Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added 'processExternalEntities' to JAXB2Marshaller #317

Closed
wants to merge 1 commit into from
Closed

Added 'processExternalEntities' to JAXB2Marshaller #317

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
56 changes: 56 additions & 0 deletions spring-oxm/src/main/java/org/springframework/oxm/jaxb/Jaxb2Marshaller.java
View file
Open in desktop
Expand Up @@ -61,7 +61,9 @@
import javax.xml.stream.XMLStreamWriter;
import javax.xml.transform.Result;
import javax.xml.transform.Source;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.sax.SAXSource;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;

Expand Down Expand Up @@ -173,6 +175,8 @@ public class Jaxb2Marshaller implements MimeMarshaller, MimeUnmarshaller, Generi

private Schema schema;

private boolean processExternalEntities = false;


/**
* Set multiple JAXB context paths. The given array of context paths gets
Expand Down Expand Up @@ -385,6 +389,18 @@ public void setMappedClass(Class<?> mappedClass) {
this.mappedClass = mappedClass;
}

/**
* Indicates whether external XML entities are processed when unmarshalling.
* <p>Default is {@code false}, meaning that external entities are not resolved.
* Note that processing of external entities will only be enabled/disabled when the
* {@code Source} passed to {@link #unmarshal(Source)} is a {@link SAXSource} or
* {@link StreamSource}. It has no effect for {@link DOMSource} or {@link StAXSource}
* instances.
*/
public void setProcessExternalEntities(boolean processExternalEntities) {
this.processExternalEntities = processExternalEntities;
}

@Override
public void setBeanClassLoader(ClassLoader classLoader) {
this.beanClassLoader = classLoader;
Expand Down Expand Up @@ -712,6 +728,8 @@ public Object unmarshal(Source source) throws XmlMappingException {

@Override
public Object unmarshal(Source source, MimeContainer mimeContainer) throws XmlMappingException {
source = processSource(source);

try {
Unmarshaller unmarshaller = createUnmarshaller();
if (this.mtomEnabled && mimeContainer != null) {
Expand Down Expand Up @@ -752,6 +770,44 @@ protected Object unmarshalStaxSource(Unmarshaller jaxbUnmarshaller, Source staxS
}
}

private Source processSource(Source source) {
if (StaxUtils.isStaxSource(source) || source instanceof DOMSource) {
return source;
}

XMLReader xmlReader = null;
InputSource inputSource = null;

if (source instanceof SAXSource) {
SAXSource saxSource = (SAXSource) source;
xmlReader = saxSource.getXMLReader();
inputSource = saxSource.getInputSource();
}
else if (source instanceof StreamSource) {
StreamSource streamSource = (StreamSource) source;
if (streamSource.getInputStream() != null) {
inputSource = new InputSource(streamSource.getInputStream());
}
else if (streamSource.getReader() != null) {
inputSource = new InputSource(streamSource.getReader());
}
}

try {
if (xmlReader == null) {
xmlReader = XMLReaderFactory.createXMLReader();
}
xmlReader.setFeature("http://xml.org/sax/features/external-general-entities",
this.processExternalEntities);

return new SAXSource(xmlReader, inputSource);
}
catch (SAXException ex) {
logger.warn("Processing of external entities could not be disabled", ex);
return source;
}
}

/**
* Return a newly created JAXB unmarshaller.
* Note: JAXB unmarshallers are not necessarily thread-safe.
Expand Down