Class XmlSecurity

java.lang.Object

cloud.opencode.base.xml.security.XmlSecurity

public final class XmlSecurity
extends Object

XML Security Configuration - Provides secure XML parser configuration XML 安全配置 - 提供安全的 XML 解析器配置

This class provides methods to configure XML parsers securely to prevent XXE (XML External Entity) attacks and other XML-related security threats.

此类提供配置安全 XML 解析器的方法，以防止 XXE（XML 外部实体）攻击和其他 XML 相关安全威胁。

Security Features | 安全特性:

• Disables external entities (XXE protection) - 禁用外部实体（XXE 防护）
• Disables DTD processing - 禁用 DTD 处理
• Limits entity expansion - 限制实体扩展
• Disables external parameter entities - 禁用外部参数实体

Usage Examples | 使用示例:

// Create secure DocumentBuilderFactory
DocumentBuilderFactory factory = XmlSecurity.createSecureDocumentBuilderFactory();

// Or secure an existing factory
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
XmlSecurity.secure(factory);

Since:

JDK 25, opencode-base-xml V1.0.0

Author:

Leon Soo www.LeonSoo.com

See Also:

• OpenCode.cloud

Field Summary

Fields

Modifier and Type	Field	Description
static final int	DEFAULT_ENTITY_EXPANSION_LIMIT	Default entity expansion limit.

Method Summary

Modifier and Type	Method	Description
static DocumentBuilderFactory	createSecureDocumentBuilderFactory()	Creates a secure DocumentBuilderFactory.
static SAXParserFactory	createSecureSAXParserFactory()	Creates a secure SAXParserFactory.
static SchemaFactory	createSecureSchemaFactory()	Creates a secure SchemaFactory for XSD validation.
static TransformerFactory	createSecureTransformerFactory()	Creates a secure TransformerFactory.
static XMLInputFactory	createSecureXMLInputFactory()	Creates a secure XMLInputFactory.
static void	disableDtd(DocumentBuilderFactory factory)	Disables DTD processing on a DocumentBuilderFactory.
static void	disableExternalEntities(DocumentBuilderFactory factory)	Disables external entities on a DocumentBuilderFactory.
static DocumentBuilderFactory	secure(DocumentBuilderFactory factory)	Configures a DocumentBuilderFactory with secure settings.
static SAXParserFactory	secure(SAXParserFactory factory)	Configures a SAXParserFactory with secure settings.
static XMLInputFactory	secure(XMLInputFactory factory)	Configures an XMLInputFactory with secure settings.
static TransformerFactory	secure(TransformerFactory factory)	Configures a TransformerFactory with secure settings.
static SchemaFactory	secure(SchemaFactory factory)	Configures a SchemaFactory with secure settings.
static void	setEntityExpansionLimit(DocumentBuilderFactory factory, int limit)	Sets the entity expansion limit on a DocumentBuilderFactory.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

DEFAULT_ENTITY_EXPANSION_LIMIT

public static final int DEFAULT_ENTITY_EXPANSION_LIMIT

Default entity expansion limit. 默认实体扩展限制。

See Also:

• Constant Field Values

Method Details

secure

public static DocumentBuilderFactory secure(DocumentBuilderFactory factory)

Configures a DocumentBuilderFactory with secure settings. 使用安全设置配置 DocumentBuilderFactory。

Parameters:

factory - the factory to configure | 要配置的工厂

Returns:

the configured factory | 配置后的工厂

secure

public static SAXParserFactory secure(SAXParserFactory factory)

Configures a SAXParserFactory with secure settings. 使用安全设置配置 SAXParserFactory。

Parameters:

factory - the factory to configure | 要配置的工厂

Returns:

the configured factory | 配置后的工厂

secure

public static XMLInputFactory secure(XMLInputFactory factory)

Configures an XMLInputFactory with secure settings. 使用安全设置配置 XMLInputFactory。

Parameters:

factory - the factory to configure | 要配置的工厂

Returns:

the configured factory | 配置后的工厂

secure

public static TransformerFactory secure(TransformerFactory factory)

Configures a TransformerFactory with secure settings. 使用安全设置配置 TransformerFactory。

Parameters:

factory - the factory to configure | 要配置的工厂

Returns:

the configured factory | 配置后的工厂

secure

public static SchemaFactory secure(SchemaFactory factory)

Configures a SchemaFactory with secure settings. 使用安全设置配置 SchemaFactory。

Parameters:

factory - the factory to configure | 要配置的工厂

Returns:

the configured factory | 配置后的工厂

createSecureDocumentBuilderFactory

public static DocumentBuilderFactory createSecureDocumentBuilderFactory()

Creates a secure DocumentBuilderFactory. 创建安全的 DocumentBuilderFactory。

Returns:

a secure factory | 安全的工厂

createSecureSAXParserFactory

public static SAXParserFactory createSecureSAXParserFactory()

Creates a secure SAXParserFactory. 创建安全的 SAXParserFactory。

Returns:

a secure factory | 安全的工厂

createSecureXMLInputFactory

public static XMLInputFactory createSecureXMLInputFactory()

Creates a secure XMLInputFactory. 创建安全的 XMLInputFactory。

Returns:

a secure factory | 安全的工厂

createSecureTransformerFactory

public static TransformerFactory createSecureTransformerFactory()

Creates a secure TransformerFactory. 创建安全的 TransformerFactory。

Returns:

a secure factory | 安全的工厂

createSecureSchemaFactory

public static SchemaFactory createSecureSchemaFactory()

Creates a secure SchemaFactory for XSD validation. 创建用于 XSD 验证的安全 SchemaFactory。

Returns:

a secure factory | 安全的工厂

disableExternalEntities

public static void disableExternalEntities(DocumentBuilderFactory factory)

Disables external entities on a DocumentBuilderFactory. 在 DocumentBuilderFactory 上禁用外部实体。

Parameters:

factory - the factory to configure | 要配置的工厂

disableDtd

public static void disableDtd(DocumentBuilderFactory factory)

Disables DTD processing on a DocumentBuilderFactory. 在 DocumentBuilderFactory 上禁用 DTD 处理。

Parameters:

factory - the factory to configure | 要配置的工厂

setEntityExpansionLimit

public static void setEntityExpansionLimit(DocumentBuilderFactory factory,
 int limit)

Sets the entity expansion limit on a DocumentBuilderFactory. 在 DocumentBuilderFactory 上设置实体扩展限制。

Parameters:

factory - the factory to configure | 要配置的工厂

limit - the maximum number of entity expansions | 最大实体扩展数