PhillyNJ
Reputation: 3903
javax.xml.transform Source with credentials
I am transforming some xml via a Java app. I load the xml with javax.xml.transform.Source
Source src = new StreamSource(getXml());
When the xml is parsed, it tries to load the DTD and some entities:
<!DOCTYPE dmodule SYSTEM "http://mysecureserver/System/DTD/dmodule/proced.dtd"[
<!NOTATION SWF SYSTEM "">
<!NOTATION PNG SYSTEM "">
<!ENTITY % catalog PUBLIC "-//MyCompany//ENTITIES//EN "http://mysecureserver/catalog.pen">
%catalog;
]>
I get a file IO error because I can not access the file "catalog.pen" with out credentials. Is there a way to pass the credentials to javax.xml.transform.Source?
Also, I can not change the DTD declaration as I don't "own" the xml. I can only read it.
Upvotes: 0
Views: 299
Answers (1)
erikxiv
Reputation: 4075
You could use a custom entity resolver to retrieve the files (either by using credentials or by using a cached version of the files). See Java, xml, XSLT: Prevent DTD-Validation for an example.
Upvotes: 2
Related Questions
- How to secure javax.xml.transform.TransformerFactory from XML external attacks
- Parse XML document securely
- How to parse XML tag by Javax.xml library
- Java check username and password for matching(from xml file)
- Work with raw text in javax.xml.transform.Transformer
- NoRouteToHostException when parsing a String XML document
- XML pipeline in Java
- access right to parse an XML in java
- Reading a remote xml file
- Parsing xml document in java