aboutsummaryrefslogtreecommitdiff
path: root/id/server/moa-id-commons/src
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/moa-id-commons/src')
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java14
2 files changed, 12 insertions, 4 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
index d2c827d55..fcf4c3ffa 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -32,7 +32,7 @@ public interface AuthConfiguration extends ConfigurationProvider{
* Get a configuration value from basic file based MOA-ID configuration
*
* @param key configuration key
- * @return configuration value
+ * @return configuration value or null if it is not found
*/
public String getBasicMOAIDConfiguration(final String key);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index fed968443..62a168ac8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -28,6 +28,7 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
@@ -542,6 +543,7 @@ public class DOMUtils {
/**
* A convenience method to parse an XML document non validating.
+ * This method disallow DocType declarations
*
* @param inputStream The <code>InputStream</code> containing the XML
* document.
@@ -552,10 +554,16 @@ public class DOMUtils {
* parser.
*/
public static Element parseXmlNonValidating(InputStream inputStream)
- throws ParserConfigurationException, SAXException, IOException {
+ throws ParserConfigurationException, SAXException, IOException {
return DOMUtils
- .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null, null)
- .getDocumentElement();
+ .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null,
+ Collections.unmodifiableMap(new HashMap<String, Object>() {
+ private static final long serialVersionUID = 1L;
+ {
+ put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+
+ }
+ })).getDocumentElement();
}
/**
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 16:47:33 +0000