Repository: camel Updated Branches: refs/heads/master 6f8e98f48 -> b592f2967
CAMEL-7713 Set the Xerces SecurityManager for the DocumentBuilderFactory by default Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/b592f296 Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/b592f296 Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/b592f296 Branch: refs/heads/master Commit: b592f2967798fc3fc21457dd54f0bc7e1d6e6743 Parents: 6f8e98f Author: Willem Jiang <willem.ji...@gmail.com> Authored: Mon Aug 18 20:54:55 2014 +0800 Committer: Willem Jiang <willem.ji...@gmail.com> Committed: Mon Aug 18 20:55:14 2014 +0800 ---------------------------------------------------------------------- .../org/apache/camel/converter/jaxp/XmlConverter.java | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/camel/blob/b592f296/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java index 4580c41..2543de5 100644 --- a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java +++ b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java @@ -957,7 +957,19 @@ public class XmlConverter { factory.setFeature("http://xml.org/sax/features/external-general-entities";, false); } catch (ParserConfigurationException e) { LOG.warn("DocumentBuilderFactory doesn't support the feature {} with value {}, due to {}." - , new Object[]{"http://xml.org/sax/features/external-general-entities";, true, e}); + , new Object[]{"http://xml.org/sax/features/external-general-entities";, false, e}); + } + // setup the SecurityManager by default if it's apache xerces + try { + Class<?> smClass = ObjectHelper.loadClass("org.apache.xerces.util.SecurityManager"); + if (smClass != null) { + Object sm = smClass.newInstance(); + // Here we just use the default setting of the SeurityManager + factory.setAttribute("http://apache.org/xml/properties/security-manager";, sm); + } + } catch (Exception e) { + LOG.warn("DocumentBuilderFactory doesn't support the attribute {} with value {}, due to {}." + , new Object[]{"http://apache.org/xml/properties/security-manager";, true, e}); } // setup the feature from the system property setupFeatures(factory);
