Java 如何在 XMLReaderFactory 中设置 FEATURE_SECURE_PROCESSING?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23237755/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to set FEATURE_SECURE_PROCESSING in XMLReaderFactory?
提问by Srikanth Sridhar
I am using Piccolo jar and creating XML reader using XMLReaderFactory. I need to set the secure processing feature and hence i did this way,
我正在使用 Piccolo jar 并使用 XMLReaderFactory 创建 XML 阅读器。我需要设置安全处理功能,因此我这样做了,
xmlReader = XMLReaderFactory.createXMLReader("com.bluecast.xml.Piccolo");
xmlReader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
xmlReader = XMLReaderFactory.createXMLReader("com.bluecast.xml.Piccolo");
xmlReader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
But this is throwing error
org.xml.sax.SAXNotRecognizedException: http://javax.xml.XMLConstants/feature/secure-processing
at com.bluecast.xml.Piccolo.setFeature(Piccolo.java:937)
但这是抛出错误
org.xml.sax.SAXNotRecognizedException: http://javax.xml.XMLConstants/feature/secure-processing
at com.bluecast.xml.Piccolo.setFeature(Piccolo.java:937)
I had an old xercesImpl.jar which has been replaced by xercesImpl-2.9.1.jar but still getting the same error. I googled and din't find any concrete solutions.
我有一个旧的 xercesImpl.jar,它已被 xercesImpl-2.9.1.jar 替换,但仍然出现相同的错误。我用谷歌搜索并没有找到任何具体的解决方案。
Please help, Any ideas are appreciable.
请帮助,任何想法都是可观的。
采纳答案by demongolem
So the constant XMLConstants.FEATURE_SECURE_PROCESSINGhas value http://javax.xml.XMLConstants/feature/secure-processing
所以常数XMLConstants.FEATURE_SECURE_PROCESSING有值http://javax.xml.XMLConstants/feature/secure-processing
According to the source code here(the latest is 1.04), a big if else block checks to see what if this value is one of the allowable features and if not throws this exception. And in fact, it is not one of the values judged to be legal and therefore the exception is thrown.
根据这里的源代码(最新的是 1.04),一个大的 if else 块检查这个值是否是允许的特性之一,如果不是则抛出这个异常。事实上,它不是被判断为合法的值之一,因此会抛出异常。
As per SaxParserFactory, we read
根据SaxParserFactory,我们阅读
All implementations are required to support the javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING feature.
所有实现都需要支持 javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING 特性。
Piccolo implements Parser though and not SaxParser. So all in all I would say Piccolo does not support that feature. Perhaps I would say use a different XMLReader which does support it.
Piccolo 实现了 Parser 而不是 SaxParser。所以总而言之,我会说 Piccolo 不支持该功能。也许我会说使用支持它的不同 XMLReader。
回答by eckes
Interesting enough Oracle JDKs internal Xerces version of XMLReaderFactory for SAX2 also does not offer this feature setter. I am not sure what, or what the recommended alternative is supposed to be. There is a workaround to that like this:
足够有趣的是,用于 SAX2 的 XMLReaderFactory 的 Oracle JDK 内部 Xerces 版本也不提供此功能设置器。我不确定什么,或者推荐的替代方案应该是什么。有一个解决方法是这样的:
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
XMLReader reader = spf.newSAXParser().getXMLReader();
Strange. Internally it maps to an security-manager(com.sun.org.apache.xerces.internal.utils.XMLSecurityManager) with different entity expansion limits. In addition it sets the new properties XMLConstants.ACCESS_EXTERNAL_DTDand XMLConstants.ACCESS_EXTERNAL_SCHEMAto ""(no external access).
奇怪的。在内部,它映射到具有不同实体扩展限制的安全管理器(com.sun.org.apache.xerces.internal.utils.XMLSecurityManager)。此外,它设置了新的属性XMLConstants.ACCESS_EXTERNAL_DTD,并XMLConstants.ACCESS_EXTERNAL_SCHEMA以""(外部访问)。
