Package com.sdl.delivery.security.xml

Class SecureXmlProcessingUtils

java.lang.Object
com.sdl.delivery.security.xml.SecureXmlProcessingUtils
public class SecureXmlProcessingUtils extends Object
This class provides bunch of methods to work securely with XML. Actually it is a mediator (no need to remember exact class to create).

  • Method Details

    • createDocumentBuilderFactory

      public static DocumentBuilderFactory createDocumentBuilderFactory(XmlRestriction... restrictions)
      This method creates a factory which is safe from XXE vulnerability/ See http://cwe.mitre.org/data/definitions/611.html for details.
      Returns:
      prepared and tuned DocumentBuilderFactory.

    • createTransformerFactory

      public static TransformerFactory createTransformerFactory(XmlRestriction... restrictions)
      Creates a transformer factory to use in XSLT.
      Parameters:
      restrictions - to allow that transformer working with given protocols.
      Returns:
      secured transformer factory

    • createSaxTransformerFactory

      public static SAXTransformerFactory createSaxTransformerFactory(XmlRestriction... restrictions)
      Creates a SAX transformer factory to use in XSLT.
      Parameters:
      restrictions - to allow that transformer working with given protocols.
      Returns:
      secured SAX transformer factory

    • createXmlInputFactory

      public static XMLInputFactory createXmlInputFactory(XmlRestriction... restrictions)
      Creates a XML input factory to use in XSLT Steam Reader.
      Parameters:
      restrictions - to allow that transformer working with given protocols.
      Returns:
      secured XML input factory

    • createTransformer

      public static Transformer createTransformer(String stylesheet, Optional<Map<String,Object>> transformParameters, XmlRestriction... restrictions) throws TransformerConfigurationException
      Creates a secured transformer for XSLT.
      Parameters:
      stylesheet - to make transformer to.
      transformParameters - stylesheet may have parameters, which are provided here.
      restrictions - to permit protocols for external resources.
      Returns:
      secured transformer
      Throws:
      TransformerConfigurationException - if could not create.

    • createTransformer

      public static Transformer createTransformer(XmlRestriction... restrictions) throws TransformerConfigurationException
      Creates a secured transformer for XSLT.
      Parameters:
      restrictions - to permit protocols for external resources.
      Returns:
      secured transformer
      Throws:
      TransformerConfigurationException - if could not create.

    • createValidator

      public static Validator createValidator(InputStream xsdStream, XmlRestriction... restrictions) throws SAXException
      Creates a XML validator to verify XMLs by provided schema.
      Parameters:
      xsdStream - XSD schema
      restrictions - array of restrictions for validity
      Returns:
      secured validator
      Throws:
      SAXException

    • createValidator

      public static Validator createValidator(String xsdContent, XmlRestriction... restrictions) throws SAXException
      Creates a XML validator to verify XMLs by provided schema.
      Parameters:
      xsdContent - XSD schema
      restrictions - array of restrictions for validity
      Returns:
      secured validator
      Throws:
      SAXException

    • xmlEquals

      public static XmlEqualsResult xmlEquals(String expectedXml, String actualXml) throws Exception
      Compares two given xml strings by transforming them to W3C document and back to strings.
      Parameters:
      expectedXml -
      actualXml -
      Returns:
      results of comparing
      Throws:
      Exception