Package org.apache.solr.common
Class EmptyEntityResolver
- java.lang.Object
-
- org.apache.solr.common.EmptyEntityResolver
-
public final class EmptyEntityResolver extends Object
This class provides several singletons of entity resolvers used by SAX and StAX in the Java API. This is needed to make secure XML parsers, that don't resolve external entities from untrusted sources.This class also provides static methods to configure SAX and StAX parsers to be safe.
Parsers will get an empty, closed stream for every external entity, so they will not fail while parsing (unless the external entity is needed for processing!).
-
-
Field Summary
Fields Modifier and Type Field Description static EntityResolver
SAX_INSTANCE
static XMLResolver
STAX_INSTANCE
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static void
configureSAXParserFactory(SAXParserFactory saxFactory)
Configures the givenSAXParserFactory
to do secure XML processing of untrusted sources.static void
configureXMLInputFactory(XMLInputFactory inputFactory)
Configures the givenXMLInputFactory
to not parse external entities.
-
-
-
Field Detail
-
SAX_INSTANCE
public static final EntityResolver SAX_INSTANCE
-
STAX_INSTANCE
public static final XMLResolver STAX_INSTANCE
-
-
Method Detail
-
configureSAXParserFactory
public static void configureSAXParserFactory(SAXParserFactory saxFactory)
Configures the givenSAXParserFactory
to do secure XML processing of untrusted sources. It is required to also setSAX_INSTANCE
on the createdXMLReader
.- See Also:
SAX_INSTANCE
-
configureXMLInputFactory
public static void configureXMLInputFactory(XMLInputFactory inputFactory)
Configures the givenXMLInputFactory
to not parse external entities. No further configuration on is needed, all required entity resolvers are configured.
-
-