/** * Indicates whether external XML entities are processed when unmarshalling. * <p>Default is {@code false}, meaning that external entities are not resolved. * Note that processing of external entities will only be enabled/disabled when the * {@code Source} passed to {@link #unmarshal(Source)} is a {@link SAXSource} or * {@link StreamSource}. It has no effect for {@link DOMSource} or {@link StAXSource} * instances. * <p><strong>Note:</strong> setting this option to {@code true} also * automatically sets {@link #setSupportDtd} to {@code true}. */ public void setProcessExternalEntities(boolean processExternalEntities) { this.processExternalEntities = processExternalEntities; if (processExternalEntities) { setSupportDtd(true); } }
@Test // SPR-10806 public void unmarshalSaxSourceWithXmlOptions() throws Exception { final javax.xml.bind.Unmarshaller unmarshaller = mock(javax.xml.bind.Unmarshaller.class); Jaxb2Marshaller marshaller = new Jaxb2Marshaller() { @Override protected javax.xml.bind.Unmarshaller createUnmarshaller() { return unmarshaller; } }; // 1. external-general-entities and dtd support disabled (default) marshaller.unmarshal(new SAXSource(new InputSource("1"))); ArgumentCaptor<SAXSource> sourceCaptor = ArgumentCaptor.forClass(SAXSource.class); verify(unmarshaller).unmarshal(sourceCaptor.capture()); SAXSource result = sourceCaptor.getValue(); assertEquals(true, result.getXMLReader().getFeature("http://apache.org/xml/features/disallow-doctype-decl")); assertEquals(false, result.getXMLReader().getFeature("http://xml.org/sax/features/external-general-entities")); // 2. external-general-entities and dtd support enabled reset(unmarshaller); marshaller.setProcessExternalEntities(true); marshaller.setSupportDtd(true); marshaller.unmarshal(new SAXSource(new InputSource("1"))); verify(unmarshaller).unmarshal(sourceCaptor.capture()); result = sourceCaptor.getValue(); assertEquals(false, result.getXMLReader().getFeature("http://apache.org/xml/features/disallow-doctype-decl")); assertEquals(true, result.getXMLReader().getFeature("http://xml.org/sax/features/external-general-entities")); }
@Test // SPR-10806 public void unmarshalStreamSourceWithXmlOptions() throws Exception { final javax.xml.bind.Unmarshaller unmarshaller = mock(javax.xml.bind.Unmarshaller.class); Jaxb2Marshaller marshaller = new Jaxb2Marshaller() { @Override protected javax.xml.bind.Unmarshaller createUnmarshaller() { return unmarshaller; } }; // 1. external-general-entities and dtd support disabled (default) marshaller.unmarshal(new StreamSource("1")); ArgumentCaptor<SAXSource> sourceCaptor = ArgumentCaptor.forClass(SAXSource.class); verify(unmarshaller).unmarshal(sourceCaptor.capture()); SAXSource result = sourceCaptor.getValue(); assertEquals(true, result.getXMLReader().getFeature("http://apache.org/xml/features/disallow-doctype-decl")); assertEquals(false, result.getXMLReader().getFeature("http://xml.org/sax/features/external-general-entities")); // 2. external-general-entities and dtd support enabled reset(unmarshaller); marshaller.setProcessExternalEntities(true); marshaller.setSupportDtd(true); marshaller.unmarshal(new StreamSource("1")); verify(unmarshaller).unmarshal(sourceCaptor.capture()); result = sourceCaptor.getValue(); assertEquals(false, result.getXMLReader().getFeature("http://apache.org/xml/features/disallow-doctype-decl")); assertEquals(true, result.getXMLReader().getFeature("http://xml.org/sax/features/external-general-entities")); }
/** * Indicates whether external XML entities are processed when unmarshalling. * <p>Default is {@code false}, meaning that external entities are not resolved. * Note that processing of external entities will only be enabled/disabled when the * {@code Source} passed to {@link #unmarshal(Source)} is a {@link SAXSource} or * {@link StreamSource}. It has no effect for {@link DOMSource} or {@link StAXSource} * instances. * <p><strong>Note:</strong> setting this option to {@code true} also * automatically sets {@link #setSupportDtd} to {@code true}. */ public void setProcessExternalEntities(boolean processExternalEntities) { this.processExternalEntities = processExternalEntities; if (processExternalEntities) { setSupportDtd(true); } }