Package overit.geocall.xml

Class SchemaProvider

java.lang.Object

overit.geocall.xml.SchemaProvider

public class SchemaProvider
extends Object

This class is an implementation of easy security settings XML schema parsers.
Inspired by http://openjdk.java.net/jeps/185

Field Summary

Fields

Modifier and Type	Field	Description
protected SchemaFactory	sf

Constructor Summary

Constructors

Constructor	Description
SchemaProvider()	Tool for building xml schema.
SchemaProvider(boolean secureProcessing)	Tool for parsing xml securely.

Method Summary

Modifier and Type	Method	Description
Schema	newSchema(URL xsdUrl)	creates a new Schema based on the current object configuration
void	setDisallowDoctypeDecl(boolean disallowDoctypeDecl)	Defines if allowing or not the DOCTYPE declaration in the XML to be processed

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

sf

protected SchemaFactory sf

Constructor Details

SchemaProvider

public SchemaProvider()

Tool for building xml schema. By default it configures all the factories with FEATURE_SECURE_POLICY, but it offers one more method (most proprietary) to customize parsers to prevent security issues
See https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet

SchemaProvider

public SchemaProvider(boolean secureProcessing)

Tool for parsing xml securely. It configures all the factories with FEATURE_SECURE_POLICY dependent on the parameter secureProcessing, but it offers one more method (most proprietary) to customize parsers to prevent security issues
See https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet

Parameters:

secureProcessing - true for configuring the factories with the feature FEATURE_SECURE_POLICY

Method Details

setDisallowDoctypeDecl

public void setDisallowDoctypeDecl(boolean disallowDoctypeDecl)
                            throws SAXException

Defines if allowing or not the DOCTYPE declaration in the XML to be processed

Parameters:

disallowDoctypeDecl - true to allow and false to get an error if the xml has any kind of DOCTYPE declaration

Throws:

SAXException - if there is any problem parsing the document with the current object configuration

newSchema

public Schema newSchema(URL xsdUrl)
                 throws SAXException

creates a new Schema based on the current object configuration

Parameters:

xsdUrl - the URL of the document containing the xsd definition for the schema

Returns:

a new Schema based on the current object configuration

Throws:

SAXException - if there is any problem parsing the document with the current object configuration