本文整理汇总了Java中org.apache.xerces.util.SecurityManager类的典型用法代码示例。如果您正苦于以下问题:Java SecurityManager类的具体用法?Java SecurityManager怎么用?Java SecurityManager使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
SecurityManager类属于org.apache.xerces.util包,在下文中一共展示了SecurityManager类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: getSecuredDocumentBuilderFactory
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
/**
* Create DocumentBuilderFactory with the XXE and XEE prevention measurements.
*
* @return DocumentBuilderFactory instance
*/
public static DocumentBuilderFactory getSecuredDocumentBuilderFactory() {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
dbf.setXIncludeAware(false);
dbf.setExpandEntityReferences(false);
try {
dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
dbf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
} catch (ParserConfigurationException e) {
log.error("Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or " +
Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE +
" or secure-processing.");
}
SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
dbf.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY, securityManager);
return dbf;
}
开发者ID:wso2,项目名称:carbon-identity-framework,代码行数:31,代码来源:IdentityUtil.java
示例2: getSecuredDocumentBuilder
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
/**
* Get document builder factory instance.
*
* @return documentBuilderFactory
*/
private DocumentBuilderFactory getSecuredDocumentBuilder() {
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
documentBuilderFactory.setXIncludeAware(false);
documentBuilderFactory.setExpandEntityReferences(false);
try {
documentBuilderFactory.setFeature(Constants.SAX_FEATURE_PREFIX +
Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
documentBuilderFactory.setFeature(Constants.SAX_FEATURE_PREFIX +
Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
documentBuilderFactory.setFeature(Constants.XERCES_FEATURE_PREFIX +
Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
} catch (ParserConfigurationException e) {
log.error("Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or " +
Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE);
}
SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
documentBuilderFactory.setAttribute(Constants.XERCES_PROPERTY_PREFIX +
Constants.SECURITY_MANAGER_PROPERTY, securityManager);
return documentBuilderFactory;
}
开发者ID:wso2-extensions,项目名称:esb-connector-file,代码行数:30,代码来源:SplitFile.java
示例3: getSecuredDocumentBuilder
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
/**
* * This method provides a secured document builder which will secure XXE attacks.
*
* @param setIgnoreComments whether to set setIgnoringComments in DocumentBuilderFactory.
* @return DocumentBuilder
* @throws ParserConfigurationException
*/
private static DocumentBuilder getSecuredDocumentBuilder(boolean setIgnoreComments) throws
ParserConfigurationException {
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setIgnoringComments(setIgnoreComments);
documentBuilderFactory.setNamespaceAware(true);
documentBuilderFactory.setExpandEntityReferences(false);
documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
documentBuilderFactory.setFeature(EXTERNAL_GENERAL_ENTITIES_URI, false);
SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);
DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
documentBuilder.setEntityResolver(new CarbonEntityResolver());
return documentBuilder;
}
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:25,代码来源:EntitlementUtil.java
示例4: PAPPolicyReader
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
private PAPPolicyReader(PolicyFinder policyFinder) {
this.policyFinder = policyFinder;
// create the factory
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setIgnoringComments(true);
documentBuilderFactory.setNamespaceAware(true);
documentBuilderFactory.setExpandEntityReferences(false);
SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);
// now use the factory to create the document builder
try {
documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
documentBuilderFactory.setFeature(EXTERNAL_GENERAL_ENTITIES_URI, false);
builder = documentBuilderFactory.newDocumentBuilder();
builder.setEntityResolver(new CarbonEntityResolver());
builder.setErrorHandler(this);
} catch (ParserConfigurationException pce) {
throw new IllegalArgumentException("Failed to create the DocumentBuilder. : ", pce);
}
}
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:25,代码来源:PAPPolicyReader.java
示例5: unmarshall
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
/**
* Constructing the SAML or XACML Objects from a String
*
* @param xmlString Decoded SAML or XACML String
* @return SAML or XACML Object
* @throws org.wso2.carbon.identity.entitlement.EntitlementException
*/
public XMLObject unmarshall(String xmlString) throws EntitlementException {
try {
doBootstrap();
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
documentBuilderFactory.setExpandEntityReferences(false);
documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);
DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
docBuilder.setEntityResolver(new CarbonEntityResolver());
Document document = docBuilder.parse(new ByteArrayInputStream(xmlString.trim().getBytes()));
Element element = document.getDocumentElement();
UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
return unmarshaller.unmarshall(element);
} catch (Exception e) {
log.error("Error in constructing XML(SAML or XACML) Object from the encoded String", e);
throw new EntitlementException("Error in constructing XML(SAML or XACML) from the encoded String ", e);
}
}
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:33,代码来源:WSXACMLMessageReceiver.java
示例6: unmarshall
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
/**
* Constructing the SAML or XACML Objects from a String
*
* @param xmlString Decoded SAML or XACML String
* @return SAML or XACML Object
* @throws org.wso2.carbon.identity.base.IdentityException
*/
public static XMLObject unmarshall(String xmlString) throws IdentityException {
try {
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
documentBuilderFactory.setExpandEntityReferences(false);
documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
org.apache.xerces.util.SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);
DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
docBuilder.setEntityResolver(new CarbonEntityResolver());
Document document = docBuilder.parse(new ByteArrayInputStream(xmlString.trim().getBytes(Charsets.UTF_8)));
Element element = document.getDocumentElement();
UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
return unmarshaller.unmarshall(element);
} catch (ParserConfigurationException | UnmarshallingException | SAXException | IOException e) {
String message = "Error in constructing XML Object from the encoded String";
throw IdentityException.error(message, e);
}
}
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:32,代码来源:IdentityUtil.java
示例7: getSecuredDocumentBuilderFactory
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
/**
* Create DocumentBuilderFactory with the XXE prevention measurements
*
* @return DocumentBuilderFactory instance
*/
public static DocumentBuilderFactory getSecuredDocumentBuilderFactory() {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
dbf.setXIncludeAware(false);
dbf.setExpandEntityReferences(false);
try {
dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
dbf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
} catch (ParserConfigurationException e) {
logger.error(
"Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or " +
Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE);
}
SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
dbf.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY, securityManager);
return dbf;
}
开发者ID:wso2,项目名称:balana,代码行数:29,代码来源:Utils.java
示例8: getSecuredDocumentBuilder
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
/**
* Create DocumentBuilderFactory with the XXE and XEE prevention measurements.
*
* @return DocumentBuilderFactory instance
*/
public static DocumentBuilderFactory getSecuredDocumentBuilder() {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
dbf.setXIncludeAware(false);
dbf.setExpandEntityReferences(false);
try {
dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
dbf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
} catch (ParserConfigurationException e) {
log.error("Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or " +
Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE +
" or secure-processing.");
}
SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
dbf.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY, securityManager);
return dbf;
}
开发者ID:wso2,项目名称:carbon-business-process,代码行数:31,代码来源:DOMUtils.java
示例9: getSecuredDocumentBuilder
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
private static DocumentBuilderFactory getSecuredDocumentBuilder() {
final int ENTITY_EXPANSION_LIMIT = 0;
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
dbf.setXIncludeAware(false);
dbf.setExpandEntityReferences(false);
try {
dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
dbf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
} catch (ParserConfigurationException e) {
// Skip throwing the error as this exception doesn't break actual DocumentBuilderFactory creation
log.error("Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or "
+ Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE, e);
}
SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
dbf.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY, securityManager);
return dbf;
}
开发者ID:wso2,项目名称:carbon-registry,代码行数:24,代码来源:RxtUnboundedDataLoadUtils.java
示例10: getSecuredDocumentBuilder
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
/**
* Returns a secured DocumentBuilderFactory instance
* @return DocumentBuilderFactory
*/
public static DocumentBuilderFactory getSecuredDocumentBuilder() {
org.apache.xerces.impl.Constants Constants = null;
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
dbf.setXIncludeAware(false);
dbf.setExpandEntityReferences(false);
try {
dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
dbf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
} catch (ParserConfigurationException e) {
log.error(
"Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or " +
Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE);
}
SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
dbf.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY, securityManager);
return dbf;
}
开发者ID:wso2,项目名称:carbon-registry,代码行数:28,代码来源:WSDLUtil.java
示例11: setFeature
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
/**
* Set the state of a feature.
*
* @param featureId The unique identifier (URI) of the feature.
* @param state The requested state of the feature (true or false).
*
* @exception XMLConfigurationException If the requested feature is not known.
*/
public void setFeature(String featureId, boolean value) throws XMLConfigurationException {
if (PARSER_SETTINGS.equals(featureId)) {
throw new XMLConfigurationException(XMLConfigurationException.NOT_SUPPORTED, featureId);
}
else if (value == false && (VALIDATION.equals(featureId) || SCHEMA_VALIDATION.equals(featureId))) {
throw new XMLConfigurationException(XMLConfigurationException.NOT_SUPPORTED, featureId);
}
else if (USE_GRAMMAR_POOL_ONLY.equals(featureId) && value != fUseGrammarPoolOnly) {
throw new XMLConfigurationException(XMLConfigurationException.NOT_SUPPORTED, featureId);
}
if (XMLConstants.FEATURE_SECURE_PROCESSING.equals(featureId)) {
setProperty(SECURITY_MANAGER, value ? new SecurityManager() : null);
return;
}
fConfigUpdated = true;
fEntityManager.setFeature(featureId, value);
fErrorReporter.setFeature(featureId, value);
fSchemaValidator.setFeature(featureId, value);
if (!fInitFeatures.containsKey(featureId)) {
boolean current = super.getFeature(featureId);
fInitFeatures.put(featureId, current ? Boolean.TRUE : Boolean.FALSE);
}
super.setFeature(featureId, value);
}
开发者ID:AaronZhangL,项目名称:SplitCharater,代码行数:33,代码来源:XMLSchemaValidatorComponentManager.java
示例12: setProperty
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
/**
* Sets the value of a property. This method is called by the component
* manager any time after reset when a property changes value.
* <p>
* <strong>Note:</strong> Components should silently ignore properties
* that do not affect the operation of the component.
*
* @param propertyId The property identifier.
* @param value The value of the property.
*
* @throws SAXNotRecognizedException The component should not throw
* this exception.
* @throws SAXNotSupportedException The component should not throw
* this exception.
*/
public void setProperty(String propertyId, Object value)
throws XMLConfigurationException {
// Xerces properties
if (propertyId.startsWith(Constants.XERCES_PROPERTY_PREFIX)) {
final int suffixLength = propertyId.length() - Constants.XERCES_PROPERTY_PREFIX.length();
if (suffixLength == Constants.SECURITY_MANAGER_PROPERTY.length() &&
propertyId.endsWith(Constants.SECURITY_MANAGER_PROPERTY)) {
fSecurityManager = (SecurityManager)value;
maxNodeLimit = (fSecurityManager != null) ? fSecurityManager.getMaxOccurNodeLimit() * MULTIPLICITY : 0 ;
return;
}
if (suffixLength == Constants.ERROR_REPORTER_PROPERTY.length() &&
propertyId.endsWith(Constants.ERROR_REPORTER_PROPERTY)) {
fErrorReporter = (XMLErrorReporter)value;
return;
}
}
}
开发者ID:AaronZhangL,项目名称:SplitCharater,代码行数:37,代码来源:CMNodeFactory.java
示例13: getSecuredDocumentBuilder
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
private static DocumentBuilderFactory getSecuredDocumentBuilder() {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
dbf.setXIncludeAware(false);
dbf.setExpandEntityReferences(false);
try {
dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
dbf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
} catch (ParserConfigurationException e) {
log.error(
"Failed to load XML Processor Feature " +
Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or " +
Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " +
Constants.LOAD_EXTERNAL_DTD_FEATURE, e);
}
SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
dbf.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY, securityManager);
return dbf;
}
开发者ID:wso2,项目名称:carbon-governance,代码行数:25,代码来源:CommonUtil.java
示例14: getSecuredDocumentBuilder
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
/**
* Returns a secured DocumentBuilderFactory instance
* @return DocumentBuilderFactory
*/
public static DocumentBuilderFactory getSecuredDocumentBuilder() {
org.apache.xerces.impl.Constants Constants = null;
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
dbf.setXIncludeAware(false);
dbf.setExpandEntityReferences(false);
try {
dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
dbf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
} catch (ParserConfigurationException e) {
log.error(
"Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or " +
Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE);
}
org.apache.xerces.util.SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
dbf.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY, securityManager);
return dbf;
}
开发者ID:wso2,项目名称:carbon-governance,代码行数:28,代码来源:ComparatorUtils.java
示例15: getSecuredDocumentBuilder
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
/**
* * This method provides a secured document builder which will secure XXE attacks.
*
* @return DocumentBuilder
* @throws ParserConfigurationException
*/
private DocumentBuilder getSecuredDocumentBuilder() throws ParserConfigurationException {
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
documentBuilderFactory.setExpandEntityReferences(false);
documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
documentBuilderFactory.setFeature(EXTERNAL_GENERAL_ENTITIES_URI, false);
SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);
DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
documentBuilder.setEntityResolver(new CarbonEntityResolver());
return documentBuilder;
}
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:20,代码来源:InMemoryPersistenceManager.java
示例16: unmarshall
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
/**
* Constructing the XMLObject Object from a String
*
* @param authReqStr
* @return Corresponding XMLObject which is a SAML2 object
* @throws SAML2SSOUIAuthenticatorException
*/
public static XMLObject unmarshall(String authReqStr) throws SAML2SSOUIAuthenticatorException {
try {
doBootstrap();
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
documentBuilderFactory.setExpandEntityReferences(false);
documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);
DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
docBuilder.setEntityResolver(new CarbonEntityResolver());
Document document = docBuilder.parse(new ByteArrayInputStream(authReqStr.trim()
.getBytes()));
Element element = document.getDocumentElement();
UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
return unmarshaller.unmarshall(element);
} catch (Exception e) {
log.error("Error in constructing AuthRequest from the encoded String", e);
throw new SAML2SSOUIAuthenticatorException("Error in constructing AuthRequest from "
+ "the encoded String ", e);
}
}
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:35,代码来源:Util.java
示例17: unmarshall
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
/**
* Constructing the SAML or XACML Objects from a String
*
* @param xmlString Decoded SAML or XACML String
* @return SAML or XACML Object
* @throws EntitlementProxyException
*/
private XMLObject unmarshall(String xmlString) throws EntitlementProxyException {
try {
doBootstrap();
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
documentBuilderFactory.setExpandEntityReferences(false);
documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);
DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
docBuilder.setEntityResolver(new CarbonEntityResolver());
Document document = docBuilder.parse(new ByteArrayInputStream(xmlString.trim().getBytes(Charset.forName
("UTF-8"))));
Element element = document.getDocumentElement();
UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
return unmarshaller.unmarshall(element);
} catch (Exception e) {
log.error("Error in constructing XML(SAML or XACML) Object from the encoded String", e);
throw new EntitlementProxyException(
"Error in constructing XML(SAML or XACML) from the encoded String", e);
}
}
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:35,代码来源:WSXACMLEntitlementServiceClient.java
示例18: setProperty
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
public void setProperty(String name, Object object)
throws SAXNotRecognizedException, SAXNotSupportedException {
if (name == null) {
throw new NullPointerException(JAXPValidationMessageFormatter.formatMessage(fXMLSchemaLoader.getLocale(),
"ProperyNameNull", null));
}
if (name.equals(SECURITY_MANAGER)) {
fSecurityManager = (SecurityManager) object;
fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager);
return;
}
else if (name.equals(XMLGRAMMAR_POOL)) {
throw new SAXNotSupportedException(
SAXMessageFormatter.formatMessage(fXMLSchemaLoader.getLocale(),
"property-not-supported", new Object [] {name}));
}
try {
fXMLSchemaLoader.setProperty(name, object);
}
catch (XMLConfigurationException e) {
String identifier = e.getIdentifier();
if (e.getType() == XMLConfigurationException.NOT_RECOGNIZED) {
throw new SAXNotRecognizedException(
SAXMessageFormatter.formatMessage(fXMLSchemaLoader.getLocale(),
"property-not-recognized", new Object [] {identifier}));
}
else {
throw new SAXNotSupportedException(
SAXMessageFormatter.formatMessage(fXMLSchemaLoader.getLocale(),
"property-not-supported", new Object [] {identifier}));
}
}
}
开发者ID:AaronZhangL,项目名称:SplitCharater,代码行数:34,代码来源:XMLSchemaFactory.java
示例19: reset
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
public void reset(XMLComponentManager componentManager) {
fErrorReporter = (XMLErrorReporter)componentManager.getProperty(ERROR_REPORTER);
try {
fSecurityManager = (SecurityManager)componentManager.getProperty(SECURITY_MANAGER);
reset();
}
catch (XMLConfigurationException e) {
fSecurityManager = null;
}
}
开发者ID:AaronZhangL,项目名称:SplitCharater,代码行数:12,代码来源:CMNodeFactory.java
示例20: formatXML
import org.apache.xerces.util.SecurityManager; //导入依赖的package包/类
/**
* Formats a given unformatted XML string
*
* @param xml
* @return A CDATA wrapped, formatted XML String
*/
public String formatXML(String xml) {
try {
// create the factory
DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
docFactory.setIgnoringComments(true);
docFactory.setNamespaceAware(true);
docFactory.setExpandEntityReferences(false);
SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT);
docFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager);
DocumentBuilder docBuilder;
Document xmlDoc;
// now use the factory to create the document builder
docFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
docFactory.setFeature(EXTERNAL_GENERAL_ENTITIES_URI, false);
docBuilder = docFactory.newDocumentBuilder();
docBuilder.setEntityResolver(new CarbonEntityResolver());
xmlDoc = docBuilder.parse(new ByteArrayInputStream(xml.getBytes(Charsets.UTF_8)));
OutputFormat format = new OutputFormat(xmlDoc);
format.setLineWidth(0);
format.setIndenting(true);
format.setIndent(2);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
XMLSerializer serializer = new XMLSerializer(baos, format);
serializer.serialize(xmlDoc);
xml = baos.toString("UTF-8");
} catch (ParserConfigurationException pce) {
throw new IllegalArgumentException("Failed to parse the unformatted XML String. ", pce);
} catch (Exception e) {
log.error("Error occured while formtting the unformatted XML String. ", e);
}
return "<![CDATA[" + xml + "]]>";
}
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:47,代码来源:PolicyEditorService.java
注:本文中的org.apache.xerces.util.SecurityManager类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论