https://issues.jboss.org/browse/WFK2-375 enhanced fix

git-svn-id: https://svn.jboss.org/repos/seam/branches/enterprise/WFK-2_1@15651 a9c07ecc-ef43-0410-a306-c911db474e88

jboss-seam-remoting/src/main/java/org/jboss/seam/remoting/ExecutionHandler.java

@@ -21,6 +21,7 @@
 import org.jboss.seam.log.Logging;
 import org.jboss.seam.remoting.wrapper.Wrapper;
 import org.jboss.seam.servlet.ContextualHttpServletRequest;
+import org.jboss.seam.util.XML;
 
 /**
  * Unmarshals the calls from an HttpServletRequest, executes them in order and
@@ -67,7 +68,7 @@ public void handle(HttpServletRequest request, final HttpServletResponse respons
       log.debug("Processing remote request: " + requestData);
 
       // Parse the incoming request as XML
-      SAXReader xmlReader = new SAXReader();
+      SAXReader xmlReader = XML.getSafeSaxReader();
       Document doc = xmlReader.read( new StringReader(requestData) );
       final Element env = doc.getRootElement();
       final RequestContext ctx = unmarshalContext(env);

jboss-seam-remoting/src/main/java/org/jboss/seam/remoting/InterfaceGenerator.java

@@ -88,16 +88,8 @@ public void process() throws Exception
               Component component = Component.forName(componentName);
               if (component == null)
               {                 
-                 try
-                 {
-                    Class c = Reflections.classForName(componentName);
-                    appendClassSource(response.getOutputStream(), c, types);
-                 }
-                 catch (ClassNotFoundException ex)
-                 {
-                    log.error(String.format("Component not found: [%s]", componentName));
-                    throw new ServletException("Invalid request - component not found.");
-                 }
+                 log.error(String.format("Component not found: [%s]", componentName));
+                 throw new ServletException("Invalid request - component not found.");
               }
               else
               {

jboss-seam-remoting/src/main/java/org/jboss/seam/remoting/PollHandler.java

@@ -21,6 +21,7 @@
 import org.jboss.seam.remoting.messaging.PollRequest;
 import org.jboss.seam.remoting.wrapper.Wrapper;
 import org.jboss.seam.servlet.ContextualHttpServletRequest;
+import org.jboss.seam.util.XML;
 
 /**
  * Handles JMS Message poll requests.
@@ -56,7 +57,7 @@ public void handle(HttpServletRequest request, final HttpServletResponse respons
     response.setContentType("text/xml");
 
     // Parse the incoming request as XML
-    SAXReader xmlReader = new SAXReader();
+    SAXReader xmlReader = XML.getSafeSaxReader();
     Document doc = xmlReader.read(request.getInputStream());
     Element env = doc.getRootElement();
 

jboss-seam-remoting/src/main/java/org/jboss/seam/remoting/SubscriptionHandler.java

@@ -17,6 +17,7 @@
 import org.jboss.seam.remoting.messaging.RemoteSubscriber;
 import org.jboss.seam.remoting.messaging.SubscriptionRegistry;
 import org.jboss.seam.remoting.messaging.SubscriptionRequest;
+import org.jboss.seam.util.XML;
 import org.jboss.seam.web.ServletContexts;
 
 /**
@@ -40,7 +41,7 @@ public void handle(HttpServletRequest request, HttpServletResponse response)
     response.setContentType("text/xml");
 
     // Parse the incoming request as XML
-    SAXReader xmlReader = new SAXReader();
+    SAXReader xmlReader = XML.getSafeSaxReader();
     Document doc = xmlReader.read(request.getInputStream());
     Element env = doc.getRootElement();
 

jboss-seam/src/main/java/org/jboss/seam/util/XML.java

@@ -65,4 +65,17 @@ public InputSource resolveEntity(String systemId, String publicId)
        }
 
    }
+
+   /**
+    * Get safe SaxReader with doctype feature disabled 
+    * @see http://xerces.apache.org/xerces2-j/features.html#disallow-doctype-decl 
+    * @return
+    * @throws Exception
+    */
+   public static SAXReader getSafeSaxReader() throws Exception
+   {
+      SAXReader xmlReader = new SAXReader();
+      xmlReader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+      return xmlReader;
+   }
 }