1. /*
  2. * The Apache Software License, Version 1.1
  3. *
  4. *
  5. * Copyright (c) 2001-2004 The Apache Software Foundation.
  6. * All rights reserved.
  7. *
  8. * Redistribution and use in source and binary forms, with or without
  9. * modification, are permitted provided that the following conditions
  10. * are met:
  11. *
  12. * 1. Redistributions of source code must retain the above copyright
  13. * notice, this list of conditions and the following disclaimer.
  14. *
  15. * 2. Redistributions in binary form must reproduce the above copyright
  16. * notice, this list of conditions and the following disclaimer in
  17. * the documentation and/or other materials provided with the
  18. * distribution.
  19. *
  20. * 3. The end-user documentation included with the redistribution,
  21. * if any, must include the following acknowledgment:
  22. * "This product includes software developed by the
  23. * Apache Software Foundation (http://www.apache.org/)."
  24. * Alternately, this acknowledgment may appear in the software itself,
  25. * if and wherever such third-party acknowledgments normally appear.
  26. *
  27. * 4. The names "Xerces" and "Apache Software Foundation" must
  28. * not be used to endorse or promote products derived from this
  29. * software without prior written permission. For written
  30. * permission, please contact apache@apache.org.
  31. *
  32. * 5. Products derived from this software may not be called "Apache",
  33. * nor may "Apache" appear in their name, without prior written
  34. * permission of the Apache Software Foundation.
  35. *
  36. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
  37. * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  38. * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  39. * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
  40. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  41. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  42. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
  43. * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  44. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  45. * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
  46. * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  47. * SUCH DAMAGE.
  48. * ====================================================================
  49. *
  50. * This software consists of voluntary contributions made by many
  51. * individuals on behalf of the Apache Software Foundation and was
  52. * originally based on software copyright (c) 2002, International
  53. * Business Machines, Inc., http://www.apache.org. For more
  54. * information on the Apache Software Foundation, please see
  55. * <http://www.apache.org/>.
  56. */
  57. package com.sun.org.apache.xerces.internal.parsers;
  58. import com.sun.org.apache.xerces.internal.impl.Constants;
  59. import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
  60. import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
  61. import com.sun.org.apache.xerces.internal.util.SymbolTable;
  62. import com.sun.org.apache.xerces.internal.util.SecurityManager;
  63. /**
  64. * This configuration allows Xerces to behave in a security-conscious manner; that is,
  65. * it permits applications to instruct Xerces to limit certain
  66. * operations that could be exploited by malicious document authors to cause a denail-of-service
  67. * attack when the document is parsed.
  68. *
  69. * In addition to the features and properties recognized by the base
  70. * parser configuration, this class recognizes these additional
  71. * features and properties:
  72. * <ul>
  73. * <li>Properties
  74. * <ul>
  75. * <li>http://apache.org/xml/properties/security-manager</li>
  76. * </ul>
  77. * </ul>
  78. *
  79. * @author Neil Graham, IBM
  80. * @author Gopal Sharma, Sun Microsystems Inc.
  81. *
  82. * @version $Id: SecurityConfiguration.java,v 1.4 2004/02/16 19:28:30 mrglavas Exp $
  83. */
  84. public class SecurityConfiguration extends XML11Configuration
  85. {
  86. //
  87. // Constants
  88. //
  89. protected static final String SECURITY_MANAGER_PROPERTY =
  90. Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
  91. //
  92. // Constructors
  93. //
  94. /** Default constructor. */
  95. public SecurityConfiguration () {
  96. this(null, null, null);
  97. } // <init>()
  98. /**
  99. * Constructs a parser configuration using the specified symbol table.
  100. *
  101. * @param symbolTable The symbol table to use.
  102. */
  103. public SecurityConfiguration (SymbolTable symbolTable) {
  104. this(symbolTable, null, null);
  105. } // <init>(SymbolTable)
  106. /**
  107. * Constructs a parser configuration using the specified symbol table and
  108. * grammar pool.
  109. * <p>
  110. * <strong>REVISIT:</strong>
  111. * Grammar pool will be updated when the new validation engine is
  112. * implemented.
  113. *
  114. * @param symbolTable The symbol table to use.
  115. * @param grammarPool The grammar pool to use.
  116. */
  117. public SecurityConfiguration (SymbolTable symbolTable,
  118. XMLGrammarPool grammarPool) {
  119. this(symbolTable, grammarPool, null);
  120. } // <init>(SymbolTable,XMLGrammarPool)
  121. /**
  122. * Constructs a parser configuration using the specified symbol table,
  123. * grammar pool, and parent settings.
  124. * <p>
  125. * <strong>REVISIT:</strong>
  126. * Grammar pool will be updated when the new validation engine is
  127. * implemented.
  128. *
  129. * @param symbolTable The symbol table to use.
  130. * @param grammarPool The grammar pool to use.
  131. * @param parentSettings The parent settings.
  132. */
  133. public SecurityConfiguration (SymbolTable symbolTable,
  134. XMLGrammarPool grammarPool,
  135. XMLComponentManager parentSettings) {
  136. super(symbolTable, grammarPool, parentSettings);
  137. // create the SecurityManager property:
  138. setProperty(SECURITY_MANAGER_PROPERTY, new SecurityManager());
  139. } // <init>(SymbolTable,XMLGrammarPool)
  140. } // class SecurityConfiguration