/* | |
* Licensed to the Apache Software Foundation (ASF) under one | |
* or more contributor license agreements. See the NOTICE file | |
* distributed with this work for additional information | |
* regarding copyright ownership. The ASF licenses this file | |
* to you under the Apache License, Version 2.0 (the | |
* "License"); you may not use this file except in compliance | |
* with the License. You may obtain a copy of the License at | |
* | |
* http://www.apache.org/licenses/LICENSE-2.0 | |
* | |
* Unless required by applicable law or agreed to in writing, | |
* software distributed under the License is distributed on an | |
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
* KIND, either express or implied. See the License for the | |
* specific language governing permissions and limitations | |
* under the License. | |
*/ | |
package org.apache.axiom.util.stax.dialect; | |
import javax.xml.stream.XMLResolver; | |
import javax.xml.stream.XMLStreamException; | |
import org.apache.commons.logging.Log; | |
import org.apache.commons.logging.LogFactory; | |
/** | |
* This XMLResolver is used whenever a secure XMLStreamReader | |
* is needed. Basically it throws an exception if an attempt | |
* is made to read an entity. | |
*/ | |
final class SecureXMLResolver implements XMLResolver { | |
private static final Log log = LogFactory.getLog(SecureXMLResolver.class); | |
public Object resolveEntity(String publicID, String systemID, String baseURI, | |
String namespace) throws XMLStreamException { | |
// Do not expose the name of the entity that was attempted to be | |
// read as this will reveal secure information to the client. | |
if (log.isDebugEnabled()) { | |
log.debug("resolveEntity is disabled because this is a secure XMLStreamReader(" + | |
publicID + ") (" + systemID + ") (" + baseURI + ") (" + namespace + ")"); | |
} | |
throw new XMLStreamException("Reading external entities is disabled"); | |
} | |
} | |