org.apache.solr.common

Class EmptyEntityResolver

java.lang.Object

org.apache.solr.common.EmptyEntityResolver

public final class EmptyEntityResolver
extends Object

This class provides several singletons of entity resolvers used by SAX and StAX in the Java API. This is needed to make secure XML parsers, that don't resolve external entities from untrusted sources.

This class also provides static methods to configure SAX and StAX parsers to be safe.

Parsers will get an empty, closed stream for every external entity, so they will not fail while parsing (unless the external entity is needed for processing!).

Field Summary

Fields

Modifier and Type	Field and Description
static EntityResolver	SAX_INSTANCE
static XMLResolver	STAX_INSTANCE

Method Summary

Modifier and Type	Method and Description
static void	configureSAXParserFactory(SAXParserFactory saxFactory) Configures the given SAXParserFactory to do secure XML processing of untrusted sources.
static void	configureXMLInputFactory(XMLInputFactory inputFactory) Configures the given XMLInputFactory to not parse external entities.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SAX_INSTANCE

public static final EntityResolver SAX_INSTANCE

STAX_INSTANCE

public static final XMLResolver STAX_INSTANCE

Method Detail

configureSAXParserFactory

public static void configureSAXParserFactory(SAXParserFactory saxFactory)

Configures the given SAXParserFactory to do secure XML processing of untrusted sources. It is required to also set SAX_INSTANCE on the created XMLReader.

See Also:

SAX_INSTANCE

configureXMLInputFactory

public static void configureXMLInputFactory(XMLInputFactory inputFactory)

Configures the given XMLInputFactory to not parse external entities. No further configuration on is needed, all required entity resolvers are configured.