org.apache.xerces.parsers

Class SecurityConfiguration

Implemented Interfaces:
XML11Configurable, org.apache.xerces.xni.parser.XMLComponentManager, org.apache.xerces.xni.parser.XMLPullParserConfiguration

public class SecurityConfiguration
extends XIncludeAwareParserConfiguration

This configuration allows Xerces to behave in a security-conscious manner; that is, it permits applications to instruct Xerces to limit certain operations that could be exploited by malicious document authors to cause a denail-of-service attack when the document is parsed. In addition to the features and properties recognized by the base parser configuration, this class recognizes these additional features and properties:
Version:
$Id: SecurityConfiguration.java,v 1.6 2005/05/04 03:56:45 mrglavas Exp $
Author:
Neil Graham, IBM

Field Summary

protected static String
SECURITY_MANAGER_PROPERTY

Fields inherited from class org.apache.xerces.parsers.XIncludeAwareParserConfiguration

ALLOW_UE_AND_NOTATION_EVENTS, NAMESPACE_CONTEXT, XINCLUDE_FEATURE, XINCLUDE_FIXUP_BASE_URIS, XINCLUDE_FIXUP_LANGUAGE, XINCLUDE_HANDLER, fCurrentNSContext, fNonXIncludeNSContext, fXIncludeEnabled, fXIncludeHandler, fXIncludeNSContext

Fields inherited from class org.apache.xerces.parsers.XML11Configuration

ALLOW_JAVA_ENCODINGS, CONTINUE_AFTER_FATAL_ERROR, DATATYPE_VALIDATOR_FACTORY, DOCUMENT_SCANNER, DTD_PROCESSOR, DTD_SCANNER, DTD_VALIDATOR, ENTITY_MANAGER, ENTITY_RESOLVER, ERROR_HANDLER, ERROR_REPORTER, EXTERNAL_GENERAL_ENTITIES, EXTERNAL_PARAMETER_ENTITIES, GENERATE_SYNTHETIC_ANNOTATIONS, HONOUR_ALL_SCHEMALOCATIONS, JAXP_SCHEMA_LANGUAGE, JAXP_SCHEMA_SOURCE, LOAD_EXTERNAL_DTD, NAMESPACES, NAMESPACE_BINDER, NORMALIZE_DATA, NOTIFY_BUILTIN_REFS, NOTIFY_CHAR_REFS, PRINT_EXCEPTION_STACK_TRACE, SCHEMA_AUGMENT_PSVI, SCHEMA_ELEMENT_DEFAULT, SCHEMA_LOCATION, SCHEMA_NONS_LOCATION, SCHEMA_VALIDATOR, SYMBOL_TABLE, USE_GRAMMAR_POOL_ONLY, VALIDATE_ANNOTATIONS, VALIDATION, VALIDATION_MANAGER, WARN_ON_DUPLICATE_ATTDEF, WARN_ON_DUPLICATE_ENTITYDEF, WARN_ON_UNDECLARED_ELEMDEF, XML11_DATATYPE_VALIDATOR_FACTORY, XMLGRAMMAR_POOL, XMLSCHEMA_FULL_CHECKING, XMLSCHEMA_VALIDATION, XML_STRING, fCommonComponents, fComponents, fConfigUpdated, fCurrentDTDScanner, fCurrentDVFactory, fCurrentScanner, fDTDContentModelHandler, fDTDHandler, fDTDProcessor, fDTDScanner, fDTDValidator, fDatatypeValidatorFactory, fDocumentHandler, fEntityManager, fErrorReporter, fGrammarPool, fInputSource, fLastComponent, fLocale, fLocator, fNamespaceScanner, fNonNSDTDValidator, fNonNSScanner, fParseInProgress, fSchemaValidator, fSymbolTable, fValidationManager, fVersionDetector, fXML11Components, fXML11DTDProcessor, fXML11DTDScanner, fXML11DTDValidator, fXML11DatatypeFactory, fXML11DocScanner, fXML11NSDTDValidator, fXML11NSDocScanner

Fields inherited from class org.apache.xerces.util.ParserConfigurationSettings

PARSER_SETTINGS, fFeatures, fParentSettings, fProperties, fRecognizedFeatures, fRecognizedProperties

Constructor Summary

SecurityConfiguration()
Default constructor.
SecurityConfiguration(SymbolTable symbolTable)
Constructs a parser configuration using the specified symbol table.
SecurityConfiguration(SymbolTable symbolTable, org.apache.xerces.xni.grammars.XMLGrammarPool grammarPool)
Constructs a parser configuration using the specified symbol table and grammar pool.
SecurityConfiguration(SymbolTable symbolTable, org.apache.xerces.xni.grammars.XMLGrammarPool grammarPool, org.apache.xerces.xni.parser.XMLComponentManager parentSettings)
Constructs a parser configuration using the specified symbol table, grammar pool, and parent settings.

Method Summary

Methods inherited from class org.apache.xerces.parsers.XIncludeAwareParserConfiguration

configurePipeline, configureXML11Pipeline, getFeature, setFeature

Methods inherited from class org.apache.xerces.parsers.XML11Configuration

addCommonComponent, addComponent, addRecognizedParamsAndSetDefaults, addXML11Component, checkFeature, checkProperty, cleanup, configurePipeline, configureXML11Pipeline, getDTDContentModelHandler, getDTDHandler, getDocumentHandler, getEntityResolver, getErrorHandler, getFeature, getLocale, parse, parse, reset, resetCommon, resetXML11, setDTDContentModelHandler, setDTDHandler, setDocumentHandler, setEntityResolver, setErrorHandler, setFeature, setInputSource, setLocale, setProperty

Methods inherited from class org.apache.xerces.util.ParserConfigurationSettings

addRecognizedFeatures, addRecognizedProperties, checkFeature, checkProperty, getFeature, getProperty, setFeature, setProperty

Field Details

SECURITY_MANAGER_PROPERTY

protected static final String SECURITY_MANAGER_PROPERTY

Constructor Details

SecurityConfiguration

public SecurityConfiguration()
Default constructor.

SecurityConfiguration

public SecurityConfiguration(SymbolTable symbolTable)
Constructs a parser configuration using the specified symbol table.
Parameters:
symbolTable - The symbol table to use.

SecurityConfiguration

public SecurityConfiguration(SymbolTable symbolTable,
                             org.apache.xerces.xni.grammars.XMLGrammarPool grammarPool)
Constructs a parser configuration using the specified symbol table and grammar pool.

REVISIT: Grammar pool will be updated when the new validation engine is implemented.

Parameters:
symbolTable - The symbol table to use.
grammarPool - The grammar pool to use.

SecurityConfiguration

public SecurityConfiguration(SymbolTable symbolTable,
                             org.apache.xerces.xni.grammars.XMLGrammarPool grammarPool,
                             org.apache.xerces.xni.parser.XMLComponentManager parentSettings)
Constructs a parser configuration using the specified symbol table, grammar pool, and parent settings.

REVISIT: Grammar pool will be updated when the new validation engine is implemented.

Parameters:
symbolTable - The symbol table to use.
grammarPool - The grammar pool to use.
parentSettings - The parent settings.

Copyright B) 1999-2005 Apache XML Project. All Rights Reserved.