GH-2993: Catch and log unsupported XML attributes

Fixes #2993

Not all XML components support all the configuration properties.
For example Saxon HE doesn't support `XMLConstants.ACCESS_EXTERNAL_DTD`
and end up with an exception like:
`IllegalArgumentException: Unknown configuration property http://javax.xml.XMLConstants/property/accessExternalDTD`

* Copy `TransformerFactoryUtils` from the latest Spring WS, where
all the attributes are wrapped into `try..catch` and warn log.
And use this new class everywhere instead of non-patched in Spring WS
* Upgrade to the latest Spring WS 2.4.5

Author: artembilan

build.gradle

@@ -138,7 +138,7 @@ subprojects { subproject ->
 		springSocialTwitterVersion = '1.1.2.RELEASE'
 		springRetryVersion = '1.1.3.RELEASE'
 		springVersion = project.hasProperty('springVersion') ? project.springVersion : '4.3.23.RELEASE'
-		springWsVersion = '2.4.4.RELEASE'
+		springWsVersion = '2.4.5.RELEASE'
 		xmlUnitVersion = '1.6'
 		xstreamVersion = '1.4.7'
 	}

spring-integration-xml/src/main/java/org/springframework/integration/xml/TransformerFactoryUtils.java

@@ -0,0 +1,96 @@
+/*
+ * Copyright 2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.integration.xml;
+
+import javax.xml.XMLConstants;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * The {@link TransformerFactory} configuration wrapper with some common settings.
+ * Copy of {@link org.springframework.xml.transform.TransformerFactoryUtils}, but with
+ * catching exception for unknown properties.
+ *
+ * @author Greg Turnquist
+ * @author Artem Bilan
+ *
+ * @since 4.3.21
+ */
+
+public final class TransformerFactoryUtils {
+
+	private static final Log LOG = LogFactory.getLog(TransformerFactoryUtils.class);
+
+	/**
+	 * Build a new {@link TransformerFactory} using the default constructor.
+	 */
+	public static TransformerFactory newInstance() {
+		return defaultSettings(TransformerFactory.newInstance());
+	}
+
+	/**
+	 * Build an {@link TransformerFactory} and prevent external entities from accessing.
+	 * @see TransformerFactory#newInstance()
+	 */
+	public static TransformerFactory newInstance(Class<? extends TransformerFactory> transformerFactoryClass) {
+		try {
+			return defaultSettings(transformerFactoryClass.newInstance());
+		}
+		catch (InstantiationException e) {
+			throw new TransformerFactoryConfigurationError(e,
+					"Could not instantiate TransformerFactory [" + transformerFactoryClass + "]");
+		}
+		catch (IllegalAccessException e) {
+			throw new TransformerFactoryConfigurationError(e,
+					"Could not instantiate TransformerFactory [" + transformerFactoryClass + "]");
+		}
+	}
+
+	/**
+	 * Prevent external entities from accessing.
+	 */
+	private static TransformerFactory defaultSettings(TransformerFactory factory) {
+		try {
+			factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+		}
+		catch (IllegalArgumentException e) {
+			if (LOG.isWarnEnabled()) {
+				LOG.warn(XMLConstants.ACCESS_EXTERNAL_DTD + " property not supported by " +
+						factory.getClass().getCanonicalName());
+			}
+		}
+
+		try {
+			factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+		}
+		catch (IllegalArgumentException e) {
+			if (LOG.isWarnEnabled()) {
+				LOG.warn(XMLConstants.ACCESS_EXTERNAL_STYLESHEET + " property not supported by " +
+						factory.getClass().getCanonicalName());
+			}
+		}
+
+		return factory;
+	}
+
+	private TransformerFactoryUtils() {
+	}
+
+}

spring-integration-xml/src/main/java/org/springframework/integration/xml/source/StringSourceFactory.java

@@ -26,12 +26,12 @@
 
 import org.w3c.dom.Document;
 
+import org.springframework.integration.xml.TransformerFactoryUtils;
 import org.springframework.messaging.MessagingException;
 import org.springframework.util.Assert;
 import org.springframework.util.FileCopyUtils;
 import org.springframework.xml.transform.StringResult;
 import org.springframework.xml.transform.StringSource;
-import org.springframework.xml.transform.TransformerFactoryUtils;
 
 /**
  * {@link SourceFactory} implementation which supports creation of a {@link StringSource}

spring-integration-xml/src/main/java/org/springframework/integration/xml/splitter/XPathMessageSplitter.java

@@ -44,6 +44,7 @@
 import org.springframework.integration.util.Function;
 import org.springframework.integration.util.FunctionIterator;
 import org.springframework.integration.xml.DefaultXmlPayloadConverter;
+import org.springframework.integration.xml.TransformerFactoryUtils;
 import org.springframework.integration.xml.XmlPayloadConverter;
 import org.springframework.messaging.Message;
 import org.springframework.messaging.MessageHandlingException;
@@ -52,7 +53,6 @@
 import org.springframework.xml.DocumentBuilderFactoryUtils;
 import org.springframework.xml.namespace.SimpleNamespaceContext;
 import org.springframework.xml.transform.StringResult;
-import org.springframework.xml.transform.TransformerFactoryUtils;
 import org.springframework.xml.xpath.XPathException;
 import org.springframework.xml.xpath.XPathExpression;
 import org.springframework.xml.xpath.XPathExpressionFactory;

spring-integration-xml/src/main/java/org/springframework/integration/xml/transformer/ResultToStringTransformer.java

@@ -26,10 +26,10 @@
 import javax.xml.transform.dom.DOMResult;
 import javax.xml.transform.dom.DOMSource;
 
+import org.springframework.integration.xml.TransformerFactoryUtils;
 import org.springframework.messaging.MessagingException;
 import org.springframework.util.Assert;
 import org.springframework.xml.transform.StringResult;
-import org.springframework.xml.transform.TransformerFactoryUtils;
 
 /**
  * Converts the passed {@link Result} to an instance of {@link String}.

spring-integration-xml/src/main/java/org/springframework/integration/xml/transformer/XsltPayloadTransformer.java

@@ -43,6 +43,7 @@
 import org.springframework.expression.Expression;
 import org.springframework.expression.spel.support.StandardEvaluationContext;
 import org.springframework.integration.expression.ExpressionUtils;
+import org.springframework.integration.xml.TransformerFactoryUtils;
 import org.springframework.integration.xml.result.DomResultFactory;
 import org.springframework.integration.xml.result.ResultFactory;
 import org.springframework.integration.xml.source.DomSourceFactory;
@@ -56,7 +57,6 @@
 import org.springframework.util.StringUtils;
 import org.springframework.xml.transform.StringResult;
 import org.springframework.xml.transform.StringSource;
-import org.springframework.xml.transform.TransformerFactoryUtils;
 
 /**
  * Thread safe XSLT transformer implementation which returns a transformed