设为首页收藏本站京东联盟微信公众号京东商城有优惠
京东6.18大促主会场领京享红包更优惠

 找回密码
 立即注册

QQ登录

只需一步,快速开始

梦想之都-俊月星空 门户 站长分享 java相关技术 查看内容

解决javax.xml.parsers.DocumentBuilderFactory.setFeature(Ljava/lang/String;Z)V异 ...

2021-11-4 12:37| 发布者: zhaojun917| 查看: 1688| 评论: 0

摘要: 1 问题在解决微信支付XXE(XML外部实体注入漏洞)的时使用了setFeature()方法,出现了如下异常:java.lang.AbstractMethodError:javax.xml.parsers.DocumentBuilderFactory.setFeature(Ljava/lang/String;Z)2 原因不 ...
1 问题
在解决微信支付XXE(XML外部实体注入漏洞)的时使用了setFeature()方法,出现了如下异常:

java.lang.AbstractMethodError:javax.xml.parsers.DocumentBuilderFactory.setFeature(Ljava/lang/String;Z)
2 原因
不同jar包的多xml解析器冲突

3 解决
微信支付创建xml解析器的官方SDK源码

public static DocumentBuilder newDocumentBuilder() throws ParserConfigurationException {
        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
        documentBuilderFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
        documentBuilderFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
        documentBuilderFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
        documentBuilderFactory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
        documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        documentBuilderFactory.setXIncludeAware(false);
        documentBuilderFactory.setExpandEntityReferences(false);
 
        return documentBuilderFactory.newDocumentBuilder();
    }
解决方法:在使用DocumentBuilderFactory前加入这一行代码

System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl");
完整代码

public static DocumentBuilder newDocumentBuilder() throws ParserConfigurationException {
        //解决java.lang.AbstractMethodError:javax.xml.parsers.DocumentBuilderFactory.setFeature(Ljava/lang/String;Z)V异常
        System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl");
 
        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
        documentBuilderFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
        documentBuilderFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
        documentBuilderFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
        documentBuilderFactory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
        documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        documentBuilderFactory.setXIncludeAware(false);
        documentBuilderFactory.setExpandEntityReferences(false);
 
        return documentBuilderFactory.newDocumentBuilder();
    }
 
 
收藏 分享 邀请
上一篇:http ssl 证书 把pem文件 和 私钥文件key 放入 httpclient 请求下一篇:Java 微信支付 继承 WXPayConfig 类 getWXPayDomain() 方法 重写 遗漏

相关分类

关闭

站长推荐上一条 /6 下一条

QQ|手机版|小黑屋|梦想之都-俊月星空 ( 粤ICP备18056059号 )|网站地图

GMT+8, 2025-7-1 19:32 , Processed in 0.031096 second(s), 18 queries .

Powered by Mxzdjyxk! X3.5

© 2001-2025 Discuz! Team.

返回顶部