1 files changed, 13 insertions, 1 deletions

diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index b39cf9e9b..eca231094 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -49,7 +49,10 @@ package at.gv.egovernment.moa.id.auth.parser;
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
@@ -96,6 +99,15 @@ public class CreateXMLSignatureResponseParser {
   /** This is the root element of the CreateXMLsignatureResponse */
   private Element sigResponse_;
 
+  private static final Map<String, Object> parserFeatures =
+		  Collections.unmodifiableMap(new HashMap<String, Object>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+					
+				}
+		  });
+  
   /**
    * Parses and validates the document given as string and extracts the 
    * root element.
@@ -156,7 +168,7 @@ public class CreateXMLSignatureResponseParser {
   private void init(InputStream is) throws AuthenticationException, ParseException, BKUException {
     try {
       
-      Element responseElem = DOMUtils.parseXmlValidating(is);
+      Element responseElem = DOMUtils.parseXmlValidating(is, parserFeatures);
       
       if ("CreateXMLSignatureResponse".equals(responseElem.getLocalName())) {
         sigResponse_ = responseElem;