Package overit.geocall.xml

Class XMLMode

java.lang.Object
overit.geocall.xml.XMLMode
public class XMLMode extends Object
This class is an implementation of easy security settings for the main XML resource factories and builders.
Inspired by http://openjdk.java.net/jeps/185

  • Field Details

    • disallowDoctypeDecl

      protected Boolean disallowDoctypeDecl

    • loadExternalDtd

      protected Boolean loadExternalDtd

    • externalGeneralEntities

      protected Boolean externalGeneralEntities

    • externalParameterEntities

      protected Boolean externalParameterEntities

    • accessExternalDtd

      protected String accessExternalDtd

    • accessExternalSchema

      protected String accessExternalSchema

    • accessExternalStylesheet

      protected String accessExternalStylesheet

    • validation

      protected boolean validation

    • catalog

      protected String catalog

    • schema

      protected Schema schema

  • Constructor Details

    • XMLMode

      public XMLMode()
      Object to configure XMLTree and other xml tools to define the parsing and building mode, in particular to restrict policies and to prevent security issues
      See https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet

  • Method Details

    • setDisallowDoctypeDecl

      public void setDisallowDoctypeDecl(boolean disallowDoctypeDecl)
      Defines if allowing or not the DOCTYPE declaration in the XML to be processed
      Parameters:
      disallowDoctypeDecl - true to allow and false to get an error if the xml has any kind of DOCTYPE declaration

    • setLoadExternalDtd

      public void setLoadExternalDtd(boolean loadExternalDtd)
      Defines if allowing or not the loading of external DTD for a XML to be processed
      Parameters:
      loadExternalDtd - true to allow and false to get an error if the xml DOCTYPE refers an external file

    • setExternalGeneralEntities

      public void setExternalGeneralEntities(boolean externalGeneralEntities)
      Defines if allowing or not the loading of external general entities for a XML to be processed
      Parameters:
      externalGeneralEntities - true to allow and false to not resolve external general entities

    • setExternalParameterEntities

      public void setExternalParameterEntities(boolean externalParameterEntities)
      Defines if allowing or not the loading of external general entities for a XML to be processed
      Parameters:
      externalParameterEntities - true to allow and false to not resolve external parameter entities

    • setAccessExternalDtd

      public void setAccessExternalDtd(String accessExternalDtd)
      Defines the list of schemas permitted for external DTDs
      Parameters:
      accessExternalDtd - The comma separated list of schemas permitted for external DTDs, or ALL to permit anyone, or empty string to not permit anyone

    • setAccessExternalSchema

      public void setAccessExternalSchema(String accessExternalSchema)
      Defines the list of schemas permitted for external Schemas
      Parameters:
      accessExternalSchema - The comma separated list of schemas permitted for external schemas, or ALL to permit anyone, or empty string to not permit anyone

    • setAccessExternalStylesheet

      public void setAccessExternalStylesheet(String accessExternalStylesheet)
      Defines the list of schemas permitted for external stylesheets
      Parameters:
      accessExternalStylesheet - The comma separated list of schemas permitted for external stylesheets, or ALL to permit anyone, or empty string to not permit anyone

    • setValidation

      public XMLMode setValidation(boolean validation)
      Defines if allowing or not the validation of the XML sources
      Parameters:
      validation - true to allow and false to not validate XML during load
      Returns:
      this instance of XMLMode

    • setCatalog

      public XMLMode setCatalog(String catalogPath, Object caller)
      Defines the catalog file to load. A catalog contains the mapping between a XSD remote URL and the corresponding local file.
      The catalog will not been used if the setValidation(boolean) has been set to false
      Parameters:
      catalogPath - Catalog's path revolved by TreeFactory. It can be relative to the caller or absolute depending by the path format. A path starting with // is absolute and already resolved. It will not be changed. A path starting with + will be translated to overit/geocall/basic/ and will be resolved. Otherwise the path will be searched all across all the layer customizations relatively to the position of the caller If the caller is null, the path is meant to be absolute, otherwise the path could meant to be absolute if it starts with leading /, or could be referred to the caller position. In both cases the path will be resolved
      caller - the object requesting the path. It can sometimes carry and Identity with a CustomLayer
      Returns:
      this instance of XMLMode

    • setSchema

      public XMLMode setSchema(String xsdPath, Object caller)
      Sets the schema that will be used to validate the XML source during parsing. The schema will not been used if the setValidation(boolean) has been set to false.
      Parameters:
      xsdPath - Schema's path revolved by TreeFactory. It can be relative to the caller or absolute depending by the path format. A path starting with // is absolute and already resolved. It will not be changed. A path starting with + will be translated to overit/geocall/basic/ and will be resolved. Otherwise the path will be searched all across all the layer customizations relatively to the position of the caller If the caller is null, the path is meant to be absolute, otherwise the path could meant to be absolute if it starts with leading /, or could be referred to the caller position. In both cases the path will be resolved
      caller - the object requesting the path. It can sometimes carry and Identity with a CustomLayer
      Returns:
      this instance of XMLMode

    • setSchema

      public XMLMode setSchema(URL xsdUrl)
      Sets the schema that will be used to validate the XML source during parsing. The schema will not been used if the setValidation(boolean) has been set to false.
      Parameters:
      xsdUrl - Url referencing the xsd file. It could point to a remote location or to an absolute path of the local filesystem
      Returns:
      this instance of XMLMode

    • getDocumentBuilder

      public DocumentBuilder getDocumentBuilder(DocumentBuilderFactory dbf) throws ParserConfigurationException
      Throws:
      ParserConfigurationException

    • getTransformerFactory

      public TransformerFactory getTransformerFactory() throws TransformerConfigurationException
      Throws:
      TransformerConfigurationException

    • getSchemaFactory

      public SchemaFactory getSchemaFactory(String schemaLanguage) throws SAXNotRecognizedException, SAXNotSupportedException
      Throws:
      SAXNotRecognizedException
      SAXNotSupportedException

    • getSAXParser

      public SAXParser getSAXParser(SAXParserFactory spf) throws ParserConfigurationException, SAXException
      Throws:
      ParserConfigurationException
      SAXException