Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Spotlight on GlassFish 4.1: #4 JAXP accessExternalSchema

DZone's Guide to

Spotlight on GlassFish 4.1: #4 JAXP accessExternalSchema

· Java Zone ·
Free Resource

Get the Edge with a Professional Java IDE. 30-day free trial.

'Spotlight on GlassFish 4.1' is a series of posts by David Delabassee that highlights specific enhancements of the upcoming GlassFish 4.1 release. It could be a new feature, a fix, a behaviour change, a tip, etc.

#4 JAXP 1.5 accessExternalSchema
GlassFish 4.1 supports recent JDK versions (JDK 7 u65+ and JDK 8 u5+). Sometime, those newer JDKs might have some side effect as they bring new features too. 

For example, several properties have been introduced in JAXP 1.5 (JDK 7u40+ and JDK 8+). Properties which are used to set restrictions when JAXP is used to process untrusted XML contents. And by default, those restrictions are set!

GF 4.1 is configured to offer the behavior of GF 4.0 used with an older JAXP release (prior to JAXP 1.5), i.e. no restriction on schemas processing. So by default, a GF 4.1 domain.xml is configured with the following JVM option to allow all schemas to be processed:  <jvm-options>-Djavax.xml.accessExternalSchema=all </jvm-options>
This configuration obviously assumes that your external XML content is trusted or at least sanitised by an XML firewall. This is applicable to JAXP 1.5 (and above).

Get the Java IDE that understands code & makes developing enjoyable. Level up your code with IntelliJ IDEA. Download the free trial.

Topics:

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}