Merge pull request #178 from ndw/alt-177

Correct getNetResource so it uses the resourceURI
xmlresolver · Mar 11, 2024 · b538b23 · b538b23
2 parents 11fb3c4 + 83ac3a2
commit b538b23
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 22 deletions.
diff --git a/src/main/java/org/xmlresolver/ResourceAccess.java b/src/main/java/org/xmlresolver/ResourceAccess.java
@@ -213,28 +213,17 @@ private static ResourceResponse getNetResource(ResourceRequest request, URI reso
  accessList = config.getFeature(ResolverFeature.ACCESS_EXTERNAL_DOCUMENT);
  }
 
- // We want to test the request URI, and if it's relative to some base URI, we want
- // to make sure we're considering the absolute URI, not just the relative part.
- URI requestURI = null;
- try {
- requestURI = request.getAbsoluteURI();
- if (requestURI == null) {
- requestURI = new URI(request.getURI());
- }
- if (!requestURI.isAbsolute()) {
- requestURI = URIUtils.cwd().resolve(requestURI.toString());
- }
-
- if (URIUtils.forbidAccess(accessList, requestURI.toString(), mergeHttps)) {
- if (request.isResolvingAsEntity()) {
- logger.log(AbstractLogger.REQUEST, "resolveEntity, access denied: " + requestURI);
- } else {
- logger.log(AbstractLogger.REQUEST, "resolveURI, access denied: " + requestURI);
- }
- return new ResourceResponse(request, true);
+ // We come through this code path when a resource was successfully resolved,
+ // but it wasn't a data:, jar: or, classpath: URI. We still want to retrieve it,
+ // so we'll try http:, https:, or anything supported by Java's URLConnection.
+ // Note that the resourceURI will be absolute at this point.
+ if (URIUtils.forbidAccess(accessList.concat(",file"), resourceURI.toString(), mergeHttps)) {
+ if (request.isResolvingAsEntity()) {
+ logger.log(AbstractLogger.REQUEST, "resolveEntity, access denied: " + resourceURI);
+ } else {
+ logger.log(AbstractLogger.REQUEST, "resolveURI, access denied: " + resourceURI);
  }
- } catch (URISyntaxException ex) {
- // I don't think this can happen here, but...
+ return new ResourceResponse(request, true);
  }
 
  ResourceConnection connx = new ResourceConnection(request.config, resourceURI, !request.openStream());

diff --git a/src/test/java/org/xmlresolver/Jaxp185Test.java b/src/test/java/org/xmlresolver/Jaxp185Test.java
@@ -222,7 +222,23 @@ public void lookupSystemPassHttp() {
  }
  }
 
-// yyy
+ @Test
+ public void lookupPublicId() throws IOException, SAXException {
+ InputSource source = unrestrictedResolver.getEntityResolver().resolveEntity("-//Sample//DTD Sample 1.0//EN", null);
+ assertNotNull(source);
+ }
+
+ @Test
+ public void lookupPublicIdBadURI() throws IOException, SAXException {
+ InputSource source = unrestrictedResolver.getEntityResolver().resolveEntity("-//Sample//DTD Sample 1.0//EN", "relativeLocation.dtd");
+ assertNotNull(source);
+ }
+
+ @Test
+ public void lookupPublicIdOkURI() throws IOException, SAXException {
+ InputSource source = unrestrictedResolver.getEntityResolver().resolveEntity("-//Sample//DTD Sample 1.0//EN", "http://localhost:8222/docs/sample/sample.dtd");
+ assertNotNull(source);
+ }
 
  @Test
  public void lookupUriMergedPassHttpsAbs() {