Over a million developers have joined DZone.

Spotlight on GlassFish 4.1: #4 JAXP accessExternalSchema

· Java Zone

The Java Zone is brought to you by Stormpath—offering a pre-built Identity API for developers. On 11/3 at 10AM PT, join Stormpath Developer Evangelist, Micah Silverman, to dive deep into using JWTs to protect microservices from CSRF and more. Register here!

'Spotlight on GlassFish 4.1' is a series of posts by David Delabassee that highlights specific enhancements of the upcoming GlassFish 4.1 release. It could be a new feature, a fix, a behaviour change, a tip, etc.

#4 JAXP 1.5 accessExternalSchema
GlassFish 4.1 supports recent JDK versions (JDK 7 u65+ and JDK 8 u5+). Sometime, those newer JDKs might have some side effect as they bring new features too. 

For example, several properties have been introduced in JAXP 1.5 (JDK 7u40+ and JDK 8+). Properties which are used to set restrictions when JAXP is used to process untrusted XML contents. And by default, those restrictions are set!

GF 4.1 is configured to offer the behavior of GF 4.0 used with an older JAXP release (prior to JAXP 1.5), i.e. no restriction on schemas processing. So by default, a GF 4.1 domain.xml is configured with the following JVM option to allow all schemas to be processed: <jvm-options>-Djavax.xml.accessExternalSchema=all </jvm-options>
This configuration obviously assumes that your external XML content is trusted or at least sanitised by an XML firewall. This is applicable to JAXP 1.5 (and above).

Building Identity Management, including authentication and authorization? Try Stormpath! Our REST API and robust Java SDK support can eliminate your security risk and can be implemented in minutes. Sign up, and never build auth again!


Published at DZone with permission of Reza Rahman, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}