Search in sources :

Example 11 with PrivilegedGetTccl

use of org.apache.tomcat.util.security.PrivilegedGetTccl in project tomcat by apache.

the class JspDocumentParser method getSAXParser.

/*
     * Gets SAXParser.
     *
     * @param validating Indicates whether the requested SAXParser should
     * be validating
     * @param jspDocParser The JSP document parser
     *
     * @return The SAXParser
     */
private static SAXParser getSAXParser(boolean validating, JspDocumentParser jspDocParser) throws Exception {
    ClassLoader original;
    if (Constants.IS_SECURITY_ENABLED) {
        PrivilegedGetTccl pa = new PrivilegedGetTccl();
        original = AccessController.doPrivileged(pa);
    } else {
        original = Thread.currentThread().getContextClassLoader();
    }
    try {
        if (Constants.IS_SECURITY_ENABLED) {
            PrivilegedSetTccl pa = new PrivilegedSetTccl(JspDocumentParser.class.getClassLoader());
            AccessController.doPrivileged(pa);
        } else {
            Thread.currentThread().setContextClassLoader(JspDocumentParser.class.getClassLoader());
        }
        SAXParserFactory factory = SAXParserFactory.newInstance();
        factory.setNamespaceAware(true);
        // Preserve xmlns attributes
        factory.setFeature("http://xml.org/sax/features/namespace-prefixes", true);
        factory.setValidating(validating);
        if (validating) {
            // Enable DTD validation
            factory.setFeature("http://xml.org/sax/features/validation", true);
            // Enable schema validation
            factory.setFeature("http://apache.org/xml/features/validation/schema", true);
        }
        // Configure the parser
        SAXParser saxParser = factory.newSAXParser();
        XMLReader xmlReader = saxParser.getXMLReader();
        xmlReader.setProperty(LEXICAL_HANDLER_PROPERTY, jspDocParser);
        xmlReader.setErrorHandler(jspDocParser);
        return saxParser;
    } finally {
        if (Constants.IS_SECURITY_ENABLED) {
            PrivilegedSetTccl pa = new PrivilegedSetTccl(original);
            AccessController.doPrivileged(pa);
        } else {
            Thread.currentThread().setContextClassLoader(original);
        }
    }
}
Also used : PrivilegedGetTccl(org.apache.tomcat.util.security.PrivilegedGetTccl) SAXParser(javax.xml.parsers.SAXParser) XMLReader(org.xml.sax.XMLReader) PrivilegedSetTccl(org.apache.tomcat.util.security.PrivilegedSetTccl) SAXParserFactory(javax.xml.parsers.SAXParserFactory)

Aggregations

PrivilegedGetTccl (org.apache.tomcat.util.security.PrivilegedGetTccl)11 PrivilegedSetTccl (org.apache.tomcat.util.security.PrivilegedSetTccl)11 InputSource (org.xml.sax.InputSource)6 ByteArrayInputStream (java.io.ByteArrayInputStream)5 ByteArrayOutputStream (java.io.ByteArrayOutputStream)5 OutputStreamWriter (java.io.OutputStreamWriter)5 StringReader (java.io.StringReader)5 Source (javax.xml.transform.Source)5 Transformer (javax.xml.transform.Transformer)5 TransformerFactory (javax.xml.transform.TransformerFactory)5 DOMSource (javax.xml.transform.dom.DOMSource)5 StreamResult (javax.xml.transform.stream.StreamResult)5 StreamSource (javax.xml.transform.stream.StreamSource)5 ServletException (javax.servlet.ServletException)4 TransformerException (javax.xml.transform.TransformerException)4 IOException (java.io.IOException)3 WebResource (org.apache.catalina.WebResource)3 SAXException (org.xml.sax.SAXException)3 NameClassPair (javax.naming.NameClassPair)2 NamingException (javax.naming.NamingException)2