001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017:
018: package org.apache.xerces.parsers;
019:
020: import org.apache.xerces.impl.Constants;
021: import org.apache.xerces.xni.grammars.XMLGrammarPool;
022: import org.apache.xerces.xni.parser.XMLComponentManager;
023: import org.apache.xerces.util.SecurityManager;
024: import org.apache.xerces.util.SymbolTable;
025:
026: /**
027: * This configuration allows Xerces to behave in a security-conscious manner; that is,
028: * it permits applications to instruct Xerces to limit certain
029: * operations that could be exploited by malicious document authors to cause a denail-of-service
030: * attack when the document is parsed.
031: *
032: * In addition to the features and properties recognized by the base
033: * parser configuration, this class recognizes these additional
034: * features and properties:
035: * <ul>
036: * <li>Properties
037: * <ul>
038: * <li>http://apache.org/xml/properties/security-manager</li>
039: * </ul>
040: * </ul>
041: *
042: * @author Neil Graham, IBM
043: *
044: * @version $Id: SecurityConfiguration.java 447239 2006-09-18 05:08:26Z mrglavas $
045: */
046: public class SecurityConfiguration extends
047: XIncludeAwareParserConfiguration {
048:
049: //
050: // Constants
051: //
052:
053: protected static final String SECURITY_MANAGER_PROPERTY = Constants.XERCES_PROPERTY_PREFIX
054: + Constants.SECURITY_MANAGER_PROPERTY;
055:
056: //
057: // Constructors
058: //
059:
060: /** Default constructor. */
061: public SecurityConfiguration() {
062: this (null, null, null);
063: } // <init>()
064:
065: /**
066: * Constructs a parser configuration using the specified symbol table.
067: *
068: * @param symbolTable The symbol table to use.
069: */
070: public SecurityConfiguration(SymbolTable symbolTable) {
071: this (symbolTable, null, null);
072: } // <init>(SymbolTable)
073:
074: /**
075: * Constructs a parser configuration using the specified symbol table and
076: * grammar pool.
077: * <p>
078: * <strong>REVISIT:</strong>
079: * Grammar pool will be updated when the new validation engine is
080: * implemented.
081: *
082: * @param symbolTable The symbol table to use.
083: * @param grammarPool The grammar pool to use.
084: */
085: public SecurityConfiguration(SymbolTable symbolTable,
086: XMLGrammarPool grammarPool) {
087: this (symbolTable, grammarPool, null);
088: } // <init>(SymbolTable,XMLGrammarPool)
089:
090: /**
091: * Constructs a parser configuration using the specified symbol table,
092: * grammar pool, and parent settings.
093: * <p>
094: * <strong>REVISIT:</strong>
095: * Grammar pool will be updated when the new validation engine is
096: * implemented.
097: *
098: * @param symbolTable The symbol table to use.
099: * @param grammarPool The grammar pool to use.
100: * @param parentSettings The parent settings.
101: */
102: public SecurityConfiguration(SymbolTable symbolTable,
103: XMLGrammarPool grammarPool,
104: XMLComponentManager parentSettings) {
105: super (symbolTable, grammarPool, parentSettings);
106:
107: // create the SecurityManager property:
108: setProperty(SECURITY_MANAGER_PROPERTY, new SecurityManager());
109: } // <init>(SymbolTable,XMLGrammarPool)
110:
111: } // class SecurityConfiguration
|