下面列出了javax.xml.transform.TransformerFactory#setAttribute ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
private static Document readXMLFile(final File xmlFile) throws ParserConfigurationException, TransformerException, IOException {
final DocumentBuilderFactory builderFactory = DocumentBuilderFactory.newInstance();
builderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
builderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
final DocumentBuilder builder = builderFactory.newDocumentBuilder();
final TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
// Ant's build.xml can not use this
// transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
final Transformer transformer = transformerFactory.newTransformer();
// Create a document to work on
final Document document = builder.newDocument();
// Read in the existing project.xml into the document
try ( FileInputStream in = new FileInputStream(xmlFile)) {
final Source loadSource = new StreamSource(in);
final Result loadResult = new DOMResult(document);
transformer.transform(loadSource, loadResult);
}
return document;
}
/**
* returns html/xml escaped, pretty printed pre formated xml string
*
* @param jaxb
* @return
* @throws Exception
*/
private String PrettyPrintJaxbObject(Object jaxb) throws Exception {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
DocumentBuilder db = dbf.newDocumentBuilder();
StringWriter sw = new StringWriter();
JAXB.marshal(jaxb, sw);
InputSource is = new InputSource(new StringReader(sw.toString()));
TransformerFactory transFactory = TransformerFactory.newInstance();
transFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
transFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
Transformer transformer = transFactory.newTransformer();
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
//initialize StreamResult with File object to save to file
StreamResult result = new StreamResult(new StringWriter());
Document document = db.parse(is);
DOMSource source = new DOMSource(document);
transformer.transform(source, result);
String xmlString = result.getWriter().toString();
return "<pre>" + StringEscapeUtils.escapeXml(xmlString) + "</pre>";
}
public static String formatMetadata(String input, int indent) {
input = input.replace("> <", "><");
try {
Source xmlInput = new StreamSource(new StringReader(input));
StringWriter stringWriter = new StringWriter();
StreamResult xmlOutput = new StreamResult(stringWriter);
StringWriter sw = new StringWriter();
xmlOutput.setWriter(sw);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setAttribute("indent-number", indent);
Transformer transformer = transformerFactory.newTransformer();
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "" + indent);
transformer.transform(xmlInput, xmlOutput);
return xmlOutput.getWriter().toString();
} catch (IllegalArgumentException | TransformerException e) {
return input;
}
}
/**
* Set the secure processing feature to a {@link TransformerFactory}. See
* https://docs.oracle.com/javase/tutorial/jaxp/properties/properties.html for
* details.
*
* @param aFactory
* The factory to secure. May not be <code>null</code>.
* @param aAllowedExternalSchemes
* Optional external URL schemes that are allowed to be accessed (as in
* "file" or "http")
* @since 9.1.2
*/
public static void makeTransformerFactorySecure (@Nonnull final TransformerFactory aFactory,
@Nullable final String... aAllowedExternalSchemes)
{
ValueEnforcer.notNull (aFactory, "Factory");
try
{
aFactory.setFeature (XMLConstants.FEATURE_SECURE_PROCESSING, true);
final String sCombinedSchemes = StringHelper.getImplodedNonEmpty (',', aAllowedExternalSchemes);
if (sCombinedSchemes.length () > 0)
{
aFactory.setAttribute (XMLConstants.ACCESS_EXTERNAL_DTD, sCombinedSchemes);
aFactory.setAttribute (XMLConstants.ACCESS_EXTERNAL_STYLESHEET, sCombinedSchemes);
// external schema is unknown
}
}
catch (final TransformerConfigurationException ex)
{
throw new InitializationException ("Failed to secure XML TransformerFactory", ex);
}
}
private static String PrettyPrintXML(String input) {
if (input == null || input.length() == 0) {
return "";
}
try {
TransformerFactory transFactory = TransformerFactory.newInstance();
transFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
transFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
Transformer transformer = transFactory.newTransformer();
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
//initialize StreamResult with File object to save to file
StreamResult result = new StreamResult(new StringWriter());
StreamSource source = new StreamSource(new StringReader(input.trim()));
transformer.transform(source, result);
String xmlString = result.getWriter().toString();
return (xmlString);
} catch (Exception ex) {
}
return null;
}
public String dumpDocument(Document document) {
String result;
try {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
Transformer transformer = transformerFactory.newTransformer();
transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "no");
transformer.setOutputProperty(OutputKeys.METHOD, "xml");
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8");
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
transformer.transform(new DOMSource(document),
new StreamResult(new OutputStreamWriter(baos, StandardCharsets.UTF_8)));
result = baos.toString("UTF-8");
} catch (Exception e) {
result = e + " " + e.getMessage();
}
return result;
}
public String serialize(RequestContext context, Element rpToken) {
if (rpToken != null) {
StringWriter sw = new StringWriter();
try {
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
try {
tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
} catch (IllegalArgumentException ex) {
// ignore
}
Transformer t = tf.newTransformer();
t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
t.transform(new DOMSource(rpToken), new StreamResult(sw));
} catch (TransformerException te) {
LOG.warn("nodeToString Transformer Exception");
}
String serializedToken = sw.toString();
return StringEscapeUtils.escapeXml11(serializedToken);
}
return null;
}
public static String getFormatedDocument(SOAPMessage message) {
try {
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setAttribute("indent-number", 4);
Transformer transformer = transformerFactory.newTransformer();
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
StreamResult result = new StreamResult(new StringWriter());
ByteArrayOutputStream bos = new ByteArrayOutputStream();
message.writeTo(bos);
InputStream bis = new ByteArrayInputStream(bos.toByteArray());
StreamSource source = new StreamSource(bis);
transformer.transform(source, result);
return result.getWriter().toString();
} catch (Exception ex) {
ex.printStackTrace();
return null;
}
}
/**
* returns html/xml escaped, pretty printed pre formated xml string
*
* @param jaxb
* @return
* @throws Exception
*/
private String PrettyPrintJaxbObject(Object jaxb) throws Exception {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
DocumentBuilder db = dbf.newDocumentBuilder();
StringWriter sw = new StringWriter();
JAXB.marshal(jaxb, sw);
InputSource is = new InputSource(new StringReader(sw.toString()));
TransformerFactory transFactory = TransformerFactory.newInstance();
transFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
transFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
Transformer transformer = transFactory.newTransformer();
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
//initialize StreamResult with File object to save to file
StreamResult result = new StreamResult(new StringWriter());
Document document = db.parse(is);
DOMSource source = new DOMSource(document);
transformer.transform(source, result);
String xmlString = result.getWriter().toString();
return "<pre>" + StringEscapeUtils.escapeXml(xmlString) + "</pre>";
}
/**
* Configures a {@link TransformerFactory} to protect it against XML
* External Entity attacks.
* @param factory the factory
* @see <a href=
* "https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Prevention_Cheat_Sheet#Java">
* XXE Cheat Sheet</a>
*/
public static void applyXXEProtection(TransformerFactory factory) {
//@formatter:off
String[] attributes = {
//XMLConstants.ACCESS_EXTERNAL_DTD (Java 7 only)
"http://javax.xml.XMLConstants/property/accessExternalDTD",
//XMLConstants.ACCESS_EXTERNAL_STYLESHEET (Java 7 only)
"http://javax.xml.XMLConstants/property/accessExternalStylesheet"
};
//@formatter:on
for (String attribute : attributes) {
try {
factory.setAttribute(attribute, "");
} catch (IllegalArgumentException e) {
//attribute is not supported by the local XML engine, skip it
}
}
}
/**
* Helper to make an XML Transformer.
*
* @param declaration If true, include the XML declaration.
* @param indent If true, set up the transformer to indent.
* @return A suitable {@code Transformer}.
*/
public static Transformer makeTransformer(boolean declaration,
boolean indent) {
Transformer tf = null;
try {
TransformerFactory factory = TransformerFactory.newInstance();
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
factory.setAttribute("indent-number", Integer.valueOf(2));
tf = factory.newTransformer();
tf.setOutputProperty(OutputKeys.ENCODING, "UTF-8");
tf.setOutputProperty(OutputKeys.METHOD, "xml");
if (!declaration) {
tf.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
}
if (indent) {
tf.setOutputProperty(OutputKeys.INDENT, "yes");
tf.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "2");
}
} catch (TransformerException e) {
logger.log(Level.WARNING, "Failed to install transformer!", e);
}
return tf;
}
/**
* Takes given XML and indents everything with 2 spaces.
*
* @param xml The XML to format in text format.
* @return Same XML but formatted with indents of 2 spaces.
* @throws TransformerException If it all breaks up.
*/
//TODO: add tests
public static String formatXml(String xml) throws TransformerException {
try {
Source xmlInput = new StreamSource(new StringReader(xml));
StringWriter stringWriter = new StringWriter();
StreamResult xmlOutput = new StreamResult(stringWriter);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setAttribute("indent-number", 2);
Transformer transformer = transformerFactory.newTransformer();
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
transformer.transform(xmlInput, xmlOutput);
return xmlOutput.getWriter().toString();
} catch (Exception e) {
throw new RuntimeException(e); // simple exception handling, please review it
}
}
public static void writeXML(Document document, File xmlFile) throws TransformerException {
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
Transformer transformer = transformerFactory.newTransformer();
document.setXmlStandalone(true);
DOMSource source = new DOMSource(document);
StreamResult result = new StreamResult(xmlFile);
transformer.transform(source, result);
}
public static TransformerFactory newTransformerFactory() {
TransformerFactory factory = TransformerFactory.newInstance();
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
return factory;
}
@SafeVarargs
private static Transformer internalTransformer(Pair<String, Object>... attributes) throws TransformerConfigurationException {
TransformerFactory transformerFactory = TransformerFactory.newInstance();
for (Pair<String, Object> attribute : attributes) {
transformerFactory.setAttribute(attribute.first(), attribute.second());
}
return transformerFactory.newTransformer();
}
private static void setIndent(TransformerFactory factory, int indent) {
// TODO: support older parser attribute values as well
try {
factory.setAttribute("indent-number", indent);
} catch (IllegalArgumentException e) {
// ignore for factories that don't support this
}
}
public static void writeXml(Node n, OutputStream os) throws TransformerException {
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
try {
tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
} catch (IllegalArgumentException ex) {
// ignore
}
// identity
Transformer t = tf.newTransformer();
t.setOutputProperty(OutputKeys.INDENT, "yes");
t.transform(new DOMSource(n), new StreamResult(os));
}
public static String prettyPrint(String input, int indent) {
try {
Source xmlInput = new StreamSource(new StringReader(input));
StringWriter stringWriter = new StringWriter();
StreamResult xmlOutput = new StreamResult(stringWriter);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setAttribute("indent-number", indent);
Transformer transformer = transformerFactory.newTransformer();
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
transformer.transform(xmlInput, xmlOutput);
return xmlOutput.getWriter().toString();
} catch (Exception e) {
throw new RuntimeException("Problem pretty printing XML", e);
}
}
@Override
protected void setSecurityAttribute(TransformerFactory factory, String attribute, Object value) throws IllegalArgumentException {
factory.setAttribute(attribute, value);
}
/**
* Output this data set as an angle code XML data file
*
* @param out The output stream to write to
* @param imageName The name of the image
* @throws IOException Indicates a failure to build the XML
*/
public void toAngelCodeXML(PrintStream out, String imageName) throws IOException {
try {
DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
Document document = builder.newDocument();
Element root = document.createElement("font");
document.appendChild(root);
Element info = document.createElement("info");
info.setAttribute("face",fontName);
info.setAttribute("size",""+size);
info.setAttribute("bold","0");
info.setAttribute("italic","0");
info.setAttribute("charSet",setName);
info.setAttribute("unicode",""+0);
info.setAttribute("stretchH",""+100);
info.setAttribute("smooth",""+0);
info.setAttribute("aa",""+0);
info.setAttribute("padding","0,0,0,0");
info.setAttribute("spacing","0,0");
root.appendChild(info);
Element common = document.createElement("common");
common.setAttribute("lineHeight",""+lineHeight);
common.setAttribute("base","0");
common.setAttribute("scaleW",""+width);
common.setAttribute("scaleH",""+height);
common.setAttribute("pages","1");
common.setAttribute("packed","0");
root.appendChild(common);
Element pages = document.createElement("pages");
Element page = document.createElement("page");
page.setAttribute("id","0");
page.setAttribute("file",imageName);
root.appendChild(pages);
pages.appendChild(page);
Element charsElement = document.createElement("chars");
charsElement.setAttribute("count",""+chars.size());
root.appendChild(charsElement);
for (int i=0;i<chars.size();i++) {
CharData c = (CharData) chars.get(i);
Element charElement = document.createElement("char");
charElement.setAttribute("id", ""+c.getID());
charElement.setAttribute("x", ""+c.getX());
charElement.setAttribute("y", ""+c.getY());
charElement.setAttribute("width", ""+c.getWidth());
charElement.setAttribute("height", ""+c.getHeight());
charElement.setAttribute("xoffset", "0");
charElement.setAttribute("yoffset", ""+c.getYOffset());
charElement.setAttribute("xadvance", ""+c.getXAdvance());
charElement.setAttribute("page", "0");
charElement.setAttribute("chnl", "0");
charsElement.appendChild(charElement);
}
Element kernsElement = document.createElement("kernings");
kernsElement.setAttribute("count",""+kerning.size());
root.appendChild(kernsElement);
for (int i=0;i<kerning.size();i++) {
KerningData k = (KerningData) kerning.get(i);
Element kernElement = document.createElement("kerning");
kernElement.setAttribute("first", ""+k.first);
kernElement.setAttribute("second", ""+k.second);
kernElement.setAttribute("amount", ""+k.offset);
kernsElement.appendChild(kernElement);
}
Result result = new StreamResult(new OutputStreamWriter(out,
"utf-8"));
DOMSource source = new DOMSource(document);
TransformerFactory factory = TransformerFactory.newInstance();
factory.setAttribute("indent-number", new Integer(2));
Transformer xformer = factory.newTransformer();
xformer.setOutputProperty(OutputKeys.INDENT, "yes");
xformer.transform(source, result);
} catch (Exception e) {
e.printStackTrace();
IOException x = new IOException();
x.initCause(e);
throw x;
}
}