membrane
diff --git a/‎core/src/main/java/com/predic8/membrane/core/http/Header.java‎
Lines changed: 559 additions & 540 deletions b/‎core/src/main/java/com/predic8/membrane/core/http/Header.java‎
Lines changed: 559 additions & 540 deletions
diff --git a/‎core/src/main/java/com/predic8/membrane/core/http/MimeType.java‎
Lines changed: 1 addition & 0 deletions b/‎core/src/main/java/com/predic8/membrane/core/http/MimeType.java‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎core/src/main/java/com/predic8/membrane/core/interceptor/xml/Xml2JsonInterceptor.java‎
Lines changed: 73 additions & 71 deletions b/‎core/src/main/java/com/predic8/membrane/core/interceptor/xml/Xml2JsonInterceptor.java‎
Lines changed: 73 additions & 71 deletions
diff --git a/‎core/src/main/java/com/predic8/membrane/core/util/xml/XMLEncodingUtil.java‎
Lines changed: 54 additions & 0 deletions b/‎core/src/main/java/com/predic8/membrane/core/util/xml/XMLEncodingUtil.java‎
Lines changed: 54 additions & 0 deletions
diff --git a/‎core/src/main/java/com/predic8/membrane/core/util/xml/XMLUtil.java‎
Lines changed: 41 additions & 11 deletions b/‎core/src/main/java/com/predic8/membrane/core/util/xml/XMLUtil.java‎
Lines changed: 41 additions & 11 deletions
@@ -39,6 +39,7 @@ public class MimeType {
     public static final String TEXT_XML = "text/xml";
     public static final String TEXT_HTML = "text/html";
     public static final String TEXT_XML_UTF8 = TEXT_XML + ";charset=UTF-8";
+    public static final String TEXT_XML_ISO_8859_1 = TEXT_XML + ";charset=ISO-8859-1";
 
     public static final String TEXT_HTML_UTF8 = "text/html;charset=UTF-8";
     public static final String TEXT_PLAIN = "text/plain";
 
@@ -18,34 +18,57 @@
 import com.predic8.membrane.core.exchange.*;
 import com.predic8.membrane.core.http.*;
 import com.predic8.membrane.core.interceptor.*;
+import com.predic8.membrane.core.util.xml.*;
 import org.json.*;
 import org.slf4j.*;
-import org.w3c.dom.*;
 
-import javax.xml.*;
-import javax.xml.parsers.*;
-import javax.xml.transform.*;
-import javax.xml.transform.dom.*;
-import javax.xml.transform.stream.*;
 import java.io.*;
 
 import static com.predic8.membrane.core.exceptions.ProblemDetails.*;
-import static com.predic8.membrane.core.interceptor.Interceptor.Flow.REQUEST;
+import static com.predic8.membrane.core.http.MimeType.*;
+import static com.predic8.membrane.core.interceptor.Interceptor.Flow.*;
 import static com.predic8.membrane.core.interceptor.Outcome.*;
+import static com.predic8.membrane.core.interceptor.Outcome.ABORT;
 import static java.nio.charset.StandardCharsets.*;
-import static javax.xml.transform.OutputKeys.*;
-
 
 /**
- * @description If enabled converts body content from xml to json.
- * @explanation Can be used for both request and response. Xml file assumed to be in UTF-8. If input is invalid it returns
- * empty json object.
+ * @description Converts an XML message body to JSON.
+ * <p>
+ * The interceptor performs a generic XML-to-JSON transformation using a
+ * structural mapping of XML elements and attributes to JSON objects.
+ * While this works well for simple and data-oriented XML, it has inherent
+ * limitations and challenges.
+ * </p>
+ *
+ * <p>
+ * In particular:
+ * <ul>
+ *   <li>XML attributes and elements are both mapped to JSON properties, which
+ *       can lead to ambiguities.</li>
+ *   <li>Element order, mixed content, and namespaces may not be preserved
+ *       in a meaningful way.</li>
+ *   <li>Repeated elements are heuristically converted into JSON arrays,
+ *       which may not match the intended domain model.</li>
+ * </ul>
+ * </p>
+ *
+ * <p>
+ * This interceptor is intended for integration scenarios where XML is used
+ * as a transport format and the JSON representation is primarily consumed
+ * by applications that do not require full fidelity of the original XML
+ * structure.
+ * </p>
+ *
+ * <p>
+ * For complex XML schemas or contract-driven integrations, a dedicated
+ * transformation using a template, XSLT or a schema-aware mapping is recommended.
+ * </p>
  * @topic 2. Enterprise Integration Patterns
  */
-@MCElement(name="xml2Json")
+@MCElement(name = "xml2Json")
 public class Xml2JsonInterceptor extends AbstractInterceptor {
 
-    private static final Logger log = LoggerFactory.getLogger(Xml2JsonInterceptor.class.getName());
+    private static final Logger log = LoggerFactory.getLogger(Xml2JsonInterceptor.class);
 
     @Override
     public String getShortDescription() {
@@ -54,84 +77,63 @@ public String getShortDescription() {
 
     @Override
     public Outcome handleRequest(Exchange exc) {
-        try {
-            return handleInternal(exc.getRequest());
-        } catch (Exception e) {
-            log.error("", e);
-            internal(router.getConfiguration().isProduction(),getDisplayName())
-                    .flow(REQUEST)
-                    .detail("Could not transform XML to JSON!")
-                    .exception(e)
-                    .buildAndSetResponse(exc);
-            return ABORT;
-        }
+        return handleInternal(exc, REQUEST);
     }
 
     @Override
     public Outcome handleResponse(Exchange exc) {
-        try {
-            return handleInternal(exc.getResponse());
-        } catch (Exception e) {
-            internal(router.getConfiguration().isProduction(),getDisplayName())
-                    .flow(Flow.RESPONSE)
-                    .detail("Could not return WSDL document!")
-                    .exception(e)
-                    .buildAndSetResponse(exc);
-            return ABORT;
-        }
+        return handleInternal(exc, RESPONSE);
     }
 
-    private Outcome handleInternal(Message msg) throws Exception {
-        if(!msg.isXML()){
+    private Outcome handleInternal(Exchange exc, Flow flow) {
+        Message msg = exc.getMessage(flow);
+        if (!msg.isXML()) {
             return CONTINUE;
         }
-
-        if(msg.getHeader().getContentEncoding() != null){
-            msg.setBodyContent(xml2json(msg.getBodyAsStreamDecoded(), msg.getHeader().getContentEncoding()));
-        }
-        else{
-            msg.setBodyContent(xml2json(loadXMLFromStream(msg.getBodyAsStreamDecoded())));
+        try {
+            msg.setBodyContent(xml2json(getBodyAsString(msg)));
+            msg.getHeader().setContentType(APPLICATION_JSON_UTF8);
+            return CONTINUE;
+        } catch (UnsupportedEncodingException e) {
+            handleException(exc, flow, e, "Unsupported encoding: " + e.getMessage());
+        } catch (Exception e) {
+            handleException(exc, flow, e, null);
         }
-        msg.getHeader().setContentType(MimeType.APPLICATION_JSON_UTF8);
-
-        return CONTINUE;
+        return ABORT;
     }
 
-    private byte[] xml2json(InputStream body, String encoding) throws UnsupportedEncodingException {
-        return XML.toJSONObject(new InputStreamReader(body, encoding)).toString().getBytes(UTF_8);
+    private static String getBodyAsString(Message msg) throws IOException {
+        if (msg.getHeader().getCharset() != null) return msg.getBodyAsStringDecoded();
+
+        // Conversion is expensive but needed to get encoding from XML
+        // because org.json.XML ignores the encoding specified in the XML prolog
+        byte[] body = msg.getBody().getContent();
+        var fromProlog = XMLEncodingUtil.getEncodingFromXMLProlog(body);
+        return new String(body, fromProlog != null ? fromProlog : UTF_8.name());
     }
 
+
     private byte[] xml2json(String xml) {
+        // In org.json.XML the encoding is skipped, so xml encoding is always ignored: x.skipPast("?>");
         return XML.toJSONObject(xml).toString().getBytes(UTF_8);
     }
 
-    public static String loadXMLFromStream(InputStream stream) throws Exception
-    {
-        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-        factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
-        return documentToString(factory.newDocumentBuilder().parse(stream));
-    }
-
-    public static String documentToString(Document doc) {
-        try {
-            StringWriter sw = new StringWriter();
-            TransformerFactory tf = TransformerFactory.newInstance();
-            tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
-            tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
-            Transformer transformer = tf.newTransformer();
-            transformer.setOutputProperty(OMIT_XML_DECLARATION, "no");
-            transformer.setOutputProperty(METHOD, "xml");
-            transformer.setOutputProperty(INDENT, "no");
-            transformer.setOutputProperty(ENCODING, "UTF-8");
-            transformer.transform(new DOMSource(doc), new StreamResult(sw));
-            return sw.toString();
-        } catch (Exception ex) {
-            throw new RuntimeException("Error converting to String", ex);
+    private void handleException(Exchange exc, Flow flow, Exception e, String msg) {
+        if (msg == null) {
+            msg = "Could not transform XML to JSON: " + e.getMessage();
+            log.info(msg, e);
+            log.debug("", e);
         }
+        internal(router.getConfiguration().isProduction(), getDisplayName()).flow(flow).status(flow == REQUEST ? 400 : 500)
+                .detail(msg)
+                .exception(e)
+                .topLevel("charset-from-header", exc.getMessage(flow).getHeader().getCharset())
+                .stacktrace(false)
+                .buildAndSetResponse(exc);
     }
 
     @Override
     public String getDisplayName() {
         return "xml 2 json";
     }
-}
+}
@@ -0,0 +1,54 @@
+package com.predic8.membrane.core.util.xml;
+
+import java.nio.charset.*;
+import java.util.*;
+import java.util.regex.*;
+
+import static java.nio.charset.StandardCharsets.ISO_8859_1;
+
+public class XMLEncodingUtil {
+
+    // XML declaration must be ASCII-compatible
+    private static final Pattern XML_DECL_PATTERN =
+            Pattern.compile("^\\s*<\\?xml\\s+([^?]*?)\\?>",
+                    Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
+
+    private static final Pattern ENCODING_ATTR_PATTERN =
+            Pattern.compile("(?i)\\bencoding\\s*=\\s*(['\"])([^'\"]+)\\1");
+
+    /**
+     * Extracts encoding from an XML prolog using raw bytes.
+     * XML spec guarantees the prolog is ASCII-compatible, so we
+     * decode only a small prefix as ISO-8859-1.
+     * @param bytes XML document bytes
+     * @return encoding name (e.g. UTF-8, ISO-8859-1) or null if absent
+     */
+    public static String getEncodingFromXMLProlog(byte[] bytes) {
+        if (bytes == null || bytes.length == 0) return null;
+
+        int offset = 0;
+
+        // UTF-8 BOM
+        if (bytes.length >= 3
+                && (bytes[0] & 0xFF) == 0xEF
+                && (bytes[1] & 0xFF) == 0xBB
+                && (bytes[2] & 0xFF) == 0xBF) {
+            offset = 3;
+        }
+
+        // XML declaration must appear at the start (after BOM + whitespace)
+        int max = Math.min(bytes.length, offset + 1024);
+
+        // ISO-8859-1 preserves byte values 1:1 → safe for ASCII parsing
+        String prefix = new String(bytes, offset, max - offset, ISO_8859_1);
+
+        Matcher decl = XML_DECL_PATTERN.matcher(prefix);
+        if (!decl.find()) return null;
+
+        String declBody = decl.group(1);
+        Matcher enc = ENCODING_ATTR_PATTERN.matcher(declBody);
+        if (!enc.find()) return null;
+
+        return enc.group(2).trim().toUpperCase(Locale.ROOT);
+    }
+}
@@ -15,6 +15,7 @@
 
 import com.predic8.membrane.core.http.*;
 import org.jetbrains.annotations.*;
+import org.slf4j.*;
 import org.w3c.dom.*;
 import org.xml.sax.*;
 
@@ -24,44 +25,73 @@
 import javax.xml.transform.stream.*;
 import java.io.*;
 import java.util.*;
+import java.util.concurrent.atomic.*;
+import java.util.regex.*;
 
 import static javax.xml.XMLConstants.*;
+import static javax.xml.transform.OutputKeys.*;
 
 public class XMLUtil {
 
-    // TransformerFactory is *not* specified as thread-safe.
-    // We keep one instance per thread. See:
-    // https://docs.oracle.com/javase/8/docs/api/javax/xml/transform/TransformerFactory.html
-    private static final ThreadLocal<TransformerFactory> TF = ThreadLocal.withInitial(() -> {
+    private static final Logger log = LoggerFactory.getLogger(XMLUtil.class);
+
+    private static final AtomicBoolean loggedSecureProcessing = new AtomicBoolean();
+    private static final AtomicBoolean loggedExternalAccess = new AtomicBoolean();
+
+
+    // TransformerFactory is not specified as thread-safe and is mutable (features/attributes).
+    // Use one instance per thread and create a fresh Transformer per transform (Transformer is not thread-safe).
+    private static final ThreadLocal<TransformerFactory> SAFE_TRANSFORMER_FACTORY = ThreadLocal.withInitial(() -> {
         TransformerFactory f = TransformerFactory.newInstance();
+
+        // Best-effort hardening. Some implementations may not support all flags.
         try {
             // Enable secure processing (limits entity expansion etc.)
             f.setFeature(FEATURE_SECURE_PROCESSING, true);
         } catch (TransformerConfigurationException | TransformerFactoryConfigurationError e) {
-            // Log if you want, but do not fail hard because of missing feature
+            if (loggedSecureProcessing.compareAndSet(false, true)) {
+                log.warn("Could not enable secure XML processing (FEATURE_SECURE_PROCESSING): {}", e.getMessage());
+            }
         }
 
         try {
             // Disallow access to external DTDs and stylesheets (JAXP 1.5+)
             f.setAttribute(ACCESS_EXTERNAL_DTD, "");
             f.setAttribute(ACCESS_EXTERNAL_STYLESHEET, "");
-        } catch (IllegalArgumentException ignored) {
+            f.setAttribute(ACCESS_EXTERNAL_SCHEMA, "");
+        } catch (IllegalArgumentException e) {
             // Attributes not supported by all implementations
+            if (loggedExternalAccess.compareAndSet(false, true)) {
+                log.warn("Could not disable external XML access (ACCESS_EXTERNAL_DTD/ACCESS_EXTERNAL_STYLESHEET): {}", e.getMessage());
+            }
         }
 
         return f;
     });
 
+    /**
+     * Returns a {@link TransformerFactory} instance with XML hardening enabled on a
+     * best-effort basis.
+     * The returned factory is obtained from a thread-local cache because
+     * {@link TransformerFactory} is mutable and not specified as thread-safe.
+     * A fresh {@link javax.xml.transform.Transformer} must be created for each
+     * transformation.
+     *
+     * @return a thread-local {@link TransformerFactory} with best-effort XML security hardening applied
+     */
+    public static TransformerFactory newHardenedBestEffortTransformerFactory() {
+        return SAFE_TRANSFORMER_FACTORY.get();
+    }
 
     public static String xmlNode2String(Node node) throws TransformerException {
         if (node == null) {
             return "";
         }
 
-        Transformer tf = TF.get().newTransformer();
-        tf.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
-        tf.setOutputProperty(OutputKeys.METHOD, "xml");
-        tf.setOutputProperty(OutputKeys.INDENT, "yes");
+        Transformer tf = SAFE_TRANSFORMER_FACTORY.get().newTransformer();
+        tf.setOutputProperty(OMIT_XML_DECLARATION, "yes");
+        tf.setOutputProperty(METHOD, "xml");
+        tf.setOutputProperty(INDENT, "yes");
 
         StringWriter writer = new StringWriter();
         tf.transform(new DOMSource(node), new StreamResult(writer));
@@ -74,7 +104,7 @@ public static QName groovyToJavaxQName(groovy.namespace.QName qName) {
 
     /**
      * For XML processing sometimes an InputSource is needed.
-     * @param msg
+     * @param msg Message with body
      * @return InputSource of the message body
      */
     public static @NotNull InputSource getInputSource(Message msg) {