diff options
Diffstat (limited to 'spss/server/serverlib/src/main')
4 files changed, 41 insertions, 24 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 3d2da8384..3c67ca3ca 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -23,17 +23,6 @@ package at.gv.egovernment.moa.spss.server.config; -import iaik.asn1.structures.Name; -import iaik.ixsil.exceptions.URIException; -import iaik.ixsil.util.URI; -import iaik.pki.pathvalidation.ChainingModes; -import iaik.pki.revocation.RevocationSourceTypes; -import iaik.server.modules.xml.BlackListEntry; -import iaik.server.modules.xml.ExternalReferenceChecker; -import iaik.server.modules.xml.WhiteListEntry; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; - import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -70,6 +59,16 @@ import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; +import iaik.asn1.structures.Name; +import iaik.ixsil.exceptions.URIException; +import iaik.ixsil.util.URI; +import iaik.pki.pathvalidation.ChainingModes; +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.server.modules.xml.BlackListEntry; +import iaik.server.modules.xml.ExternalReferenceChecker; +import iaik.server.modules.xml.WhiteListEntry; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; /** * A class that builds configuration data from a DOM based representation. @@ -1429,7 +1428,7 @@ public class ConfigurationPartsBuilder { private static Element parseXml(InputStream inputStream) throws ParserConfigurationException, SAXException, IOException { return DOMUtils - .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null) + .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, null) .getDocumentElement(); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java index 148be664b..fd7ef8cb2 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java @@ -24,11 +24,6 @@ package at.gv.egovernment.moa.spss.server.invoke; -import iaik.ixsil.util.URI; -import iaik.ixsil.util.XPointerReferenceResolver; -import iaik.server.modules.xml.DataObject; -import iaik.server.modules.xml.XMLDataObject; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; @@ -76,6 +71,10 @@ import at.gv.egovernment.moa.util.MOAErrorHandler; import at.gv.egovernment.moa.util.StreamEntityResolver; import at.gv.egovernment.moa.util.StreamUtils; import at.gv.egovernment.moa.util.XPathUtils; +import iaik.ixsil.util.URI; +import iaik.ixsil.util.XPointerReferenceResolver; +import iaik.server.modules.xml.DataObject; +import iaik.server.modules.xml.XMLDataObject; /** * A class to create <code>DataObject</code>s contained in different @@ -259,7 +258,8 @@ public class DataObjectFactory { Constants.ALL_SCHEMA_LOCATIONS, null, entityResolver, - new MOAErrorHandler()); + new MOAErrorHandler(), + null); Logger.trace("<<< parsed"); return new XMLDataObjectImpl(doc.getDocumentElement()); @@ -272,7 +272,7 @@ public class DataObjectFactory { // try to parse non-validating try { ByteArrayInputStream is = new ByteArrayInputStream(contentBytes); - Document doc = DOMUtils.parseDocument(is, false, null, null); + Document doc = DOMUtils.parseDocument(is, false, null, null, null); // Since the parse tree will not contain any post schema validation information, // we need to register any attributes known to be of type xsd:Id manually. NodeList idAttributes = XPathUtils.selectNodeList(doc.getDocumentElement(), XPATH); @@ -765,7 +765,7 @@ public class DataObjectFactory { // try parsing non-validating: this has to succeed or we // bail out by throwing an exception is = resolver.resolve(uri); - doc = DOMUtils.parseDocument(is, false, null, null); + doc = DOMUtils.parseDocument(is, false, null, null, null); dataObject = new XMLDataObjectImpl(doc.getDocumentElement()); } catch (ParserConfigurationException e) { throw new MOASystemException("1106", null, e); @@ -782,7 +782,7 @@ public class DataObjectFactory { try { // try parsing non-validating: need not succeed is = resolver.resolve(uri); - doc = DOMUtils.parseDocument(is, false, null, null); + doc = DOMUtils.parseDocument(is, false, null, null, null); closeInputStream(is); dataObject = new XMLDataObjectImpl(doc.getDocumentElement()); } catch (Exception e) { @@ -981,7 +981,7 @@ public class DataObjectFactory { Document doc; try { - doc = DOMUtils.parseDocument(byteStream, false, null, null); + doc = DOMUtils.parseDocument(byteStream, false, null, null, null); dataObject = new XMLDataObjectImpl(doc.getDocumentElement()); } catch (ParserConfigurationException e) { throw new MOASystemException("1106", null, e); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java index 639a75ab1..b7ce0fa7d 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java @@ -30,7 +30,10 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.HashMap; import java.util.Iterator; +import java.util.Map; import javax.servlet.http.HttpServletRequest; @@ -100,6 +103,15 @@ public class AxisHandler extends BasicHandler { /** Simple string contains the post part of the enveloping SOAP wrapping */ private static final String SOAP_PART_POST = "</soapenv:Body></soapenv:Envelope>"; + private static final Map<String, Object> parserFeatures = + Collections.unmodifiableMap(new HashMap<String, Object>() { + private static final long serialVersionUID = 1L; + { + put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true); + + } + }); + /** * Handle an invocation of this handler. * @@ -146,7 +158,12 @@ public class AxisHandler extends BasicHandler { Element xmlRequest = null; //log.info(soapMessage.getSOAPPartAsString()); - Element soapPart = DOMUtils.parseDocument(new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()), false, null, null).getDocumentElement(); + Element soapPart = DOMUtils.parseDocument( + new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()), + false, + null, + null, + parserFeatures).getDocumentElement(); if (soapPart!=null) { //TODO: check if DOM Version is intolerant when white spaces are between tags (preceding normalization would be necessary) NodeList soapBodies = soapPart.getElementsByTagNameNS(SOAP_NS_URI, "Body"); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java index d986f7a1b..1114cb7b0 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java @@ -85,7 +85,8 @@ public class ServiceUtils { Constants.ALL_SCHEMA_LOCATIONS, null, new MOASPSSEntityResolver(), - new MOAErrorHandler()); + new MOAErrorHandler(), + null); // DOMUtils.parseDocument( // new ByteArrayInputStream(requestBytes), |