From 6c177ccad429490bc39be79a74097d3ee7995d5d Mon Sep 17 00:00:00 2001
From: RIHTARSIC Joze <joze.rihtarsic@ext.ec.europa.eu>
Date: Mon, 23 Sep 2024 17:22:09 +0200
Subject: [PATCH] [EDELIVERY-13369] add scheme validation for the sample
 extension

---
 .../ec/smp/spi/handler/AbstractHandler.java     | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/smp-resource-extensions/oasis-cppa3-spi/src/main/java/eu/europa/ec/smp/spi/handler/AbstractHandler.java b/smp-resource-extensions/oasis-cppa3-spi/src/main/java/eu/europa/ec/smp/spi/handler/AbstractHandler.java
index 9a3fd51ca..023a1effa 100644
--- a/smp-resource-extensions/oasis-cppa3-spi/src/main/java/eu/europa/ec/smp/spi/handler/AbstractHandler.java
+++ b/smp-resource-extensions/oasis-cppa3-spi/src/main/java/eu/europa/ec/smp/spi/handler/AbstractHandler.java
@@ -67,11 +67,8 @@ public abstract class AbstractHandler implements ResourceHandlerSpi {
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
         factory.setNamespaceAware(true);
         factory.setValidating(true);
-        try {
-            factory.setFeature(DISALLOW_DOCTYPE_FEATURE, true);
-        } catch (ParserConfigurationException e) {
-            LOG.warn("DocumentBuilderFactory initialization error. The feature [{}] is not supported by current factory. The feature is ignored.", DISALLOW_DOCTYPE_FEATURE);
-        }
+        enableFeature(factory, DISALLOW_DOCTYPE_FEATURE);
+        enableFeature(factory, XMLConstants.FEATURE_SECURE_PROCESSING);
 
         try {
             return factory.newDocumentBuilder();
@@ -80,6 +77,16 @@ public abstract class AbstractHandler implements ResourceHandlerSpi {
         }
     }
 
+    private static boolean enableFeature(DocumentBuilderFactory factory, String feature) {
+        try {
+            factory.setFeature(feature, true);
+            return true;
+        } catch (ParserConfigurationException e) {
+            LOG.warn("DocumentBuilderFactory initialization error. The feature [{}] is not supported by current factory. The feature is ignored.", feature);
+            return false;
+        }
+    }
+
     private static final ThreadLocal<Unmarshaller> jaxbUnmarshaller = ThreadLocal.withInitial(() -> {
         try {
             JAXBContext jaxbContext = JAXBContext.newInstance(CPP.class);
-- 
GitLab