@Test @SuppressWarnings("unchecked") public void readXmlRootElementExternalEntityEnabled() throws Exception { Resource external = new ClassPathResource("external.txt", getClass()); String content = "<!DOCTYPE root [" + " <!ELEMENT external ANY >\n" + " <!ENTITY ext SYSTEM \"" + external.getURI() + "\" >]>" + " <list><rootElement><type s=\"1\"/><external>&ext;</external></rootElement></list>"; MockHttpInputMessage inputMessage = new MockHttpInputMessage(content.getBytes("UTF-8")); Jaxb2CollectionHttpMessageConverter<?> c = new Jaxb2CollectionHttpMessageConverter<Collection<Object>>() { @Override protected XMLInputFactory createXmlInputFactory() { XMLInputFactory inputFactory = XMLInputFactory.newInstance(); inputFactory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, true); return inputFactory; } }; Collection<RootElement> result = c.read(rootElementListType, null, inputMessage); assertEquals(1, result.size()); assertEquals("Foo Bar", result.iterator().next().external); }
@Test @SuppressWarnings("unchecked") public void readXmlRootElementExternalEntityDisabled() throws Exception { Resource external = new ClassPathResource("external.txt", getClass()); String content = "<!DOCTYPE root [" + " <!ELEMENT external ANY >\n" + " <!ENTITY ext SYSTEM \"" + external.getURI() + "\" >]>" + " <list><rootElement><type s=\"1\"/><external>&ext;</external></rootElement></list>"; MockHttpInputMessage inputMessage = new MockHttpInputMessage(content.getBytes("UTF-8")); converter = new Jaxb2CollectionHttpMessageConverter<Collection<Object>>() { @Override protected XMLInputFactory createXmlInputFactory() { XMLInputFactory inputFactory = super.createXmlInputFactory(); inputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, true); return inputFactory; } }; try { Collection<RootElement> result = converter.read(rootElementListType, null, inputMessage); assertEquals(1, result.size()); assertEquals("", result.iterator().next().external); } catch (HttpMessageNotReadableException ex) { // Some parsers raise an exception } }
@Before public void setup() { converter = new Jaxb2CollectionHttpMessageConverter<Collection<Object>>(); rootElementListType = new ParameterizedTypeReference<List<RootElement>>() {}.getType(); rootElementSetType = new ParameterizedTypeReference<Set<RootElement>>() {}.getType(); typeListType = new ParameterizedTypeReference<List<TestType>>() {}.getType(); typeSetType = new ParameterizedTypeReference<Set<TestType>>() {}.getType(); }