Skip to content
Permalink
Browse files
Use our Stax XML parsing for all the parsing to prevent global locks …
…on sax factories and provide more security

git-svn-id: https://svn.apache.org/repos/asf/cxf/trunk@1546126 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
dkulp committed Nov 27, 2013
1 parent 02df8d6 commit 5c43ede9914108c7d8b9f1d06d6e4601b8732746
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 7 deletions.
@@ -22,16 +22,19 @@

import java.io.InputStream;

import javax.xml.transform.Source;
import javax.xml.stream.XMLStreamException;
import javax.xml.transform.Templates;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.stream.StreamSource;
import javax.xml.transform.dom.DOMSource;

import org.w3c.dom.Document;

import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.staxutils.StaxUtils;


/**
@@ -57,12 +60,16 @@ public AbstractXSLTInterceptor(String phase, Class<?> before, Class<?> after, St
if (xsltStream == null) {
throw new IllegalArgumentException("Cannot load XSLT from path: " + xsltPath);
}
Source xsltSource = new StreamSource(xsltStream);
xsltTemplate = TRANSFORM_FACTORIY.newTemplates(xsltSource);
Document doc = StaxUtils.read(xsltStream);
xsltTemplate = TRANSFORM_FACTORIY.newTemplates(new DOMSource(doc));
} catch (TransformerConfigurationException e) {
throw new IllegalArgumentException(
String.format("Cannot create XSLT template from path: %s, error: ",
xsltPath, e.getException()), e);
} catch (XMLStreamException e) {
throw new IllegalArgumentException(
String.format("Cannot create XSLT template from path: %s, error: ",
xsltPath, e.getNestedException()), e);
}
}

@@ -24,20 +24,24 @@
import java.io.Reader;
import java.util.logging.Logger;

import javax.xml.stream.XMLStreamReader;
import javax.xml.transform.Source;
import javax.xml.transform.Templates;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.dom.DOMResult;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;

import org.w3c.dom.Document;

import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.io.CachedOutputStream;
import org.apache.cxf.io.CachedWriter;
import org.apache.cxf.staxutils.StaxSource;
import org.apache.cxf.staxutils.StaxUtils;

public final class XSLTUtils {
private static final Logger LOG = LogUtils.getL7dLogger(XSLTUtils.class);
@@ -48,7 +52,8 @@ private XSLTUtils() {

public static InputStream transform(Templates xsltTemplate, InputStream in) {
try {
StreamSource beforeSource = new StreamSource(in);
XMLStreamReader reader = StaxUtils.createXMLStreamReader(in);
Source beforeSource = new StaxSource(reader);
CachedOutputStream out = new CachedOutputStream();

Transformer trans = xsltTemplate.newTransformer();
@@ -64,7 +69,8 @@ public static InputStream transform(Templates xsltTemplate, InputStream in) {

public static Reader transform(Templates xsltTemplate, Reader inReader) {
try {
StreamSource beforeSource = new StreamSource(inReader);
XMLStreamReader reader = StaxUtils.createXMLStreamReader(inReader);
Source beforeSource = new StaxSource(reader);
CachedWriter outWriter = new CachedWriter();

Transformer trans = xsltTemplate.newTransformer();

0 comments on commit 5c43ede

Please sign in to comment.