javax.xml.parsers.SAXParserFactory#setXIncludeAware ( )源码实例Demo

下面列出了javax.xml.parsers.SAXParserFactory#setXIncludeAware ( ) 实例代码，或者点击链接到github查看源代码，也可以在右侧发表评论。

源代码1 项目： freeacs 文件： UnittypeXML.java

@SuppressWarnings("rawtypes")
public void load(String file_input) throws Exception {
  SAXParserFactory factory = SAXParserFactory.newInstance();
  factory.setXIncludeAware(true);
  factory.setNamespaceAware(false);
  factory.setValidating(false);

  SAXParser parser = factory.newSAXParser();

  SAXReader reader = new SAXReader(parser.getXMLReader());
  Document document = reader.read(file_input);

  info = new Info();
  info.load(document.selectSingleNode("//unittype/info"));

  Enums enums = new Enums();
  enums.load(document.selectSingleNode("//unittype/parameters/enums"));

  parameters = new Parameters();
  List parameters_nodes = document.selectNodes("//unittype/parameters");
  for (Object parameters_node : parameters_nodes) {
    Node parameter_node = (Node) parameters_node;
    parameters.load(parameter_node, enums);
  }
}

源代码2 项目： openjdk-jdk9 文件： AuctionItemRepository.java

/**
 * Test xi:include with a SAXParserFactory.
 *
 * @throws Exception If any errors occur.
 */
@Test(groups = {"readWriteLocalFiles"})
public void testXIncludeSAXPos() throws Exception {
    String resultFile = USER_DIR + "doc_xinclude.out";
    String goldFile = GOLDEN_DIR + "doc_xincludeGold.xml";
    String xmlFile = XML_DIR + "doc_xinclude.xml";

    try(FileOutputStream fos = new FileOutputStream(resultFile)) {
        XInclHandler xh = new XInclHandler(fos, null);
        SAXParserFactory spf = SAXParserFactory.newInstance();
        spf.setNamespaceAware(true);
        spf.setXIncludeAware(true);
        spf.setFeature(FEATURE_NAME, true);
        spf.newSAXParser().parse(new File(xmlFile), xh);
    }
    assertTrue(compareDocumentWithGold(goldFile, resultFile));
}

源代码3 项目： openjdk-jdk9 文件： AuctionItemRepository.java

/**
 * Test the XPointer framework with a SAX object.
 *
 * @throws Exception If any errors occur.
 */
@Test(groups = {"readWriteLocalFiles"})
public void testXPointerPos() throws Exception {
    String resultFile = USER_DIR + "doc_xpointer.out";
    String goldFile = GOLDEN_DIR + "doc_xpointerGold.xml";
    String xmlFile = XML_DIR + "doc_xpointer.xml";

    try (FileOutputStream fos = new FileOutputStream(resultFile)) {
        SAXParserFactory spf = SAXParserFactory.newInstance();
        spf.setNamespaceAware(true);
        spf.setXIncludeAware(true);
        spf.setFeature(FEATURE_NAME, true);
        // parse the file
        spf.newSAXParser().parse(new File(xmlFile), new XInclHandler(fos, null));
    }
    assertTrue(compareDocumentWithGold(goldFile, resultFile));
}

源代码4 项目： astor 文件： XtbMessageBundle.java

private SAXParser createSAXParser()
    throws ParserConfigurationException, SAXException {
  SAXParserFactory factory = SAXParserFactory.newInstance();
  factory.setValidating(false);
  factory.setXIncludeAware(false);
  factory.setFeature(
      "http://xml.org/sax/features/external-general-entities", false);
  factory.setFeature(
      "http://xml.org/sax/features/external-parameter-entities",false);
  factory.setFeature(
      "http://apache.org/xml/features/nonvalidating/load-external-dtd",
      false);
  factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);

  SAXParser parser = factory.newSAXParser();
  XMLReader xmlReader = parser.getXMLReader();
  xmlReader.setEntityResolver(NOOP_RESOLVER);
  return parser;
}

源代码5 项目： teamengine 文件： XMLParserUtils.java

/**
 * Creates a SAXParser that is configured to resolve XInclude references but
 * not perform schema validation.
 * 
 * @param doBaseURIFixup
 *            A boolean value that specifies whether or not to add xml:base
 *            attributes when resolving xi:include elements; adding these
 *            attributes may render an instance document schema-invalid.
 * @return An XInclude-aware SAXParser instance.
 * 
 * @see <a href="http://www.w3.org/TR/xinclude/">XML Inclusions (XInclude)
 *      Version 1.0, Second Edition</a>
 */
public static SAXParser createXIncludeAwareSAXParser(boolean doBaseURIFixup) {
	SAXParserFactory factory = SAXParserFactory.newInstance();
	factory.setNamespaceAware(true);
	factory.setXIncludeAware(true);
	SAXParser parser = null;
	try {
		factory.setFeature(Constants.XERCES_FEATURE_PREFIX
				+ Constants.XINCLUDE_FIXUP_BASE_URIS_FEATURE,
				doBaseURIFixup);
		parser = factory.newSAXParser();
	} catch (Exception x) {
		throw new RuntimeException(x);
	}
	return parser;
}

源代码6 项目： openjdk-jdk9 文件： CatalogSupportBase.java

/**
 * Returns an instance of SAXParser with a catalog if one is provided.
 *
 * @param setUseCatalog a flag indicates whether USE_CATALOG shall be set
 * through the factory
 * @param useCatalog the value of USE_CATALOG
 * @param catalog a catalog
 * @return an instance of SAXParser
 * @throws ParserConfigurationException
 * @throws SAXException
 */
SAXParser getSAXParser(boolean setUseCatalog, boolean useCatalog, String catalog)
        throws ParserConfigurationException, SAXException {
    SAXParserFactory spf = SAXParserFactory.newInstance();
    spf.setNamespaceAware(true);
    spf.setXIncludeAware(true);
    if (setUseCatalog) {
        spf.setFeature(XMLConstants.USE_CATALOG, useCatalog);
    }

    SAXParser parser = spf.newSAXParser();
    parser.setProperty(CatalogFeatures.Feature.FILES.getPropertyName(), catalog);
    return parser;
}

源代码7 项目： scipio-erp 文件： XslTransform.java

/**
 * @param template the content or url of the xsl template
 * @param data the content or url of the xml data file
 * @throws TransformerException
 */
public static String renderTemplate(String template, String data)
throws TransformerException {
    String result = null;
    TransformerFactory tfactory = TransformerFactory.newInstance();
    if (tfactory.getFeature(SAXSource.FEATURE)) {
        // setup for xml data file preprocessing to be able to xinclude
        SAXParserFactory pfactory= SAXParserFactory.newInstance();
        pfactory.setNamespaceAware(true);
        pfactory.setValidating(false);
        pfactory.setXIncludeAware(true);
        XMLReader reader = null;
        try {
            reader = pfactory.newSAXParser().getXMLReader();
        } catch (Exception e) {
            throw new TransformerException("Error creating SAX parser/reader", e);
        }
        // do the actual preprocessing
        SAXSource source = new SAXSource(reader, new InputSource(data));
        // compile the xsl template
        Transformer transformer = tfactory.newTransformer(new StreamSource(template));
        // and apply the xsl template to the source document and save in a result string
        StringWriter sw = new StringWriter();
        StreamResult sr = new StreamResult(sw);
        transformer.transform(source, sr);
        result = sw.toString();
    } else {
        Debug.logError("tfactory does not support SAX features!", module);
    }
    return result;
}

源代码8 项目： xml-maven-plugin 文件： Resolver.java

private Source asSaxSource( InputSource isource )
    throws SAXException, ParserConfigurationException
{
    SAXParserFactory spf = SAXParserFactory.newInstance();
    spf.setValidating( validating );
    spf.setNamespaceAware( true );
    spf.setXIncludeAware( xincludeAware );
    XMLReader xmlReader = spf.newSAXParser().getXMLReader();
    xmlReader.setEntityResolver( this );
    return new SAXSource( xmlReader, isource );
}

源代码9 项目： rya 文件： XmlFactoryConfiguration.java

/**
 * Hardens the provided factory to protect against an XML External Entity (XXE) attack.
 *
 * @param factory - The factory to be modified.
 * @throws SAXNotRecognizedException
 * @throws SAXNotSupportedException
 * @throws ParserConfigurationException
 */
public static void harden(final SAXParserFactory factory)
        throws SAXNotRecognizedException, SAXNotSupportedException, ParserConfigurationException {
    // From: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet
    // To protect a Java SAXParserFactory from XXE, do this:

    // This is the PRIMARY defense. If DTDs (doctypes) are disallowed, almost all XML entity attacks are prevented
    factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);

    // If you can't completely disable DTDs, then at least do the following:
    // Xerces 1 - http://xerces.apache.org/xerces-j/features.html#external-general-entities
    // Xerces 2 - http://xerces.apache.org/xerces2-j/features.html#external-general-entities
    // JDK7+ - http://xml.org/sax/features/external-general-entities
    factory.setFeature("http://xml.org/sax/features/external-general-entities", false);

    // Xerces 1 - http://xerces.apache.org/xerces-j/features.html#external-parameter-entities
    // Xerces 2 - http://xerces.apache.org/xerces2-j/features.html#external-parameter-entities
    // JDK7+ - http://xml.org/sax/features/external-parameter-entities
    factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);

    // Disable external DTDs as well
    factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);

    // and these as well, per Timothy Morgan's 2014 paper: "XML Schema, DTD, and Entity Attacks" (see reference
    // below)
    factory.setXIncludeAware(false);
}

源代码10 项目： metafacture-core 文件： DomLoader.java

private static XMLReader createSaxReader(Schema schema) {
    final SAXParserFactory parserFactory = SAXParserFactory.newInstance();
    parserFactory.setSchema(schema);
    parserFactory.setNamespaceAware(true);
    parserFactory.setXIncludeAware(true);
    try {
        return parserFactory.newSAXParser().getXMLReader();
    } catch (ParserConfigurationException | SAXException e) {
        throw new MetafactureException(e);
    }
}

方法所在类

javax.xml.parsers.SAXParserFactory