Class SecureXMLFactory

java.lang.Object

org.episteme.core.io.SecureXMLFactory

public final class SecureXMLFactory
extends Object

Utility class for creating secure XML parsers.

All XML parsers created through this class are configured to prevent XML External Entity (XXE) attacks and other XML-based vulnerabilities.

Since:

2.0

Author:

Silvere Martin-Michiellot, Gemini AI (Google DeepMind)

Method Summary

Modifier and Type	Method	Description
static DocumentBuilder	createSecureDocumentBuilder()	Creates a secure DocumentBuilder with XXE protection.
static DocumentBuilderFactory	createSecureDocumentBuilderFactory()	Creates a secure DocumentBuilderFactory with XXE protection.
static DocumentBuilderFactory	createSecureNamespaceAwareDocumentBuilderFactory()	Creates a secure namespace-aware DocumentBuilderFactory with XXE protection.
static SAXParser	createSecureSAXParser()	Creates a secure SAXParser with XXE protection.
static SAXParserFactory	createSecureSAXParserFactory()	Creates a secure SAXParserFactory with XXE protection.
static TransformerFactory	createSecureTransformerFactory()	Creates a secure TransformerFactory with XXE protection.
static XMLInputFactory	createSecureXMLInputFactory()	Creates a secure XMLInputFactory for StAX parsing with XXE protection.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

createSecureDocumentBuilderFactory

public static DocumentBuilderFactory createSecureDocumentBuilderFactory()
                                                                 throws ParserConfigurationException

Creates a secure DocumentBuilderFactory with XXE protection.

Returns:

a securely configured DocumentBuilderFactory

Throws:

ParserConfigurationException - if security features cannot be set

createSecureDocumentBuilder

public static DocumentBuilder createSecureDocumentBuilder()
                                                   throws ParserConfigurationException

Creates a secure DocumentBuilder with XXE protection.

Returns:

a securely configured DocumentBuilder

Throws:

ParserConfigurationException - if security features cannot be set

createSecureNamespaceAwareDocumentBuilderFactory

public static DocumentBuilderFactory createSecureNamespaceAwareDocumentBuilderFactory()
                                                                               throws ParserConfigurationException

Creates a secure namespace-aware DocumentBuilderFactory with XXE protection.

Returns:

a securely configured DocumentBuilderFactory

Throws:

ParserConfigurationException - if security features cannot be set

createSecureSAXParserFactory

public static SAXParserFactory createSecureSAXParserFactory()
                                                     throws ParserConfigurationException,
SAXException

Creates a secure SAXParserFactory with XXE protection.

Returns:

a securely configured SAXParserFactory

Throws:

ParserConfigurationException - if security features cannot be set

SAXException - if a SAX error occurs

createSecureSAXParser

public static SAXParser createSecureSAXParser()
                                       throws ParserConfigurationException,
SAXException

Creates a secure SAXParser with XXE protection.

Returns:

a securely configured SAXParser

Throws:

ParserConfigurationException - if security features cannot be set

SAXException - if a SAX error occurs

createSecureXMLInputFactory

public static XMLInputFactory createSecureXMLInputFactory()

Creates a secure XMLInputFactory for StAX parsing with XXE protection.

Returns:

a securely configured XMLInputFactory

createSecureTransformerFactory

public static TransformerFactory createSecureTransformerFactory()

Creates a secure TransformerFactory with XXE protection.

Returns:

a securely configured TransformerFactory