEATURE_EXTERNAL_PARAMETER_ENTITIES = "http://xml.org/sax/features/external-parameter-entities";
  40 + public final static String FEATURE_USE_ENTITY_RESOLVER2 = "http://xml.org/sax/features/use-entity-resolver2";
  41 + public final static String FEATURE_LOAD_EXTERNAL_DTD = "http://apache.org/xml/features/nonvalidating/load-external-dtd";
  42 +
  43 + public final static List<String> DEFAULT_FEATURES_TO_DISABLE = Collections.unmodifiableList(new ArrayList<String>(
  44 + Arrays.asList(FEATURE_EXTERNAL_GENERAL_ENTITIES,
  45 + FEATURE_EXTERNAL_PARAMETER_ENTITIES,
  46 + FEATURE_USE_ENTITY_RESOLVER2,
  47 + FEATURE_LOAD_EXTERNAL_DTD)));
  48 +
  49 + public final static List<String> DEFAULT_FEATURES_TO_ENABLE = Collections.unmodifiableList(new ArrayList<String>(
  50 + Arrays.asList(XMLConstants.FEATURE_SECURE_PROCESSING)));
  51 +
  52 + public static void configureFactory(DocumentBuilderFactory factory,
  53 + List<String> featuresToEnable, List<String> featuresToDisable)
  54 + {
  55 + try
  56 + {
  57 + if (featuresToEnable != null)
  58 + {
  59 + for (String featureToEnable : featuresToEnable)
  60 + {
  61 + factory.setFeature(featureToEnable, true);
  62 + }
  63 + }
  64 + if (featuresToDisable != null)
  65 + {
  66 + for (String featureToDisable : featuresToDisable)
  67 + {
  68 + factory.setFeature(featureToDisable, false);
  69 + }
  70 + }
  71 + }
  72 + catch (ParserConfigurationException e)
  73 + {
  74 + //If we get any other exception then we've failed to configure the parser factory as required.
  75 + //Return the factory as is.
  76 + if (logger.isWarnEnabled())
  77 + {
  78 + logger.warn("Failed to configure DocumentBuilderFactory securely.", e);
  79 + }
  80 + }
  81 + }
  82 +
  83 + public static void configureFactory(SAXParserFactory factory,
  84 + List<String> featuresToEnable, List<String> featuresToDisable)
  85 + {
  86 + try
  87 + {
  88 + if (featuresToEnable != null)
  89 + {
  90 + for (String featureToEnable : featuresToEnable)
  91 + {
  92 + factory.setFeature(featureToEnable, true);
  93 + }
  94 + }
  95 + if (featuresToDisable != null)
  96 + {
  97 + for (String featureToDisable : featuresToDisable)
  98 + {
  99 + factory.setFeature(featureToDisable, false);
  100 + }
  101 + }
  102 + }
  103 + catch (RuntimeException rte)
  104 + {
  105 + //If any runtime exception occurs then simply rethrow it
  106 + throw rte;
  107 + }
  108 + catch (Exception e)
  109 + {
  110 + //If we get any other exception then we've failed to configure the parser factory as required.
  111 + //Return the factory as is.
  112 + if (logger.isWarnEnabled())
  113 + {
  114 + logger.warn("Failed to configure SAXParserFactory securely.", e);
  115 + }
  116 + }
  117 + }
  118 +
  119 +}
... ...
src/main/java/org/alfresco/xmlfactory/SAXParserFactoryXercesImpl.java
... ... @@ -0,0 +1,46 @@
  1 +/*
  2 + * Copyright (C) 2005-2014 Alfresco Software Limited.
  3 + *
  4 + * This file is part of Alfresco
  5 + *
  6 + * Alfresco is free software: you can redistribute it and/or modify
  7 + * it under the terms of the GNU Lesser General Public License as published by
  8 + * the Free Software Foundation, either version 3 of the License, or
  9 + * (at your option) any later version.
  10 + *
  11 + * Alfresco is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU Lesser General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License
  17 + * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
  18 + */
  19 +package org.alfresco.xmlfactory;
  20 +
  21 +import java.util.ArrayList;
  22 +import java.util.List;
  23 +
  24 +import org.apache.xerces.jaxp.SAXParserFactoryImpl;
  25 +
  26 +public class SAXParserFactoryXercesImpl extends SAXParserFactoryImpl
  27 +{
  28 + private static List<String> featuresToEnable = FactoryHelper.DEFAULT_FEATURES_TO_ENABLE;
  29 + private static List<String> featuresToDisable = FactoryHelper.DEFAULT_FEATURES_TO_DISABLE;
  30 +
  31 + public SAXParserFactoryXercesImpl()
  32 + {
  33 + super();
  34 + FactoryHelper.configureFactory(this, featuresToEnable, featuresToDisable);
  35 + }
  36 +
  37 + public void setFeaturesToEnable(List<String> featuresToEnable)
  38 + {
  39 + SAXParserFactoryXercesImpl.featuresToEnable = new ArrayList<String>(featuresToEnable);
  40 + }
  41 +
  42 + public void setFeaturesToDisable(List<String> featuresToDisable)
  43 + {
  44 + SAXParserFactoryXercesImpl.featuresToDisable = new ArrayList<String>(featuresToDisable);
  45 + }
  46 +}
... ...
src/main/resources/META-INF/services/javax.xml.parsers.DocumentBuilderFactory
... ... @@ -0,0 +1 @@
  1 +org.alfresco.xmlfactory.DocumentBuilderFactoryXercesImpl
... ...
src/main/resources/META-INF/services/javax.xml.parsers.SAXParserFactory
... ... @@ -0,0 +1 @@
  1 +org.alfresco.xmlfactory.SAXParserFactoryXercesImpl
... ...
src/test/java/org/alfresco/xmlfactory/AppTest.java
... ... @@ -0,0 +1,38 @@
  1 +package org.alfresco.xmlfactory;
  2 +
  3 +import junit.framework.Test;
  4 +import junit.framework.TestCase;
  5 +import junit.framework.TestSuite;
  6 +
  7 +/**
  8 + * Unit test for simple App.
  9 + */
  10 +public class AppTest
  11 + extends TestCase
  12 +{
  13 + /**
  14 + * Create the test case
  15 + *
  16 + * @param testName name of the test case
  17 + */
  18 + public AppTest( String testName )
  19 + {
  20 + super( testName );
  21 + }
  22 +
  23 + /**
  24 + * @return the suite of tests being tested
  25 + */
  26 + public static Test suite()
  27 + {
  28 + return new TestSuite( AppTest.class );
  29 + }
  30 +
  31 + /**
  32 + * Rigourous Test :-)
  33 + */
  34 + public void testApp()
  35 + {
  36 + assertTrue( true );
  37 + }
  38 +}
... ...