public RequestMappingHandlerAdapter() { StringHttpMessageConverter stringHttpMessageConverter = new StringHttpMessageConverter(); stringHttpMessageConverter.setWriteAcceptCharset(false); // see SPR-7316 this.messageConverters = new ArrayList<>(4); this.messageConverters.add(new ByteArrayHttpMessageConverter()); this.messageConverters.add(stringHttpMessageConverter); try { this.messageConverters.add(new SourceHttpMessageConverter<>()); } catch (Error err) { // Ignore when no TransformerFactory implementation is available } this.messageConverters.add(new AllEncompassingFormHttpMessageConverter()); }
@Test public void readDOMSourceExternal() throws Exception { MockHttpInputMessage inputMessage = new MockHttpInputMessage(bodyExternal.getBytes("UTF-8")); inputMessage.getHeaders().setContentType(new MediaType("application", "xml")); converter.setSupportDtd(true); DOMSource result = (DOMSource) converter.read(DOMSource.class, inputMessage); Document document = (Document) result.getNode(); assertEquals("Invalid result", "root", document.getDocumentElement().getLocalName()); assertNotEquals("Invalid result", "Foo Bar", document.getDocumentElement().getTextContent()); }
@Override @Nullable protected Long getContentLength(T t, @Nullable MediaType contentType) { if (t instanceof DOMSource) { try { CountingOutputStream os = new CountingOutputStream(); transform(t, new StreamResult(os)); return os.count; } catch (TransformerException ex) { // ignore } } return null; }
@Override @SuppressWarnings("unchecked") protected T readInternal(Class<? extends T> clazz, HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException { InputStream body = inputMessage.getBody(); if (DOMSource.class == clazz) { return (T) readDOMSource(body, inputMessage); } else if (SAXSource.class == clazz) { return (T) readSAXSource(body, inputMessage); } else if (StAXSource.class == clazz) { return (T) readStAXSource(body, inputMessage); } else if (StreamSource.class == clazz || Source.class == clazz) { return (T) readStreamSource(body); } else { throw new HttpMessageNotReadableException("Could not read class [" + clazz + "]. Only DOMSource, SAXSource, StAXSource, and StreamSource are supported.", inputMessage); } }
@SuppressWarnings("deprecation") // on JDK 9 private SAXSource readSAXSource(InputStream body, HttpInputMessage inputMessage) throws IOException { try { XMLReader xmlReader = org.xml.sax.helpers.XMLReaderFactory.createXMLReader(); xmlReader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", !isSupportDtd()); xmlReader.setFeature("http://xml.org/sax/features/external-general-entities", isProcessExternalEntities()); if (!isProcessExternalEntities()) { xmlReader.setEntityResolver(NO_OP_ENTITY_RESOLVER); } byte[] bytes = StreamUtils.copyToByteArray(body); return new SAXSource(xmlReader, new InputSource(new ByteArrayInputStream(bytes))); } catch (SAXException ex) { throw new HttpMessageNotReadableException( "Could not parse document: " + ex.getMessage(), ex, inputMessage); } }
/** * Indicates whether external XML entities are processed when converting to a Source. * <p>Default is {@code false}, meaning that external entities are not resolved. * <p><strong>Note:</strong> setting this option to {@code true} also * automatically sets {@link #setSupportDtd} to {@code true}. */ public void setProcessExternalEntities(boolean processExternalEntities) { this.processExternalEntities = processExternalEntities; if (processExternalEntities) { setSupportDtd(true); } }
@Override @SuppressWarnings("unchecked") protected T readFromSource(Class<? extends T> clazz, HttpHeaders headers, Source source) throws IOException { try { if (DOMSource.class.equals(clazz)) { DOMResult domResult = new DOMResult(); transform(source, domResult); return (T) new DOMSource(domResult.getNode()); } else if (SAXSource.class.equals(clazz)) { ByteArrayInputStream bis = transformToByteArrayInputStream(source); return (T) new SAXSource(new InputSource(bis)); } else if (StreamSource.class.equals(clazz) || Source.class.equals(clazz)) { ByteArrayInputStream bis = transformToByteArrayInputStream(source); return (T) new StreamSource(bis); } else { throw new HttpMessageConversionException("Could not read class [" + clazz + "]. Only DOMSource, SAXSource, and StreamSource are supported."); } } catch (TransformerException ex) { throw new HttpMessageNotReadableException("Could not transform from [" + source + "] to [" + clazz + "]", ex); } }
@Override @SuppressWarnings("unchecked") protected T readInternal(Class<? extends T> clazz, HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException { InputStream body = inputMessage.getBody(); if (DOMSource.class == clazz) { return (T) readDOMSource(body, inputMessage); } else if (SAXSource.class == clazz) { return (T) readSAXSource(body, inputMessage); } else if (StAXSource.class == clazz) { return (T) readStAXSource(body, inputMessage); } else if (StreamSource.class == clazz || Source.class == clazz) { return (T) readStreamSource(body); } else { throw new HttpMessageNotReadableException("Could not read class [" + clazz + "]. Only DOMSource, SAXSource, StAXSource, and StreamSource are supported.", inputMessage); } }
private Source readStAXSource(InputStream body, HttpInputMessage inputMessage) { try { XMLInputFactory inputFactory = XMLInputFactory.newInstance(); inputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, isSupportDtd()); inputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, isProcessExternalEntities()); if (!isProcessExternalEntities()) { inputFactory.setXMLResolver(NO_OP_XML_RESOLVER); } XMLStreamReader streamReader = inputFactory.createXMLStreamReader(body); return new StAXSource(streamReader); } catch (XMLStreamException ex) { throw new HttpMessageNotReadableException( "Could not parse document: " + ex.getMessage(), ex, inputMessage); } }
/** * Indicates whether external XML entities are processed when converting to a Source. * <p>Default is {@code false}, meaning that external entities are not resolved. * <p><strong>Note:</strong> setting this option to {@code true} also * automatically sets {@link #setSupportDtd} to {@code true}. */ public void setProcessExternalEntities(boolean processExternalEntities) { this.processExternalEntities = processExternalEntities; if (processExternalEntities) { setSupportDtd(true); } }
public ExceptionHandlerExceptionResolver() { StringHttpMessageConverter stringHttpMessageConverter = new StringHttpMessageConverter(); stringHttpMessageConverter.setWriteAcceptCharset(false); // see SPR-7316 this.messageConverters = new ArrayList<>(); this.messageConverters.add(new ByteArrayHttpMessageConverter()); this.messageConverters.add(stringHttpMessageConverter); try { this.messageConverters.add(new SourceHttpMessageConverter<>()); } catch (Error err) { // Ignore when no TransformerFactory implementation is available } this.messageConverters.add(new AllEncompassingFormHttpMessageConverter()); }
@Override @SuppressWarnings("unchecked") protected T readInternal(Class<? extends T> clazz, HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException { InputStream body = inputMessage.getBody(); if (DOMSource.class == clazz) { return (T) readDOMSource(body, inputMessage); } else if (SAXSource.class == clazz) { return (T) readSAXSource(body, inputMessage); } else if (StAXSource.class == clazz) { return (T) readStAXSource(body, inputMessage); } else if (StreamSource.class == clazz || Source.class == clazz) { return (T) readStreamSource(body); } else { throw new HttpMessageNotReadableException("Could not read class [" + clazz + "]. Only DOMSource, SAXSource, StAXSource, and StreamSource are supported.", inputMessage); } }
documentBuilderFactory.setNamespaceAware(true); documentBuilderFactory.setFeature( "http://apache.org/xml/features/disallow-doctype-decl", !isSupportDtd()); documentBuilderFactory.setFeature( "http://xml.org/sax/features/external-general-entities", isProcessExternalEntities()); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); if (!isProcessExternalEntities()) { documentBuilder.setEntityResolver(NO_OP_ENTITY_RESOLVER); if (!isSupportDtd()) { throw new HttpMessageNotReadableException("NPE while unmarshalling: This can happen " + "due to the presence of DTD declarations which are disabled.", ex, inputMessage);
@Override protected void writeInternal(T t, HttpOutputMessage outputMessage) throws IOException, HttpMessageNotWritableException { try { Result result = new StreamResult(outputMessage.getBody()); transform(t, result); } catch (TransformerException ex) { throw new HttpMessageNotWritableException("Could not transform [" + t + "] to output message", ex); } }
@Test public void readSAXSourceExternal() throws Exception { MockHttpInputMessage inputMessage = new MockHttpInputMessage(bodyExternal.getBytes("UTF-8")); inputMessage.getHeaders().setContentType(new MediaType("application", "xml")); converter.setSupportDtd(true); SAXSource result = (SAXSource) converter.read(SAXSource.class, inputMessage); InputSource inputSource = result.getInputSource(); XMLReader reader = result.getXMLReader(); reader.setContentHandler(new DefaultHandler() { @Override public void characters(char[] ch, int start, int length) { String s = new String(ch, start, length); assertNotEquals("Invalid result", "Foo Bar", s); } }); reader.parse(inputSource); }
/** * Indicates whether external XML entities are processed when converting to a Source. * <p>Default is {@code false}, meaning that external entities are not resolved. * <p><strong>Note:</strong> setting this option to {@code true} also * automatically sets {@link #setSupportDtd} to {@code true}. */ public void setProcessExternalEntities(boolean processExternalEntities) { this.processExternalEntities = processExternalEntities; if (processExternalEntities) { setSupportDtd(true); } }
public RequestMappingHandlerAdapter() { StringHttpMessageConverter stringHttpMessageConverter = new StringHttpMessageConverter(); stringHttpMessageConverter.setWriteAcceptCharset(false); // see SPR-7316 this.messageConverters = new ArrayList<>(4); this.messageConverters.add(new ByteArrayHttpMessageConverter()); this.messageConverters.add(stringHttpMessageConverter); try { this.messageConverters.add(new SourceHttpMessageConverter<>()); } catch (Error err) { // Ignore when no TransformerFactory implementation is available } this.messageConverters.add(new AllEncompassingFormHttpMessageConverter()); }
@Override @SuppressWarnings("unchecked") protected T readInternal(Class<? extends T> clazz, HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException { InputStream body = inputMessage.getBody(); if (DOMSource.class == clazz) { return (T) readDOMSource(body); } else if (SAXSource.class == clazz) { return (T) readSAXSource(body); } else if (StAXSource.class == clazz) { return (T) readStAXSource(body); } else if (StreamSource.class == clazz || Source.class == clazz) { return (T) readStreamSource(body); } else { throw new HttpMessageNotReadableException("Could not read class [" + clazz + "]. Only DOMSource, SAXSource, StAXSource, and StreamSource are supported."); } }
@SuppressWarnings("deprecation") // on JDK 9 private SAXSource readSAXSource(InputStream body, HttpInputMessage inputMessage) throws IOException { try { XMLReader xmlReader = org.xml.sax.helpers.XMLReaderFactory.createXMLReader(); xmlReader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", !isSupportDtd()); xmlReader.setFeature("http://xml.org/sax/features/external-general-entities", isProcessExternalEntities()); if (!isProcessExternalEntities()) { xmlReader.setEntityResolver(NO_OP_ENTITY_RESOLVER); } byte[] bytes = StreamUtils.copyToByteArray(body); return new SAXSource(xmlReader, new InputSource(new ByteArrayInputStream(bytes))); } catch (SAXException ex) { throw new HttpMessageNotReadableException( "Could not parse document: " + ex.getMessage(), ex, inputMessage); } }
@Override @Nullable protected Long getContentLength(T t, @Nullable MediaType contentType) { if (t instanceof DOMSource) { try { CountingOutputStream os = new CountingOutputStream(); transform(t, new StreamResult(os)); return os.count; } catch (TransformerException ex) { // ignore } } return null; }