diff options
Diffstat (limited to 'spss/server/serverlib')
5 files changed, 53 insertions, 31 deletions
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index cafd8341b..3437f84db 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -9,29 +9,33 @@ <groupId>MOA.spss.server</groupId>
<artifactId>moa-spss-lib</artifactId>
<packaging>jar</packaging>
- <version>${moa-spss-version}</version>
+ <version>2.0.5</version>
<name>MOA SP/SS API</name>
<properties>
<repositoryPath>${basedir}/../../../repository</repositoryPath>
</properties>
- <dependencies>
+ <dependencies>
<dependency>
<groupId>axis</groupId>
<artifactId>axis</artifactId>
+ <version>1.0_IAIK_1.2</version>
</dependency>
<dependency>
<groupId>org.apache.axis</groupId>
<artifactId>axis-jaxrpc</artifactId>
+ <version>1.4</version>
</dependency>
<dependency>
<groupId>org.apache.axis</groupId>
<artifactId>axis-saaj</artifactId>
+ <version>1.4</version>
</dependency>
<dependency>
<groupId>axis</groupId>
<artifactId>axis-wsdl4j</artifactId>
+ <version>1.5.1</version>
</dependency>
<dependency>
<groupId>commons-discovery</groupId>
@@ -56,6 +60,7 @@ <dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
+ <version>1.2.17</version>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
@@ -63,7 +68,7 @@ </dependency>
<dependency>
<groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
+ <artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
@@ -127,8 +132,8 @@ <optional>true</optional>
</dependency>
<dependency>
- <groupId>MOA</groupId>
- <artifactId>moa-common</artifactId>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
<type>jar</type>
</dependency>
<!--
@@ -141,8 +146,8 @@ <dependency>
- <groupId>MOA</groupId>
- <artifactId>moa-common</artifactId>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
<type>test-jar</type>
<scope>test</scope>
</dependency>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 3d2da8384..3c67ca3ca 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -23,17 +23,6 @@ package at.gv.egovernment.moa.spss.server.config; -import iaik.asn1.structures.Name; -import iaik.ixsil.exceptions.URIException; -import iaik.ixsil.util.URI; -import iaik.pki.pathvalidation.ChainingModes; -import iaik.pki.revocation.RevocationSourceTypes; -import iaik.server.modules.xml.BlackListEntry; -import iaik.server.modules.xml.ExternalReferenceChecker; -import iaik.server.modules.xml.WhiteListEntry; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; - import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -70,6 +59,16 @@ import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; +import iaik.asn1.structures.Name; +import iaik.ixsil.exceptions.URIException; +import iaik.ixsil.util.URI; +import iaik.pki.pathvalidation.ChainingModes; +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.server.modules.xml.BlackListEntry; +import iaik.server.modules.xml.ExternalReferenceChecker; +import iaik.server.modules.xml.WhiteListEntry; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; /** * A class that builds configuration data from a DOM based representation. @@ -1429,7 +1428,7 @@ public class ConfigurationPartsBuilder { private static Element parseXml(InputStream inputStream) throws ParserConfigurationException, SAXException, IOException { return DOMUtils - .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null) + .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, null) .getDocumentElement(); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java index 148be664b..fd7ef8cb2 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java @@ -24,11 +24,6 @@ package at.gv.egovernment.moa.spss.server.invoke; -import iaik.ixsil.util.URI; -import iaik.ixsil.util.XPointerReferenceResolver; -import iaik.server.modules.xml.DataObject; -import iaik.server.modules.xml.XMLDataObject; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; @@ -76,6 +71,10 @@ import at.gv.egovernment.moa.util.MOAErrorHandler; import at.gv.egovernment.moa.util.StreamEntityResolver; import at.gv.egovernment.moa.util.StreamUtils; import at.gv.egovernment.moa.util.XPathUtils; +import iaik.ixsil.util.URI; +import iaik.ixsil.util.XPointerReferenceResolver; +import iaik.server.modules.xml.DataObject; +import iaik.server.modules.xml.XMLDataObject; /** * A class to create <code>DataObject</code>s contained in different @@ -259,7 +258,8 @@ public class DataObjectFactory { Constants.ALL_SCHEMA_LOCATIONS, null, entityResolver, - new MOAErrorHandler()); + new MOAErrorHandler(), + null); Logger.trace("<<< parsed"); return new XMLDataObjectImpl(doc.getDocumentElement()); @@ -272,7 +272,7 @@ public class DataObjectFactory { // try to parse non-validating try { ByteArrayInputStream is = new ByteArrayInputStream(contentBytes); - Document doc = DOMUtils.parseDocument(is, false, null, null); + Document doc = DOMUtils.parseDocument(is, false, null, null, null); // Since the parse tree will not contain any post schema validation information, // we need to register any attributes known to be of type xsd:Id manually. NodeList idAttributes = XPathUtils.selectNodeList(doc.getDocumentElement(), XPATH); @@ -765,7 +765,7 @@ public class DataObjectFactory { // try parsing non-validating: this has to succeed or we // bail out by throwing an exception is = resolver.resolve(uri); - doc = DOMUtils.parseDocument(is, false, null, null); + doc = DOMUtils.parseDocument(is, false, null, null, null); dataObject = new XMLDataObjectImpl(doc.getDocumentElement()); } catch (ParserConfigurationException e) { throw new MOASystemException("1106", null, e); @@ -782,7 +782,7 @@ public class DataObjectFactory { try { // try parsing non-validating: need not succeed is = resolver.resolve(uri); - doc = DOMUtils.parseDocument(is, false, null, null); + doc = DOMUtils.parseDocument(is, false, null, null, null); closeInputStream(is); dataObject = new XMLDataObjectImpl(doc.getDocumentElement()); } catch (Exception e) { @@ -981,7 +981,7 @@ public class DataObjectFactory { Document doc; try { - doc = DOMUtils.parseDocument(byteStream, false, null, null); + doc = DOMUtils.parseDocument(byteStream, false, null, null, null); dataObject = new XMLDataObjectImpl(doc.getDocumentElement()); } catch (ParserConfigurationException e) { throw new MOASystemException("1106", null, e); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java index 639a75ab1..b7ce0fa7d 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java @@ -30,7 +30,10 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.HashMap; import java.util.Iterator; +import java.util.Map; import javax.servlet.http.HttpServletRequest; @@ -100,6 +103,15 @@ public class AxisHandler extends BasicHandler { /** Simple string contains the post part of the enveloping SOAP wrapping */ private static final String SOAP_PART_POST = "</soapenv:Body></soapenv:Envelope>"; + private static final Map<String, Object> parserFeatures = + Collections.unmodifiableMap(new HashMap<String, Object>() { + private static final long serialVersionUID = 1L; + { + put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true); + + } + }); + /** * Handle an invocation of this handler. * @@ -146,7 +158,12 @@ public class AxisHandler extends BasicHandler { Element xmlRequest = null; //log.info(soapMessage.getSOAPPartAsString()); - Element soapPart = DOMUtils.parseDocument(new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()), false, null, null).getDocumentElement(); + Element soapPart = DOMUtils.parseDocument( + new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()), + false, + null, + null, + parserFeatures).getDocumentElement(); if (soapPart!=null) { //TODO: check if DOM Version is intolerant when white spaces are between tags (preceding normalization would be necessary) NodeList soapBodies = soapPart.getElementsByTagNameNS(SOAP_NS_URI, "Body"); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java index d986f7a1b..1114cb7b0 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java @@ -85,7 +85,8 @@ public class ServiceUtils { Constants.ALL_SCHEMA_LOCATIONS, null, new MOASPSSEntityResolver(), - new MOAErrorHandler()); + new MOAErrorHandler(), + null); // DOMUtils.parseDocument( // new ByteArrayInputStream(requestBytes), |