alvinalexander.com | career | drupal | java | mac | mysql | perl | scala | uml | unix  

Java example source code file (SecurityManager.java)

This example Java source code file (SecurityManager.java) is included in the alvinalexander.com "Java Source Code Warehouse" project. The intent of this project is to help you "Learn Java by Example" TM.

Learn more about this Java project at its project page.

Java - Java tags/keywords

default_element_attribute_limit, default_entity_expansion_limit, default_max_occur_node_limit, securitymanager, string

The SecurityManager.java Java example source code

/*
 * reserved comment block
 * DO NOT REMOVE OR ALTER!
 */
/*
 * The Apache Software License, Version 1.1
 *
 *
 * Copyright (c) 2003 The Apache Software Foundation.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. The end-user documentation included with the redistribution,
 *    if any, must include the following acknowledgment:
 *       "This product includes software developed by the
 *        Apache Software Foundation (http://www.apache.org/)."
 *    Alternately, this acknowledgment may appear in the software itself,
 *    if and wherever such third-party acknowledgments normally appear.
 *
 * 4. The names "Xerces" and "Apache Software Foundation" must
 *    not be used to endorse or promote products derived from this
 *    software without prior written permission. For written
 *    permission, please contact apache@apache.org.
 *
 * 5. Products derived from this software may not be called "Apache",
 *    nor may "Apache" appear in their name, without prior written
 *    permission of the Apache Software Foundation.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation and was
 * originally based on software copyright (c) 1999, International
 * Business Machines, Inc., http://www.apache.org.  For more
 * information on the Apache Software Foundation, please see
 * <http://www.apache.org/>.
 */

package com.sun.org.apache.xerces.internal.util;
import com.sun.org.apache.xerces.internal.impl.Constants;
/**
 * This class is a container for parser settings that relate to
 * security, or more specifically, it is intended to be used to prevent denial-of-service
 * attacks from being launched against a system running Xerces.
 * Any component that is aware of a denial-of-service attack that can arise
 * from its processing of a certain kind of document may query its Component Manager
 * for the property (http://apache.org/xml/properties/security-manager)
 * whose value will be an instance of this class.
 * If no value has been set for the property, the component should proceed in the "usual" (spec-compliant)
 * manner.  If a value has been set, then it must be the case that the component in
 * question needs to know what method of this class to query.  This class
 * will provide defaults for all known security issues, but will also provide
 * setters so that those values can be tailored by applications that care.
 *
 * @author  Neil Graham, IBM
 *
 */
public final class SecurityManager {

    //
    // Constants
    //

    // default value for entity expansion limit
    private final static int DEFAULT_ENTITY_EXPANSION_LIMIT = 64000;

    /** Default value of number of nodes created. **/
    private final static int DEFAULT_MAX_OCCUR_NODE_LIMIT = 5000;

    //
    // Data
    //

        private final static int DEFAULT_ELEMENT_ATTRIBUTE_LIMIT = 10000;

    /** Entity expansion limit. **/
    private int entityExpansionLimit;

    /** W3C XML Schema maxOccurs limit. **/
    private int maxOccurLimit;

        private int fElementAttributeLimit;
    // default constructor.  Establishes default values for
    // all known security holes.
    /**
     * Default constructor.  Establishes default values
     * for known security vulnerabilities.
     */
    public SecurityManager() {
        entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT;
        maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT ;
                fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT;
                //We are reading system properties only once ,
                //at the time of creation of this object ,
                readSystemProperties();
    }

    /**
     * <p>Sets the number of entity expansions that the
     * parser should permit in a document.</p>
     *
     * @param limit the number of entity expansions
     * permitted in a document
     */
    public void setEntityExpansionLimit(int limit) {
        entityExpansionLimit = limit;
    }

    /**
     * <p>Returns the number of entity expansions
     * that the parser permits in a document.</p>
     *
     * @return the number of entity expansions
     * permitted in a document
     */
    public int getEntityExpansionLimit() {
        return entityExpansionLimit;
    }

    /**
     * <p>Sets the limit of the number of content model nodes
     * that may be created when building a grammar for a W3C
     * XML Schema that contains maxOccurs attributes with values
     * other than "unbounded".</p>
     *
     * @param limit the maximum value for maxOccurs other
     * than "unbounded"
     */
    public void setMaxOccurNodeLimit(int limit){
        maxOccurLimit = limit;
    }

    /**
     * <p>Returns the limit of the number of content model nodes
     * that may be created when building a grammar for a W3C
     * XML Schema that contains maxOccurs attributes with values
     * other than "unbounded".</p>
     *
     * @return the maximum value for maxOccurs other
     * than "unbounded"
     */
    public int getMaxOccurNodeLimit(){
        return maxOccurLimit;
    }

    public int getElementAttrLimit(){
                return fElementAttributeLimit;
        }

        public void setElementAttrLimit(int limit){
                fElementAttributeLimit = limit;
        }

        private void readSystemProperties(){

                try {
                        String value = System.getProperty(Constants.ENTITY_EXPANSION_LIMIT);
                        if(value != null && !value.equals("")){
                                entityExpansionLimit = Integer.parseInt(value);
                                if (entityExpansionLimit < 0)
                                        entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT;
                        }
                        else
                                entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT;
                }catch(Exception ex){}

                try {
                        String value = System.getProperty(Constants.MAX_OCCUR_LIMIT);
                        if(value != null && !value.equals("")){
                                maxOccurLimit = Integer.parseInt(value);
                                if (maxOccurLimit < 0)
                                        maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT;
                        }
                        else
                                maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT;
                }catch(Exception ex){}

                try {
                        String value = System.getProperty(Constants.ELEMENT_ATTRIBUTE_LIMIT);
                        if(value != null && !value.equals("")){
                                fElementAttributeLimit = Integer.parseInt(value);
                                if ( fElementAttributeLimit < 0)
                                        fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT;
                        }
                        else
                                fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT;

                }catch(Exception ex){}

        }

} // class SecurityManager

Other Java examples (source code examples)

Here is a short list of links related to this Java SecurityManager.java source code file:

... this post is sponsored by my books ...

#1 New Release!

FP Best Seller

 

new blog posts

 

Copyright 1998-2024 Alvin Alexander, alvinalexander.com
All Rights Reserved.

A percentage of advertising revenue from
pages under the /java/jwarehouse URI on this website is
paid back to open source projects.