Package de.hybris.platform.sap.core.common

Class DocumentBuilderFactoryUtil

java.lang.Object

de.hybris.platform.sap.core.common.DocumentBuilderFactoryUtil

public class DocumentBuilderFactoryUtil
extends Object

The class contains utility methods for the DocumentBuilderFactory.

Method Summary

Modifier and Type	Method	Description
protected static void	setSecurityFeature(DocumentBuilderFactory documentBuilderFactory, String feature, boolean enabled)	To set a security feature
protected static void	setSecurityFeature(XMLReader xmlReader, String feature, boolean enabled)	To set a security feature
static void	setSecurityFeatures(DocumentBuilderFactory documentBuilderFactory)	An XML parser should be configured securely so that it does not allow external entities as part of an incoming XML document.
static void	setSecurityFeatures(XMLReader xmlReader)	An XML parser should be configured securely so that it does not allow external entities as part of an incoming XML document.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

setSecurityFeatures

public static void setSecurityFeatures(DocumentBuilderFactory documentBuilderFactory)

An XML parser should be configured securely so that it does not allow external entities as part of an incoming XML document. To avoid XML External Entities attacks (XXE injections) the following properties should be set for an XML factory, parser or reader: Xerces 1 & Xerces 2: - "http://xml.org/sax/features/external-general-entities" - "http://xml.org/sax/features/external-parameter-entities" Xerces 2: - "http://apache.org/xml/features/disallow-doctype-decl" The method tries to set the feature for the given DocumentBuilderFactory instance. A log entry will be created if the feature could not be set.

Parameters:

documentBuilderFactory - The DocumentBuilderFactory instance for which the security features will be set.

setSecurityFeatures

public static void setSecurityFeatures(XMLReader xmlReader)

An XML parser should be configured securely so that it does not allow external entities as part of an incoming XML document. To avoid XML External Entities attacks (XXE injections) the following properties should be set for an XML factory, parser or reader: Xerces 1 & Xerces 2: - "http://xml.org/sax/features/external-general-entities" - "http://xml.org/sax/features/external-parameter-entities" Xerces 2: - "http://apache.org/xml/features/disallow-doctype-decl" The method tries to set the feature for the given DocumentBuilderFactory instance. A log entry will be created if the feature could not be set.

Parameters:

xmlReader - The XMLReader instance for which the security features will be set.

setSecurityFeature

protected static void setSecurityFeature(DocumentBuilderFactory documentBuilderFactory,
 String feature,
 boolean enabled)

To set a security feature

Parameters:

documentBuilderFactory -

feature -

value -

setSecurityFeature

protected static void setSecurityFeature(XMLReader xmlReader,
 String feature,
 boolean enabled)

To set a security feature

Parameters:

xmlReader -

feature -

enabled -