Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Added 'processExternalEntities' to JAXB2Marshaller #317

Closed
wants to merge 1 commit into
from
Jump to file or symbol
Failed to load files and symbols.
+56 −0
Split
@@ -61,7 +61,9 @@
import javax.xml.stream.XMLStreamWriter;
import javax.xml.transform.Result;
import javax.xml.transform.Source;
+import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.sax.SAXSource;
+import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
@@ -173,6 +175,8 @@
private Schema schema;
+ private boolean processExternalEntities = false;
+
/**
* Set multiple JAXB context paths. The given array of context paths gets
@@ -385,6 +389,18 @@ public void setMappedClass(Class<?> mappedClass) {
this.mappedClass = mappedClass;
}
+ /**
+ * Indicates whether external XML entities are processed when unmarshalling.
+ * <p>Default is {@code false}, meaning that external entities are not resolved.
+ * Note that processing of external entities will only be enabled/disabled when the
+ * {@code Source} passed to {@link #unmarshal(Source)} is a {@link SAXSource} or
+ * {@link StreamSource}. It has no effect for {@link DOMSource} or {@link StAXSource}
+ * instances.
+ */
+ public void setProcessExternalEntities(boolean processExternalEntities) {
+ this.processExternalEntities = processExternalEntities;
+ }
+
@Override
public void setBeanClassLoader(ClassLoader classLoader) {
this.beanClassLoader = classLoader;
@@ -712,6 +728,8 @@ public Object unmarshal(Source source) throws XmlMappingException {
@Override
public Object unmarshal(Source source, MimeContainer mimeContainer) throws XmlMappingException {
+ source = processSource(source);
+
try {
Unmarshaller unmarshaller = createUnmarshaller();
if (this.mtomEnabled && mimeContainer != null) {
@@ -752,6 +770,44 @@ protected Object unmarshalStaxSource(Unmarshaller jaxbUnmarshaller, Source staxS
}
}
+ private Source processSource(Source source) {
+ if (StaxUtils.isStaxSource(source) || source instanceof DOMSource) {
+ return source;
+ }
+
+ XMLReader xmlReader = null;
+ InputSource inputSource = null;
+
+ if (source instanceof SAXSource) {
+ SAXSource saxSource = (SAXSource) source;
+ xmlReader = saxSource.getXMLReader();
+ inputSource = saxSource.getInputSource();
+ }
+ else if (source instanceof StreamSource) {
+ StreamSource streamSource = (StreamSource) source;
+ if (streamSource.getInputStream() != null) {
+ inputSource = new InputSource(streamSource.getInputStream());
+ }
+ else if (streamSource.getReader() != null) {
+ inputSource = new InputSource(streamSource.getReader());
+ }
+ }
+
+ try {
+ if (xmlReader == null) {
+ xmlReader = XMLReaderFactory.createXMLReader();
+ }
+ xmlReader.setFeature("http://xml.org/sax/features/external-general-entities",
+ this.processExternalEntities);
+
+ return new SAXSource(xmlReader, inputSource);
+ }
+ catch (SAXException ex) {
+ logger.warn("Processing of external entities could not be disabled", ex);
+ return source;
+ }
+ }
+
/**
* Return a newly created JAXB unmarshaller.
* Note: JAXB unmarshallers are not necessarily thread-safe.