File Doc Category Size Date Package
SecurityManager.java API Doc Java SE 5 API 7818 Fri Aug 26 14:55:56 BST 2005 com.sun.org.apache.xerces.internal.util

SecurityManager

java.lang.Object

public final class SecurityManager extends Object

This class is a container for parser settings that relate to security, or more specifically, it is intended to be used to prevent denial-of-service attacks from being launched against a system running Xerces. Any component that is aware of a denial-of-service attack that can arise from its processing of a certain kind of document may query its Component Manager for the property (http://apache.org/xml/properties/security-manager) whose value will be an instance of this class. If no value has been set for the property, the component should proceed in the "usual" (spec-compliant) manner. If a value has been set, then it must be the case that the component in question needs to know what method of this class to query. This class will provide defaults for all known security issues, but will also provide setters so that those values can be tailored by applications that care.

author: Neil Graham, IBM
version: $Id: SecurityManager.java,v 1.5 2004/03/23 01:23:41 mrglavas Exp $

Fields Summary
private static final int
DEFAULT_ENTITY_EXPANSION_LIMIT
private static final int
DEFAULT_MAX_OCCUR_NODE_LIMIT
Default value of number of nodes created.
private static final int
DEFAULT_ELEMENT_ATTRIBUTE_LIMIT
private int
entityExpansionLimit
Entity expansion limit.
private int
maxOccurLimit
W3C XML Schema maxOccurs limit.
private int
fElementAttributeLimit
Constructors Summary
public SecurityManager()
Default constructor. Establishes default values for known security vulnerabilities.
// default constructor. Establishes default values for // all known security holes. entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT ; fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; //We are reading system properties only once , //at the time of creation of this object , readSystemProperties();
Methods Summary
public int getElementAttrLimit()
return fElementAttributeLimit;
public int getEntityExpansionLimit()
Returns the number of entity expansions that the parser permits in a document.
return
the number of entity expansions permitted in a document
return entityExpansionLimit;
public int getMaxOccurNodeLimit()
Returns the limit of the number of content model nodes that may be created when building a grammar for a W3C XML Schema that contains maxOccurs attributes with values other than "unbounded".
return
the maximum value for maxOccurs other than "unbounded"
return maxOccurLimit;
private void readSystemProperties()
//TODO: also read SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT try { String value = System.getProperty(Constants.ENTITY_EXPANSION_LIMIT); if(value != null && !value.equals("")){ entityExpansionLimit = Integer.parseInt(value); if (entityExpansionLimit < 0) entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; } else entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; }catch(Exception ex){} try { String value = System.getProperty(Constants.MAX_OCCUR_LIMIT); if(value != null && !value.equals("")){ maxOccurLimit = Integer.parseInt(value); if (maxOccurLimit < 0) maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; } else maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; }catch(Exception ex){} try { String value = System.getProperty(Constants.SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT); if(value != null && !value.equals("")){ fElementAttributeLimit = Integer.parseInt(value); if ( fElementAttributeLimit < 0) fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; } else fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; }catch(Exception ex){}
public void setElementAttrLimit(int limit)
fElementAttributeLimit = limit;
public void setEntityExpansionLimit(int limit)
Sets the number of entity expansions that the parser should permit in a document.
param
limit the number of entity expansions permitted in a document
entityExpansionLimit = limit;
public void setMaxOccurNodeLimit(int limit)
Sets the limit of the number of content model nodes that may be created when building a grammar for a W3C XML Schema that contains maxOccurs attributes with values other than "unbounded".
param
limit the maximum value for maxOccurs other than "unbounded"
maxOccurLimit = limit;