SubhenduGN
Reputation: 21
How to extend com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl and write own DocumentBuilderFactoryI for Weblogic 12C
To prevent XXE attack, I am trying to override default DocumentBuilderFactoryImpl for weblogic 12c and use my own parser.
I am trying below code.
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.ParserConfigurationException;
import com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl;
public class CustomDocumentBuilderFactoryImpl extends DocumentBuilderFactoryImpl {
@Override
public DocumentBuilder newDocumentBuilder() throws ParserConfigurationException {
System.out.println("*************************************************************************************");
System.out.println("*************************************************************************************");
System.out.println("Adding Features to DocumentBuilder.....");
super.setFeature("http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false);
super.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
super.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
super.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
super.setFeature("http://apache.org/xml/features/dom/defer-node-expansion", false);
super.setXIncludeAware(false);
super.setExpandEntityReferences(false);
System.out.println("Returning DocumentBuilder.....");
System.out.println("*************************************************************************************");
System.out.println("*************************************************************************************");
return super.newDocumentBuilder();
}
@Override
public void setAttribute(String name, Object value) throws IllegalArgumentException {
// TODO Auto-generated method stub
}
@Override
public Object getAttribute(String name) throws IllegalArgumentException {
// TODO Auto-generated method stub
return null;
}
@Override
public void setFeature(String name, boolean value) throws ParserConfigurationException {
// TODO Auto-generated method stub
}
@Override
public boolean getFeature(String name) throws ParserConfigurationException {
// TODO Auto-generated method stub
return false;
}
}
but with no luck.
Can anyone help me with this? Is there any way of doing this?
*****EDIT******
I have tried Spring-Security config to prevent XXE.
<bean id="parserPool" class="org.opensaml.xml.parse.StaticBasicParserPool" scope="singleton"
init-method="initialize">
<property name="builderFeatures">
<map>
<entry key="http://apache.org/xml/features/dom/defer-node-expansion" value="false"/>
<entry key="http://javax.xml.XMLConstants/feature/secure-processing" value="true"/>
<entry key="http://apache.org/xml/features/disallow-doctype-decl" value="true"/>
<entry key="javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING" value="true"/>
</map>
</property>
<!-- <property name="builderFactory" ref="builderFactoryCustom"/>-->
<property name="namespaceAware" value="true"/>
<property name="expandEntityReferences" value="false"/>
</bean>
This code is working with Tomcat but not working with Weblogic.
Upvotes: 0
Views: 1928
Answers (0)
Related Questions
- .ClassCastException: org.apache.xerces.jaxp.DocumentBuilderFactoryImpl cannot be cast to javax.xml.parsers.DocumentBuilderFactory
- How to make generated classes contain Javadoc from XML Schema documentation
- java.lang.ClassCastException: org.apache.xerces.jaxp.DocumentBuilderFactoryImpl cannot be cast to javax.xml.parsers.DocumentBuilderFactory
- XJC Plugin customizations
- How to extend spring by configuring spring xml
- Extending third party existing JAXB class
- Override Spring jar in Weblogic 12c
- Creating XJC file , jaxb customization file
- Generate java classes from XSD using intellij (JAXB plugin) that extends existing class file
- org.apache.xerces.jaxp.DocumentBuilderFactoryImpl incompatible with javax.xml.parsers.DocumentBuilderFactory