Example usage for javax.xml.stream XMLInputFactory IS_SUPPORTING_EXTERNAL_ENTITIES

List of usage examples for javax.xml.stream XMLInputFactory IS_SUPPORTING_EXTERNAL_ENTITIES

  1. HOME
  2. Java
  3. javax
  4. javax.xml.stream.*
  5. XMLInputFactory
  6. IS_SUPPORTING_EXTERNAL_ENTITIES

Introduction

In this page you can find the example usage for javax.xml.stream XMLInputFactory IS_SUPPORTING_EXTERNAL_ENTITIES.

Prototype

String IS_SUPPORTING_EXTERNAL_ENTITIES

To view the source code for javax.xml.stream XMLInputFactory IS_SUPPORTING_EXTERNAL_ENTITIES.

Click Source Link

Document

The property that requires the parser to resolve external parsed entities

Usage

From source file:Main.java

public static void main(String[] args) throws Exception {
    String filename = "yourXML.xml";

    XMLInputFactory xmlif = null;

    xmlif = XMLInputFactory.newInstance();
    xmlif.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.TRUE);
    xmlif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
    xmlif.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, Boolean.TRUE);
    xmlif.setProperty(XMLInputFactory.IS_COALESCING, Boolean.TRUE);

    System.out.println("FACTORY: " + xmlif);
    System.out.println("filename = " + filename);

    FileInputStream fis = new FileInputStream(filename);

    XMLStreamReader xmlr = xmlif.createFilteredReader(xmlif.createXMLStreamReader(fis), new MyFilter());

    int eventType = xmlr.getEventType();
    printEventType(eventType);//ww  w. j a va2 s .co m

    while (xmlr.hasNext()) {
        eventType = xmlr.next();
        printEventType(eventType);
        printName(xmlr, eventType);
        printText(xmlr);

        if (xmlr.isStartElement()) {
            printAttributes(xmlr);
        }
        printPIData(xmlr);
    }
}

From source file:Main.java

public static void main(String[] args) throws Exception {
    String filename = "yourXML.xml";

    XMLInputFactory xmlif = null;

    xmlif = XMLInputFactory.newInstance();
    xmlif.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.TRUE);
    xmlif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
    xmlif.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, Boolean.TRUE);
    xmlif.setProperty(XMLInputFactory.IS_COALESCING, Boolean.TRUE);

    System.out.println("FACTORY: " + xmlif);
    System.out.println("filename = " + filename);

    FileInputStream fis = new FileInputStream(filename);

    XMLStreamReader xmlr = xmlif.createFilteredReader(xmlif.createXMLStreamReader(fis), new Main());

    int eventType = xmlr.getEventType();
    printEventType(eventType);//from w w  w.j a v a 2 s  .com

    while (xmlr.hasNext()) {
        eventType = xmlr.next();
        printEventType(eventType);
        printName(xmlr, eventType);
        printText(xmlr);

        if (xmlr.isStartElement()) {
            printAttributes(xmlr);
        }
        printPIData(xmlr);
    }
}

From source file:StaxCursorTest.java

public static void main(String[] args) throws Exception {

    String filename = "yourXML.xml";

    XMLInputFactory xmlif = null;

    xmlif = XMLInputFactory.newInstance();
    xmlif.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.TRUE);
    xmlif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
    xmlif.setProperty(XMLInputFactory.IS_COALESCING, Boolean.FALSE);

    try {//w  ww  .  j a va  2  s.  c o m
        XMLStreamReader xmlr = xmlif.createXMLStreamReader(filename, new FileInputStream(filename));
        int eventType = xmlr.getEventType();
        printStartDocument(xmlr);
        while (xmlr.hasNext()) {
            eventType = xmlr.next();
            printStartElement(xmlr);
            printEndElement(xmlr);
            printText(xmlr);
            printPIData(xmlr);
            printComment(xmlr);
        }
    } catch (XMLStreamException ex) {
        System.out.println(ex.getMessage());
        if (ex.getNestedException() != null) {
            ex.getNestedException().printStackTrace();
        }
    }
}

From source file:MyStreamFilter.java

public static void main(String[] args) throws Exception {
    String filename = "yourXML.xml";

    XMLInputFactory xmlif = null;

    xmlif = XMLInputFactory.newInstance();
    xmlif.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.TRUE);
    xmlif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
    xmlif.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, Boolean.TRUE);
    xmlif.setProperty(XMLInputFactory.IS_COALESCING, Boolean.TRUE);

    System.out.println("FACTORY: " + xmlif);
    System.out.println("filename = " + filename);

    FileInputStream fis = new FileInputStream(filename);

    XMLStreamReader xmlr = xmlif.createFilteredReader(xmlif.createXMLStreamReader(fis), new MyStreamFilter());

    int eventType = xmlr.getEventType();
    printEventType(eventType);/* w  w  w . j  a  v  a  2  s  .c  o m*/

    while (xmlr.hasNext()) {
        eventType = xmlr.next();
        printEventType(eventType);
        printName(xmlr, eventType);
        printText(xmlr);

        if (xmlr.isStartElement()) {
            printAttributes(xmlr);
        }
        printPIData(xmlr);
    }
}

From source file:Main.java

protected static synchronized void initializeXMLInputFactory() {
    if (xmlInputFactory == null) {
        xmlInputFactory = XMLInputFactory.newInstance();
        xmlInputFactory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.FALSE);
        xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
        xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, Boolean.FALSE); // This disables DTDs entirely for that factory
        xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, Boolean.FALSE);
    }/*from  ww w.  j a v a 2 s  .  c o  m*/
}

From source file:Main.java

/**
 * 'safe' is here reflecting://from  w  ww  . j av a 2 s .  co m
 * http://www.jorambarrez.be/blog/2013/02/19/uploading
 * -a-funny-xml-can-bring-down-your-server/ and
 * http://activiti.org/userguide/index.html#advanced.safe.bpmn.xml
 */
public static XMLInputFactory createSafeXmlInputFactory() {
    XMLInputFactory xif = XMLInputFactory.newInstance();
    if (xif.isPropertySupported(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES)) {
        xif.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, false);
    }

    if (xif.isPropertySupported(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES)) {
        xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
    }

    if (xif.isPropertySupported(XMLInputFactory.SUPPORT_DTD)) {
        xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
    }
    return xif;
}

From source file:Main.java

/**
 * Converts the XML file specified into the specified POJO type
 * @param <T> the object type of the POJO
 * @param xmlfile the XML file to convert
 * @param classOfT the class of the POJO
 * @return the POJO object if conversion was successful
 * @throws JAXBException//from  www.j  a  va  2 s.  com
 * @throws XMLStreamException
 * @throws FileNotFoundException 
 */
public static <T> T convertToPojo(File xmlfile, Class<T> classOfT)
        throws JAXBException, XMLStreamException, FileNotFoundException {
    JAXBContext jaxbContext = JAXBContext.newInstance(classOfT);
    Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller();

    XMLInputFactory xif = XMLInputFactory.newFactory();
    // settings to prevent xxe // would be funny if this tool is itsef is vulnerable to xxe :D
    xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
    xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);

    XMLStreamReader xsr = xif.createXMLStreamReader(new FileReader(xmlfile));
    T t = (T) jaxbUnmarshaller.unmarshal(xsr);//(xmlfile);

    return t;
}

From source file:Main.java

private static XMLEventReader getXMLEventReader(String filename) throws Exception {
    XMLInputFactory xmlif = null;
    XMLEventReader xmlr = null;/*from  w w w  .j a v a2 s . com*/
    xmlif = XMLInputFactory.newInstance();
    xmlif.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.TRUE);
    xmlif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
    xmlif.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, Boolean.TRUE);
    xmlif.setProperty(XMLInputFactory.IS_COALESCING, Boolean.TRUE);

    FileInputStream fis = new FileInputStream(filename);
    xmlr = xmlif.createXMLEventReader(filename, fis);

    return xmlr;
}

From source file:Main.java

public static XMLStreamReader createSafeReader(StreamSource source) throws XMLStreamException {
    if (source == null) {
        throw new IllegalArgumentException("The provided source cannot be null");
    }//from w  w  w.j  ava2  s. co  m

    XMLInputFactory xif = XMLInputFactory.newFactory();
    xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
    xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
    return xif.createXMLStreamReader(source);
}

From source file:com.autonomy.aci.client.services.impl.AbstractStAXProcessorTest.java

@After
public void tearDown() {
    System.clearProperty(XMLInputFactory.IS_NAMESPACE_AWARE);
    System.clearProperty(XMLInputFactory.IS_VALIDATING);
    System.clearProperty(XMLInputFactory.IS_COALESCING);
    System.clearProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES);
    System.clearProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES);
    System.clearProperty(XMLInputFactory.SUPPORT_DTD);
}