Package com.sdl.delivery.security.xml.processor

Class SecureTransformerFactoryProcessor

java.lang.Object

com.sdl.delivery.security.xml.processor.SecureTransformerFactoryProcessor

public class SecureTransformerFactoryProcessor
extends Object

Provides secured TransformerFactory for eliminating XXE. XmlRestriction array allows some external resources to be used in XSLT.

Constructor Summary

Constructors

Constructor	Description
SecureTransformerFactoryProcessor()

Method Summary

Modifier and Type	Method	Description
SAXTransformerFactory	createSaxTransformerFactory(XmlRestriction... restrictions)	Returns SAX transformer factory (xerces) instead of default (xalan) one.
Transformer	createTransformer(String stylesheet, Optional<Map<String,Object>> transformParameters, XmlRestriction... restrictions)
TransformerFactory	createTransformerFactory(XmlRestriction... restrictions)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SecureTransformerFactoryProcessor

public SecureTransformerFactoryProcessor()

Method Details

createSaxTransformerFactory

public SAXTransformerFactory createSaxTransformerFactory(XmlRestriction... restrictions)

Returns SAX transformer factory (xerces) instead of default (xalan) one. Sometimes xerces transformer preferred because it provides customized transforming handling like below:

Templates templates = factory.newTemplates(new StreamSource(xslEntry.getValue())); TransformerHandler transformationHandler = factory.newTransformerHandler(templates); transformerHandlers.add(transformationHandler);

and xalan does not.

Parameters:

restrictions - to say what kind of protocols are enabled while processing.

Returns:

factory

createTransformerFactory

public TransformerFactory createTransformerFactory(XmlRestriction... restrictions)

createTransformer

public Transformer createTransformer(String stylesheet,
 Optional<Map<String,Object>> transformParameters,
 XmlRestriction... restrictions)
                              throws TransformerConfigurationException

Throws:

TransformerConfigurationException