com.atlassian.security.xml

Class SecureXmlParserFactory

java.lang.Object

com.atlassian.security.xml.SecureXmlParserFactory

public final class SecureXmlParserFactory
extends Object

Utility methods to produce parsers suitable for untrusted XML. These cover the core parsing APIs included in JDK 1.6. Other factories in com.atlassian.security.xml.libs can create parsers for other libraries.

Parsers will have FEATURE_SECURE_PROCESSING enabled and be configured to ignore external resources used for, or in, DTDs.

Since:

3.0

Field Summary

Fields

Modifier and Type	Field and Description
static String	ATTRIBUTE_LOAD_EXTERNAL
static String	FEATURE_EXTERNAL_GENERAL_ENTITIES
static String	FEATURE_EXTERNAL_PARAMETER_ENTITIES

Method Summary

Modifier and Type	Method and Description
static SAXParserFactory	createSAXParserFactory() Create a new SAX SAXParserFactory suitable for parsing XML from an untrusted source
static EntityResolver	emptyEntityResolver() Create a new EntityResolver that will resolve every entity to an empty stream, rather than fetching resources from the network.
static DocumentBuilder	newDocumentBuilder() Create a new DOM DocumentBuilder suitable for parsing XML from an untrusted source.
static DocumentBuilderFactory	newDocumentBuilderFactory()
static DocumentBuilder	newNamespaceAwareDocumentBuilder() Create a new namespace-aware DOM DocumentBuilder suitable for parsing XML from an untrusted source.
static XMLReader	newNamespaceAwareXmlReader() Create a new namespace-aware SAX XMLReader suitable for parsing XML from an untrusted source.
static XMLInputFactory	newXmlInputFactory() Create a new StAX XMLInputFactory suitable for parsing XML from an untrusted source.
static XMLReader	newXmlReader() Create a new SAX XMLReader suitable for parsing XML from an untrusted source.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ATTRIBUTE_LOAD_EXTERNAL

public static final String ATTRIBUTE_LOAD_EXTERNAL

See Also:

Constant Field Values

FEATURE_EXTERNAL_GENERAL_ENTITIES

public static final String FEATURE_EXTERNAL_GENERAL_ENTITIES

See Also:

Constant Field Values

FEATURE_EXTERNAL_PARAMETER_ENTITIES

public static final String FEATURE_EXTERNAL_PARAMETER_ENTITIES

See Also:

Constant Field Values

Method Detail

newDocumentBuilderFactory

public static DocumentBuilderFactory newDocumentBuilderFactory()

Returns:

A locked-down DocumentBuilderFactory

Since:

3.1.2

newDocumentBuilder

public static DocumentBuilder newDocumentBuilder()

Create a new DOM DocumentBuilder suitable for parsing XML from an untrusted source.

Returns:

a new parser

createSAXParserFactory

public static SAXParserFactory createSAXParserFactory()
                                               throws SAXException,
                                                      ParserConfigurationException

Create a new SAX SAXParserFactory suitable for parsing XML from an untrusted source

Returns:

a new SAXParserFactory

Throws:

SAXException

ParserConfigurationException

newXmlReader

public static XMLReader newXmlReader()

Create a new SAX XMLReader suitable for parsing XML from an untrusted source.

Returns:

a new parser

newNamespaceAwareXmlReader

public static XMLReader newNamespaceAwareXmlReader()

Create a new namespace-aware SAX XMLReader suitable for parsing XML from an untrusted source.

Returns:

a new parser

newNamespaceAwareDocumentBuilder

public static DocumentBuilder newNamespaceAwareDocumentBuilder()

Create a new namespace-aware DOM DocumentBuilder suitable for parsing XML from an untrusted source.

Returns:

a new parser

newXmlInputFactory

public static XMLInputFactory newXmlInputFactory()

Create a new StAX XMLInputFactory suitable for parsing XML from an untrusted source.

Returns:

a new parser

emptyEntityResolver

public static EntityResolver emptyEntityResolver()

Create a new EntityResolver that will resolve every entity to an empty stream, rather than fetching resources from the network.