|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.solr.util.EmptyEntityResolver
public final class EmptyEntityResolver
This class provides several singletons of entity resolvers used by SAX and StAX in the Java API. This is needed to make secure XML parsers, that don't resolve external entities from untrusted sources.
This class also provides static methods to configure SAX and StAX parsers to be safe.
Parsers will get an empty, closed stream for every external entity, so they will not fail while parsing (unless the external entity is needed for processing!).
Field Summary | |
---|---|
static EntityResolver |
SAX_INSTANCE
|
static XMLResolver |
STAX_INSTANCE
|
Method Summary | |
---|---|
static void |
configureSAXParserFactory(SAXParserFactory saxFactory)
Configures the given SAXParserFactory to do secure XML processing of untrusted sources. |
static void |
configureXMLInputFactory(XMLInputFactory inputFactory)
Configures the given XMLInputFactory to not parse external entities. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final EntityResolver SAX_INSTANCE
public static final XMLResolver STAX_INSTANCE
Method Detail |
---|
public static void configureSAXParserFactory(SAXParserFactory saxFactory)
SAXParserFactory
to do secure XML processing of untrusted sources.
It is required to also set SAX_INSTANCE
on the created XMLReader
.
SAX_INSTANCE
public static void configureXMLInputFactory(XMLInputFactory inputFactory)
XMLInputFactory
to not parse external entities.
No further configuration on is needed, all required entity resolvers are configured.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |