Created
June 23, 2016 12:25
-
-
Save lillesand/ea718bd9552902cc9046d6a8528f6c94 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package no.posten.dpost.signering; | |
import org.springframework.xml.transform.StringSource; | |
import javax.xml.bind.JAXBContext; | |
import javax.xml.bind.Marshaller; | |
import javax.xml.bind.Unmarshaller; | |
import javax.xml.bind.annotation.XmlRootElement; | |
import javax.xml.stream.XMLInputFactory; | |
import javax.xml.stream.XMLStreamReader; | |
public class Fjalleball { | |
public static void main(String[] args) throws Exception { | |
JAXBContext jc = JAXBContext.newInstance(Customer.class); | |
XMLInputFactory xif = XMLInputFactory.newFactory(); | |
//xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); | |
//xif.setProperty(XMLInputFactory.SUPPORT_DTD, false); | |
XMLStreamReader xsr = xif.createXMLStreamReader(new StringSource("<?xml version=\"1.0\"?>\n" + | |
"<!DOCTYPE customer [<!ENTITY name SYSTEM \"/etc/passwd\">]>\n" + | |
"<customer>\n" + | |
" <name>&name;</name>\n" + | |
"</customer>")); | |
Unmarshaller unmarshaller = jc.createUnmarshaller(); | |
Customer customer = (Customer) unmarshaller.unmarshal(xsr); | |
Marshaller marshaller = jc.createMarshaller(); | |
marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); | |
marshaller.marshal(customer, System.out); | |
} | |
@XmlRootElement | |
public static class Customer { | |
private String name; | |
public String getName() { | |
return name; | |
} | |
public void setName(String name) { | |
this.name = name; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment