@SuppressWarnings("unchecked") protected T processWithSecureProcessing(Unmarshaller unmarshaller, InputStream entityStream, String charset) throws JAXBException { unmarshaller = new SecureUnmarshaller(unmarshaller, disableExternalEntities, enableSecureProcessingFeature, disableDTDs); if (charset == null) { InputSource is = new InputSource(entityStream); is.setEncoding(StandardCharsets.UTF_8.name()); return (T) unmarshaller.unmarshal(is); } else { return (T) unmarshaller.unmarshal(entityStream); } } }
public SAXParser getParser(boolean disableExternalEntities, boolean enableSecureProcessingFeature, boolean disableDTDs) throws ParserConfigurationException, SAXException { int index = (disableExternalEntities ? 1 : 0) | (enableSecureProcessingFeature ? 1 << 1 : 0) | (disableDTDs ? 1 << 2 : 0); SAXParserFactory f = factories[index]; if (f == null) { f = SAXParserFactory.newInstance(); configureParserFactory(f, disableExternalEntities, enableSecureProcessingFeature, disableDTDs); factories[index] = f; } SAXParser sp = f.newSAXParser(); configParser(sp, disableExternalEntities); return sp; } }
/** * Turns off expansion of external entities. */ public Object unmarshal(InputStream is) throws JAXBException { return unmarshal(new InputSource(is)); }
unmarshaller = new SecureUnmarshaller(unmarshaller, isDisableExternalEntities(), isEnableSecureProcessingFeature(), isDisableDTDs()); obj = unmarshaller.unmarshal(source);
unmarshaller = new SecureUnmarshaller(unmarshaller, isDisableExternalEntities(), isEnableSecureProcessingFeature(), isDisableDTDs()); SAXSource source = null; if (getCharset(mediaType) == null)
unmarshaller = new SecureUnmarshaller(unmarshaller, disableExternalEntities, enableSecureProcessingFeature, disableDTDs); ele = unmarshaller.unmarshal(source, JaxbMap.class);
unmarshaller = new SecureUnmarshaller(unmarshaller, disableExternalEntities, enableSecureProcessingFeature, disableDTDs); ele = unmarshaller.unmarshal(source, JaxbCollection.class);