如何使用带字符串输入的 JAXB 2.0 禁用 DTD 提取
How to Disable DTD fetching using JAXB 2.0 with string input
我有以下代码(工作正常),我必须保护它,并在解组过程中添加一些限制
public static Response getObjectBinResponse1(String xml) throws JAXBException{
JAXBContext jaxbContext = JAXBContext.newInstance(Response.class);
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
StringReader reader = new StringReader(xml);
Response rsp=(Response) unmarshaller.unmarshal(reader);
reader.close();
return rsp;
}
我试过这个:
public static Response getObjectBinResponse2(String xml) throws JAXBException, ParserConfigurationException, SAXException, UnsupportedEncodingException{
JAXBContext jaxbContext = JAXBContext.newInstance(Response.class);
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
spf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
spf.setFeature("http://xml.org/sax/features/validation", false);
XMLReader xmlReader = spf.newSAXParser().getXMLReader();
InputSource inputSource = new InputSource(new StringReader(xml));
SAXSource source = new SAXSource(xmlReader, inputSource);
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
Response rsp=(Response) unmarshaller.unmarshal(source);
return rsp;
}
但是此代码会引发以下错误:
javax.xml.bind.UnmarshalException: unexpected element (uri:"", local:"ns0:Response"). Expected elements are <{http://www.xxx.yy/aaa/vbb/v1}Response>
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext.handleEvent(UnmarshallingContext.java:726)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.Loader.reportError(Loader.java:247)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.Loader.reportError(Loader.java:242)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.Loader.reportUnexpectedChildElement(Loader.java:109)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext$DefaultRootLoader.childElement(UnmarshallingContext.java:1131)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext._startElement(UnmarshallingContext.java:556)
我通过将源文件更改为字符串来尝试这个答案的代码。
How to disable DTD fetching using JAXB2.0
class的名字是正确的
@XmlRootElement(name = "Response")
public class Response {
我有文件包-info.java正确
@javax.xml.bind.annotation.XmlSchema(namespace = "http://www.xxx.yy/aaa/vbb/v1")
package my.generated.package.from.xsd.with.jaxb;
xml 字符串看起来像
String xml="<?xml version=\"1.0\" encoding=\"UTF-8\"?><ns0:Response xmlns:ns0=\"http://www.xxx.yy/aaa/vbb/v1\"><enca......
如果我改变这一行
SAXSource source = new SAXSource(xmlReader, inputSource);
对此
SAXSource source = new SAXSource(inputSource);
可以,但由于限制我需要 xml阅读器
已解决,在SAXParserFactory之后需要放置setNamespaceAware=true
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setNamespaceAware(true);
我有以下代码(工作正常),我必须保护它,并在解组过程中添加一些限制
public static Response getObjectBinResponse1(String xml) throws JAXBException{
JAXBContext jaxbContext = JAXBContext.newInstance(Response.class);
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
StringReader reader = new StringReader(xml);
Response rsp=(Response) unmarshaller.unmarshal(reader);
reader.close();
return rsp;
}
我试过这个:
public static Response getObjectBinResponse2(String xml) throws JAXBException, ParserConfigurationException, SAXException, UnsupportedEncodingException{
JAXBContext jaxbContext = JAXBContext.newInstance(Response.class);
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
spf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
spf.setFeature("http://xml.org/sax/features/validation", false);
XMLReader xmlReader = spf.newSAXParser().getXMLReader();
InputSource inputSource = new InputSource(new StringReader(xml));
SAXSource source = new SAXSource(xmlReader, inputSource);
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
Response rsp=(Response) unmarshaller.unmarshal(source);
return rsp;
}
但是此代码会引发以下错误:
javax.xml.bind.UnmarshalException: unexpected element (uri:"", local:"ns0:Response"). Expected elements are <{http://www.xxx.yy/aaa/vbb/v1}Response>
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext.handleEvent(UnmarshallingContext.java:726)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.Loader.reportError(Loader.java:247)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.Loader.reportError(Loader.java:242)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.Loader.reportUnexpectedChildElement(Loader.java:109)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext$DefaultRootLoader.childElement(UnmarshallingContext.java:1131)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext._startElement(UnmarshallingContext.java:556)
我通过将源文件更改为字符串来尝试这个答案的代码。 How to disable DTD fetching using JAXB2.0
class的名字是正确的
@XmlRootElement(name = "Response")
public class Response {
我有文件包-info.java正确
@javax.xml.bind.annotation.XmlSchema(namespace = "http://www.xxx.yy/aaa/vbb/v1")
package my.generated.package.from.xsd.with.jaxb;
xml 字符串看起来像
String xml="<?xml version=\"1.0\" encoding=\"UTF-8\"?><ns0:Response xmlns:ns0=\"http://www.xxx.yy/aaa/vbb/v1\"><enca......
如果我改变这一行
SAXSource source = new SAXSource(xmlReader, inputSource);
对此
SAXSource source = new SAXSource(inputSource);
可以,但由于限制我需要 xml阅读器
已解决,在SAXParserFactory之后需要放置setNamespaceAware=true
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setNamespaceAware(true);