Package org.dspace.app.util

Class XMLUtils

java.lang.Object
org.dspace.app.util.XMLUtils
public class XMLUtils extends Object
Simple class to read information from small XML using DOM manipulation
Author:
Andrea Bollini

  • Method Details

    • getElementList

      public static List<Element> getElementList(Element dataRoot, String name)
      Parameters:
      dataRoot - the starting node
      name - the tag name of the child element to find.
      Returns:
      the list of all DOM Element with the provided name direct child of the starting node

    • getElementAttribute

      public static String getElementAttribute(Element dataRoot, String name, String attr)
      Parameters:
      dataRoot - the starting node
      name - the name of the sub element
      attr - the attribute to get
      Returns:
      the value of the attribute for the sub element with the specified name in the starting node

    • getElementValue

      public static String getElementValue(Element dataRoot, String name)
      Parameters:
      dataRoot - the starting node
      name - the name of the sub element
      Returns:
      the text content of the sub element with the specified name in the starting node

    • getSingleElement

      public static Element getSingleElement(Element dataRoot, String name)
      Return the first element child with the specified name
      Parameters:
      dataRoot - the starting node
      name - the name of sub element to look for
      Returns:
      the first child element or null if no present

    • getElementValueList

      public static List<String> getElementValueList(Element rootElement, String subElementName)
      Parameters:
      rootElement - the starting node
      subElementName - the tag name of the child element to find.
      Returns:
      a list of string including all the text contents of the sub element with the specified name. If there are not sub element with the supplied name the method will return null

    • getElementValueArrayList

      public static List<String[]> getElementValueArrayList(Element rootElement, String subElementName, String... fieldsName)
      root/subElement[]/field1, field2, fieldN
      Parameters:
      rootElement - the starting node
      subElementName - the name of the sub element to work on
      fieldsName - the names of the sub-sub-elements from which get the text content
      Returns:
      a list of array strings. The length of the array is equals to the number of fields required. For any fields the first textual value found in the sub element is used, null if no value is present

    • getTrustedDocumentBuilderFactory

      public static DocumentBuilderFactory getTrustedDocumentBuilderFactory() throws ParserConfigurationException
      Initialize and return a javax DocumentBuilderFactory with NO security applied. This is intended only for internal, administrative/configuration use where external entities and other dangerous features are actually purposefully included. The method here is tiny, but may be expanded with other features like whitespace handling, and calling this method name helps to document the fact that the caller knows it is trusting the XML source / factory.
      Returns:
      document builder factory to generate new builders
      Throws:
      ParserConfigurationException

    • getDocumentBuilderFactory

      public static DocumentBuilderFactory getDocumentBuilderFactory() throws ParserConfigurationException
      Initialize and return the javax DocumentBuilderFactory with some basic security applied to avoid XXE attacks and other unwanted content inclusion
      Returns:
      document builder factory to generate new builders
      Throws:
      ParserConfigurationException

    • getTrustedDocumentBuilder

      public static DocumentBuilder getTrustedDocumentBuilder(String... allowedPaths) throws ParserConfigurationException
      Initialize and return a javax DocumentBuilder with less security applied. This is intended only for internal, administrative/configuration use where external entities and other dangerous features are actually purposefully included, but are only allowed from specified paths, e.g. dspace.dir or some other path specified by the java caller. The method here is tiny, but may be expanded with other features like whitespace handling, and calling this method name helps to document the fact that the caller knows it is trusting the XML source / builder

      If no allowedPaths are passed, then all external entities are rejected

      Returns:
      document builder with no security features set
      Throws:
      ParserConfigurationException - if the builder can not be configured

    • getDocumentBuilder

      public static DocumentBuilder getDocumentBuilder() throws ParserConfigurationException
      Initialize and return the javax DocumentBuilder with some basic security applied to avoid XXE attacks and other unwanted content inclusion
      Returns:
      document builder for use in XML parsing
      Throws:
      ParserConfigurationException - if the builder can not be configured

    • getSAXBuilder

      public static org.jdom2.input.SAXBuilder getSAXBuilder()
      Initialize and return the SAX document builder with some basic security applied to avoid XXE attacks and other unwanted content inclusion
      Returns:
      SAX document builder for use in XML parsing

    • getSAXBuilder

      public static org.jdom2.input.SAXBuilder getSAXBuilder(boolean validate)
      Initialize and return the SAX document builder with some basic security applied to avoid XXE attacks and other unwanted content inclusion
      Parameters:
      validate - whether to use JDOM XSD validation
      Returns:
      SAX document builder for use in XML parsing

    • getXMLInputFactory

      public static XMLInputFactory getXMLInputFactory()
      Initialize and return the Java XML Input Factory with some basic security applied to avoid XXE attacks and other unwanted content inclusion
      Returns:
      XML input factory for use in XML parsing